Make pkcs12 and smime applications seed random number
generator (otherwise they don't work) and add -rand option. Update docs.
This commit is contained in:
Dr. Stephen Henson
parent
07fc35519e
commit
d13e4eb0b5
4
CHANGES
4
CHANGES
@ -4,6 +4,10 @@
|
||||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
|
||||
|
||||
*) Add -rand argument to smime and pkcs12 applications and read/write
|
||||
of seed file.
|
||||
[Steve Henson]
|
||||
|
||||
*) New 'passwd' tool for crypt(3) and apr1 password hashes.
|
||||
[Bodo Moeller]
|
||||
|
||||
|
||||
@ -114,6 +114,7 @@ int MAIN(int argc, char **argv)
|
||||
STACK *canames = NULL;
|
||||
char *cpass = NULL, *mpass = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *inrand = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -170,6 +171,11 @@ int MAIN(int argc, char **argv)
|
||||
badarg = 1;
|
||||
}
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-rand")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
inrand = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-inkey")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -212,7 +218,7 @@ int MAIN(int argc, char **argv)
|
||||
if(!(passin= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
} else badarg = 1;
|
||||
@ -222,7 +228,7 @@ int MAIN(int argc, char **argv)
|
||||
if(!(passout= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
} else badarg = 1;
|
||||
@ -290,6 +296,9 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
|
||||
BIO_printf (bio_err, "-passout p output file pass phrase\n");
|
||||
BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
|
||||
BIO_printf(bio_err, "-rand file:file:...\n");
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -306,6 +315,12 @@ int MAIN(int argc, char **argv)
|
||||
mpass = macpass;
|
||||
}
|
||||
|
||||
if(export_cert || inrand) {
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
}
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
@ -558,6 +573,7 @@ int MAIN(int argc, char **argv)
|
||||
PKCS12_free(p12);
|
||||
ret = 0;
|
||||
end:
|
||||
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_remove_all_info();
|
||||
#endif
|
||||
|
||||
39
apps/smime.c
39
apps/smime.c
@ -102,7 +102,8 @@ int MAIN(int argc, char **argv)
|
||||
int flags = PKCS7_DETACHED;
|
||||
char *to = NULL, *from = NULL, *subject = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL, *passin = NULL;
|
||||
|
||||
char *inrand = NULL;
|
||||
int need_rand = 0;
|
||||
args = argv + 1;
|
||||
|
||||
ret = 1;
|
||||
@ -145,17 +146,27 @@ int MAIN(int argc, char **argv)
|
||||
flags |= PKCS7_BINARY;
|
||||
else if (!strcmp (*args, "-nosigs"))
|
||||
flags |= PKCS7_NOSIGS;
|
||||
else if (!strcmp(*argv,"-passin")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
else passin= *(++argv);
|
||||
else if (!strcmp(*args,"-rand")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
inrand = *args;
|
||||
} else badarg = 1;
|
||||
need_rand = 1;
|
||||
} else if (!strcmp(*args,"-passin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
passin = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp(*argv,"-envpassin")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
else if(!(passin= getenv(*(++argv)))) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if(!(passin= getenv(*args))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-to")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -220,6 +231,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "No signer certificate specified\n");
|
||||
badarg = 1;
|
||||
}
|
||||
need_rand = 1;
|
||||
} else if(operation == SMIME_DECRYPT) {
|
||||
if(!recipfile) {
|
||||
BIO_printf(bio_err, "No recipient certificate and key specified\n");
|
||||
@ -230,6 +242,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
|
||||
badarg = 1;
|
||||
}
|
||||
need_rand = 1;
|
||||
} else if(!operation) badarg = 1;
|
||||
|
||||
if (badarg) {
|
||||
@ -268,10 +281,20 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err, "-rand file:file:...\n");
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (need_rand) {
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
}
|
||||
|
||||
ret = 2;
|
||||
|
||||
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
|
||||
@ -499,6 +522,8 @@ end:
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_remove_all_info();
|
||||
#endif
|
||||
if (need_rand)
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
if(ret) ERR_print_errors(bio_err);
|
||||
sk_X509_pop_free(encerts, X509_free);
|
||||
sk_X509_pop_free(other, X509_free);
|
||||
|
||||
@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
|
||||
[B<-envpassin var>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-rand file(s)>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@ -253,6 +254,13 @@ option.
|
||||
This option is included for compatibility with previous versions, it used
|
||||
to be needed to use MAC iterations counts but they are now used by default.
|
||||
|
||||
=item B<-rand file(s)>
|
||||
|
||||
a file or files containing random data used to seed the random number
|
||||
generator. Multiple files can be specified separated by a OS-dependent
|
||||
character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
|
||||
B<,>. For all others, it's B<:>.
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -28,6 +28,7 @@ B<openssl> B<smime>
|
||||
[B<-from ad>]
|
||||
[B<-subject s>]
|
||||
[B<-text>]
|
||||
[B<-rand file(s)>]
|
||||
[cert.pem]...
|
||||
|
||||
=head1 DESCRIPTION
|
||||
@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the
|
||||
private key must be included in the certificate file specified with
|
||||
the B<-recip> or B<-signer> file.
|
||||
|
||||
=item B<-rand file(s)>
|
||||
|
||||
a file or files containing random data used to seed the random number
|
||||
generator. Multiple files can be specified separated by a OS-dependent
|
||||
character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
|
||||
B<,>. For all others, it's B<:>.
|
||||
|
||||
=item B<cert.pem...>
|
||||
|
||||
one or more certificates of message recipients: used when encrypting
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user