diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-12-24 23:53:57 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-12-24 23:53:57 +0000 |
commit | 36217a942488852b616974e168a6ff0fecfb02fa (patch) | |
tree | 416a573e7d641b0209f7479c93070cc5365de039 /apps | |
parent | 12aefe78f0aec57159e396b5fd8f71644a76b631 (diff) | |
download | openssl-36217a942488852b616974e168a6ff0fecfb02fa.tar.gz |
Allow passwords to be included on command line for a few
more utilities.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/apps.c | 11 | ||||
-rw-r--r-- | apps/apps.h | 1 | ||||
-rw-r--r-- | apps/ca.c | 9 | ||||
-rw-r--r-- | apps/dsa.c | 14 | ||||
-rw-r--r-- | apps/openssl.cnf | 7 | ||||
-rw-r--r-- | apps/req.c | 46 | ||||
-rw-r--r-- | apps/rsa.c | 14 | ||||
-rw-r--r-- | apps/smime.c | 25 | ||||
-rw-r--r-- | apps/x509.c | 32 |
9 files changed, 102 insertions, 57 deletions
diff --git a/apps/apps.c b/apps/apps.c index 4e3f32d07a..68331084ab 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -325,17 +325,6 @@ int app_init(long mesgwin) } #endif -int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key) - { - int i; - - if (key == NULL) return(0); - i=strlen(key); - i=(i > len)?len:i; - memcpy(buf,key,i); - return(i); - } - int dump_cert_text (BIO *out, X509 *x) { char buf[256]; diff --git a/apps/apps.h b/apps/apps.h index d4c88ab42d..793126da02 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -143,7 +143,6 @@ int args_from_file(char *file, int *argc, char **argv[]); int str2fmt(char *s); void program_name(char *in,char *out,int size); int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); -int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u); #ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); #endif @@ -528,13 +528,8 @@ bad: BIO_printf(bio_err,"trying to load CA private key\n"); goto err; } - if (key == NULL) - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); - else - { - pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key); - memset(key,0,strlen(key)); - } + pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key); + if(key) memset(key,0,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); diff --git a/apps/dsa.c b/apps/dsa.c index a5ff647252..94f71b5be8 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -236,11 +236,7 @@ bad: else dsa=d2i_DSAPrivateKey_bio(in,NULL); } else if (informat == FORMAT_PEM) { if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); - else { - if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL, - key_cb,passin); - else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); - } + else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin); } else { BIO_printf(bio_err,"bad input format specified for key\n"); @@ -287,12 +283,8 @@ bad: } else if (outformat == FORMAT_PEM) { if(pubin || pubout) i=PEM_write_bio_DSA_PUBKEY(out,dsa); - else { - if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, - NULL,0,key_cb, passout); - i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0, - NULL,NULL); - } + else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, + NULL,0,PEM_cb, passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 33b0866f43..907032900e 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -3,6 +3,9 @@ # This is mostly being used for generation of certificate requests. # +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . RANDFILE = $ENV::HOME/.rnd oid_file = $ENV::HOME/.oid oid_section = new_oids @@ -86,6 +89,10 @@ distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + # This sets the permitted types in a DirectoryString. There are several # options. # default: PrintableString, T61String, BMPString. diff --git a/apps/req.c b/apps/req.c index 75f2b853ed..24e666f0dc 100644 --- a/apps/req.c +++ b/apps/req.c @@ -146,6 +146,7 @@ int MAIN(int argc, char **argv) char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; + char *passin = NULL, *passout = NULL; char *p; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); #ifndef MONOLITH @@ -217,6 +218,39 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; keyout= *(++argv); } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passin= *(++argv); + } + else if (strcmp(*argv,"-envpassin") == 0) + { + if (--argc < 1) goto bad; + if(!(passin= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + } + else if (strcmp(*argv,"-envpassout") == 0) + { + if (--argc < 1) goto bad; + if(!(passout= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + argv++; + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passout= *(++argv); + } else if (strcmp(*argv,"-newkey") == 0) { int is_numeric; @@ -452,6 +486,12 @@ bad: } } + if(!passin) + passin = CONF_get_string(req_conf, SECTION, "input_password"); + + if(!passout) + passout = CONF_get_string(req_conf, SECTION, "output_password"); + p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE); if(p && !ASN1_STRING_set_default_mask_asc(p)) { @@ -491,7 +531,9 @@ bad: rsa=d2i_RSAPrivateKey_bio(in,NULL); else */ if (keyform == FORMAT_PEM) - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); + { + pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin); + } else { BIO_printf(bio_err,"bad input format specified for X509 request\n"); @@ -579,7 +621,7 @@ bad: i=0; loop: if (!PEM_write_bio_PrivateKey(out,pkey,cipher, - NULL,0,NULL,NULL)) + NULL,0,PEM_cb,passout)) { if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) diff --git a/apps/rsa.c b/apps/rsa.c index 219bdd65d6..684252cc1d 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -278,11 +278,7 @@ bad: #endif else if (informat == FORMAT_PEM) { if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL); - else { - if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL, - key_cb,passin); - else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); - } + else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin); } else { @@ -381,12 +377,8 @@ bad: else if (outformat == FORMAT_PEM) { if(pubout || pubin) i=PEM_write_bio_RSA_PUBKEY(out,rsa); - else { - if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa, - enc,NULL,0,key_cb,passout); - else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL, - 0,NULL,NULL); - } + else i=PEM_write_bio_RSAPrivateKey(out,rsa, + enc,NULL,0,PEM_cb,passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; diff --git a/apps/smime.c b/apps/smime.c index 882838c66f..6c15dcfb6e 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -60,14 +60,14 @@ #include <stdio.h> #include <string.h> +#include "apps.h" #include <openssl/pem.h> #include <openssl/err.h> -#include "apps.h" #undef PROG #define PROG smime_main static X509 *load_cert(char *file); -static EVP_PKEY *load_key(char *file); +static EVP_PKEY *load_key(char *file, char *pass); static STACK_OF(X509) *load_certs(char *file); static X509_STORE *setup_verify(char *CAfile, char *CApath); static int save_certs(char *signerfile, STACK_OF(X509) *signers); @@ -98,7 +98,7 @@ int MAIN(int argc, char **argv) int badarg = 0; int flags = PKCS7_DETACHED; char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL; + char *CAfile = NULL, *CApath = NULL, *passin = NULL; args = argv + 1; @@ -138,7 +138,18 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; - else if (!strcmp (*args, "-to")) { + else if (!strcmp(*argv,"-passin")) { + if (--argc < 1) badarg = 1; + else passin= *(++argv); + } else if (!strcmp(*argv,"-envpassin")) { + if (--argc < 1) badarg = 1; + else if(!(passin= getenv(*(++argv)))) { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badarg = 1; + } + } else if (!strcmp (*args, "-to")) { if (args[1]) { args++; to = *args; @@ -303,7 +314,7 @@ int MAIN(int argc, char **argv) } else keyfile = NULL; if(keyfile) { - if(!(key = load_key(keyfile))) { + if(!(key = load_key(keyfile, passin))) { BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); ERR_print_errors(bio_err); goto end; @@ -405,12 +416,12 @@ static X509 *load_cert(char *file) return cert; } -static EVP_PKEY *load_key(char *file) +static EVP_PKEY *load_key(char *file, char *pass) { BIO *in; EVP_PKEY *key; if(!(in = BIO_new_file(file, "r"))) return NULL; - key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL); + key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass); BIO_free(in); return key; } diff --git a/apps/x509.c b/apps/x509.c index 0ed5ef1d03..797ee39c7e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -92,6 +92,8 @@ static char *x509_usage[]={ " -CAkeyform arg - CA key format - default PEM\n", " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", +" -passin arg - private key password\n", +" -envpassin arg - read private key password from encvironment variable \"arg\"\n", " -serial - print serial number value\n", " -hash - print hash value\n", " -subject - print subject DN\n", @@ -129,7 +131,7 @@ NULL }; static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); -static EVP_PKEY *load_key(char *file, int format); +static EVP_PKEY *load_key(char *file, int format, char *passin); static X509 *load_cert(char *file, int format); static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest, LHASH *conf, char *section); @@ -166,7 +168,7 @@ int MAIN(int argc, char **argv) char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); LHASH *extconf = NULL; - char *extsect = NULL, *extfile = NULL; + char *extsect = NULL, *extfile = NULL, *passin = NULL; int need_rand = 0; reqfile=0; @@ -232,6 +234,22 @@ int MAIN(int argc, char **argv) goto bad; } } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passin= *(++argv); + } + else if (strcmp(*argv,"-envpassin") == 0) + { + if (--argc < 1) goto bad; + if(!(passin= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + } else if (strcmp(*argv,"-extfile") == 0) { if (--argc < 1) goto bad; @@ -751,7 +769,7 @@ bad: BIO_printf(bio_err,"Getting Private key\n"); if (Upkey == NULL) { - Upkey=load_key(keyfile,keyformat); + Upkey=load_key(keyfile,keyformat, passin); if (Upkey == NULL) goto end; } #ifndef NO_DSA @@ -768,7 +786,7 @@ bad: BIO_printf(bio_err,"Getting CA Private Key\n"); if (CAkeyfile != NULL) { - CApkey=load_key(CAkeyfile,CAkeyformat); + CApkey=load_key(CAkeyfile,CAkeyformat, passin); if (CApkey == NULL) goto end; } #ifndef NO_DSA @@ -794,7 +812,7 @@ bad: } else { - pk=load_key(keyfile,FORMAT_PEM); + pk=load_key(keyfile,FORMAT_PEM, passin); if (pk == NULL) goto end; } @@ -1049,7 +1067,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) } } -static EVP_PKEY *load_key(char *file, int format) +static EVP_PKEY *load_key(char *file, int format, char *passin) { BIO *key=NULL; EVP_PKEY *pkey=NULL; @@ -1088,7 +1106,7 @@ static EVP_PKEY *load_key(char *file, int format) #endif if (format == FORMAT_PEM) { - pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL); + pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin); } else { |