diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | apps/pkcs12.c | 20 | ||||
| -rw-r--r-- | apps/smime.c | 47 | ||||
| -rw-r--r-- | doc/apps/pkcs12.pod | 8 | ||||
| -rw-r--r-- | doc/apps/smime.pod | 8 |
5 files changed, 74 insertions, 13 deletions
@@ -4,6 +4,10 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Add -rand argument to smime and pkcs12 applications and read/write + of seed file. + [Steve Henson] + *) New 'passwd' tool for crypt(3) and apr1 password hashes. [Bodo Moeller] diff --git a/apps/pkcs12.c b/apps/pkcs12.c index a54555b467..7b12902948 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -114,6 +114,7 @@ int MAIN(int argc, char **argv) STACK *canames = NULL; char *cpass = NULL, *mpass = NULL; char *passin = NULL, *passout = NULL; + char *inrand = NULL; apps_startup(); @@ -170,6 +171,11 @@ int MAIN(int argc, char **argv) badarg = 1; } } else badarg = 1; + } else if (!strcmp (*args, "-rand")) { + if (args[1]) { + args++; + inrand = *args; + } else badarg = 1; } else if (!strcmp (*args, "-inkey")) { if (args[1]) { args++; @@ -212,7 +218,7 @@ int MAIN(int argc, char **argv) if(!(passin= getenv(*args))) { BIO_printf(bio_err, "Can't read environment variable %s\n", - *argv); + *args); badarg = 1; } } else badarg = 1; @@ -222,7 +228,7 @@ int MAIN(int argc, char **argv) if(!(passout= getenv(*args))) { BIO_printf(bio_err, "Can't read environment variable %s\n", - *argv); + *args); badarg = 1; } } else badarg = 1; @@ -290,6 +296,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n"); BIO_printf (bio_err, "-passout p output file pass phrase\n"); BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n"); + BIO_printf(bio_err, "-rand file:file:...\n"); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); goto end; } @@ -306,6 +315,12 @@ int MAIN(int argc, char **argv) mpass = macpass; } + if(export_cert || inrand) { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } ERR_load_crypto_strings(); #ifdef CRYPTO_MDEBUG @@ -558,6 +573,7 @@ int MAIN(int argc, char **argv) PKCS12_free(p12); ret = 0; end: + if(export_cert || inrand) app_RAND_write_file(NULL, bio_err); #ifdef CRYPTO_MDEBUG CRYPTO_remove_all_info(); #endif diff --git a/apps/smime.c b/apps/smime.c index 9c84841168..0d87960d69 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -102,7 +102,8 @@ int MAIN(int argc, char **argv) int flags = PKCS7_DETACHED; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL, *passin = NULL; - + char *inrand = NULL; + int need_rand = 0; args = argv + 1; ret = 1; @@ -145,17 +146,27 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; - else if (!strcmp(*argv,"-passin")) { - if (--argc < 1) badarg = 1; - else passin= *(++argv); + else if (!strcmp(*args,"-rand")) { + if (args[1]) { + args++; + inrand = *args; + } else badarg = 1; + need_rand = 1; + } else if (!strcmp(*args,"-passin")) { + if (args[1]) { + args++; + passin = *args; + } else badarg = 1; } else if (!strcmp(*argv,"-envpassin")) { - if (--argc < 1) badarg = 1; - else if(!(passin= getenv(*(++argv)))) { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badarg = 1; - } + if (args[1]) { + args++; + if(!(passin= getenv(*args))) { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *args); + badarg = 1; + } + } else badarg = 1; } else if (!strcmp (*args, "-to")) { if (args[1]) { args++; @@ -220,6 +231,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; } + need_rand = 1; } else if(operation == SMIME_DECRYPT) { if(!recipfile) { BIO_printf(bio_err, "No recipient certificate and key specified\n"); @@ -230,6 +242,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } + need_rand = 1; } else if(!operation) badarg = 1; if (badarg) { @@ -268,10 +281,20 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf(bio_err, "-rand file:file:...\n"); + BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); + BIO_printf(bio_err, " the random number generator\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; } + if (need_rand) { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + ret = 2; if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; @@ -499,6 +522,8 @@ end: #ifdef CRYPTO_MDEBUG CRYPTO_remove_all_info(); #endif + if (need_rand) + app_RAND_write_file(NULL, bio_err); if(ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 6a17b910b6..d8cace9d0a 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -41,6 +41,7 @@ B<openssl> B<pkcs12> [B<-envpassin var>] [B<-passout password>] [B<-envpassout var>] +[B<-rand file(s)>] =head1 DESCRIPTION @@ -253,6 +254,13 @@ option. This option is included for compatibility with previous versions, it used to be needed to use MAC iterations counts but they are now used by default. +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by a OS-dependent +character. For MS-Windows, the separator is B<;>. For OpenVMS, it's +B<,>. For all others, it's B<:>. + =back =head1 NOTES diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index b43fb6dc1b..79e070d6aa 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -28,6 +28,7 @@ B<openssl> B<smime> [B<-from ad>] [B<-subject s>] [B<-text>] +[B<-rand file(s)>] [cert.pem]... =head1 DESCRIPTION @@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by a OS-dependent +character. For MS-Windows, the separator is B<;>. For OpenVMS, it's +B<,>. For all others, it's B<:>. + =item B<cert.pem...> one or more certificates of message recipients: used when encrypting |