Allows PKCS#12 password to be placed on command line and add allow config

file name for 'ca' to come from the environment.
author: Dr. Stephen Henson <steve@openssl.org> 1999-05-08 12:59:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 1999-05-08 12:59:50 +0000
commit: e40b7abeed32f51f57e4578254aa1559762a8ea2 (patch)
tree: ba10e1d031a321c1023aee388ff255c70d987890 /apps
parent: 7e797a06c3eeac137eeb2e5743a7982bb5636841 (diff)
2 files changed, 36 insertions, 7 deletions
diff --git a/apps/ca.c b/apps/ca.c
index efcd817311..323eb8525f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -390,6 +390,8 @@ bad:
 	ERR_load_crypto_strings();
 
 	/*****************************************************************/
+	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
 		/* We will just use 'buf[0]' as a temporary buffer.  */
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index b056b84172..ab600624d1 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -105,7 +105,9 @@ int MAIN(int argc, char **argv)
     int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
     int ret = 1;
     int macver = 1;
+    int noprompt = 0;
     STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
 
     apps_startup();
 
@@ -170,6 +172,22 @@ int MAIN(int argc, char **argv)
 			args++;	
 			outfile = *args;
 		    } else badarg = 1;
+		} else if (!strcmp (*args, "-envpass")) {
+		    if (args[1]) {
+			args++;	
+			if(!(cpass = getenv(*args))) {
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n", *args);
+				goto end;
+			}
+			noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			cpass = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
 		} else badarg = 1;
 
 	} else badarg = 1;
@@ -206,9 +224,17 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
 	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
 	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
+	BIO_printf (bio_err, "-envpass p    set import/export password from environment\n");
     	goto end;
     }
 
+    if(cpass) mpass = cpass;
+    else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
     ERR_load_crypto_strings();
 
     in = BIO_new (BIO_s_file());
@@ -344,13 +370,14 @@ if (export_cert) {
 
 	if (canames) sk_free(canames);
 
-	if(EVP_read_pw_string (pass, 50, "Enter Export Password:", 1)) {
+	if(!noprompt &&
+		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto end;
         }
 	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
-	authsafe = PKCS12_pack_p7encdata (cert_pbe, pass, -1, NULL, 0,
+	authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
 	sk_pop_free(bags, PKCS12_SAFEBAG_free);
 
@@ -367,7 +394,7 @@ if (export_cert) {
 	EVP_PKEY_free(key);
 	if(keytype) PKCS8_add_keyusage(p8, keytype);
 	bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-			pass, -1, NULL, 0, iter, p8);
+			cpass, -1, NULL, 0, iter, p8);
 	PKCS8_PRIV_KEY_INFO_free(p8);
         if (name) PKCS12_add_friendlyname (bag, name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
@@ -384,7 +411,7 @@ if (export_cert) {
 
 	sk_pop_free(safes, PKCS7_free);
 
-	PKCS12_set_mac (p12, macpass, -1, NULL, 0, maciter, NULL);
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
 
 	i2d_PKCS12_bio (out, p12);
 
@@ -400,7 +427,7 @@ if (export_cert) {
 	goto end;
     }
 
-    if(EVP_read_pw_string (pass, 50, "Enter Import Password:", 0)) {
+    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
 	BIO_printf (bio_err, "Can't read Password\n");
 	goto end;
     }
@@ -409,14 +436,14 @@ if (export_cert) {
 
     if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
-	if (!PKCS12_verify_mac (p12, macpass, -1)) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
 	} else BIO_printf (bio_err, "MAC verified OK\n");
     }
 
-    if (!dump_certs_keys_p12 (out, p12, pass, -1, options)) {
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
 	BIO_printf(bio_err, "Error outputting keys and certificates\n");
 	ERR_print_errors (bio_err);
 	goto end;
author	Dr. Stephen Henson <steve@openssl.org>	1999-05-08 12:59:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	1999-05-08 12:59:50 +0000
commit	e40b7abeed32f51f57e4578254aa1559762a8ea2 (patch)
tree	ba10e1d031a321c1023aee388ff255c70d987890 /apps
parent	7e797a06c3eeac137eeb2e5743a7982bb5636841 (diff)