diff options
| -rw-r--r-- | CHANGES | 8 | ||||
| -rw-r--r-- | apps/apps.c | 76 | ||||
| -rw-r--r-- | apps/apps.h | 3 | ||||
| -rw-r--r-- | apps/ca.c | 2 | ||||
| -rw-r--r-- | apps/dsa.c | 50 | ||||
| -rw-r--r-- | apps/gendsa.c | 24 | ||||
| -rw-r--r-- | apps/genrsa.c | 27 | ||||
| -rw-r--r-- | apps/pkcs12.c | 63 | ||||
| -rw-r--r-- | apps/pkcs8.c | 44 | ||||
| -rw-r--r-- | apps/req.c | 38 | ||||
| -rw-r--r-- | apps/rsa.c | 50 | ||||
| -rw-r--r-- | apps/smime.c | 23 | ||||
| -rw-r--r-- | apps/spkac.c | 26 | ||||
| -rw-r--r-- | apps/x509.c | 26 | ||||
| -rw-r--r-- | crypto/asn1/asn1_lib.c | 2 | ||||
| -rw-r--r-- | crypto/pem/pem.h | 3 | ||||
| -rw-r--r-- | crypto/pem/pem_lib.c | 24 | ||||
| -rw-r--r-- | doc/apps/dsa.pod | 26 | ||||
| -rw-r--r-- | doc/apps/genrsa.pod | 22 | ||||
| -rw-r--r-- | doc/apps/openssl.pod | 43 | ||||
| -rw-r--r-- | doc/apps/pkcs12.pod | 51 | ||||
| -rw-r--r-- | doc/apps/pkcs8.pod | 26 | ||||
| -rw-r--r-- | doc/apps/req.pod | 30 | ||||
| -rw-r--r-- | doc/apps/rsa.pod | 24 | ||||
| -rw-r--r-- | doc/apps/spkac.pod | 13 |
25 files changed, 334 insertions, 390 deletions
@@ -4,6 +4,14 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Reorganise password command line arguments: now passwords can be + obtained from various sources. Delete the PEM_cb function and make + it the default behaviour: i.e. if the callback is NULL and the + usrdata argument is not NULL interpret it as a null terminated pass + phrase. If usrdata and the callback are NULL then the pass phrase + is prompted for as usual. + [Steve Henson] + *) Add support for the Compaq Atalla crypto accelerator. If it is installed, the support is automatically enabled. The resulting binaries will autodetect the card and use it if present. diff --git a/apps/apps.c b/apps/apps.c index 68331084ab..a87d23bf33 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -325,6 +325,7 @@ int app_init(long mesgwin) } #endif + int dump_cert_text (BIO *out, X509 *x) { char buf[256]; @@ -338,3 +339,78 @@ int dump_cert_text (BIO *out, X509 *x) BIO_puts(out,"\n"); return 0; } + +static char *app_get_pass(BIO *err, char *arg, int keepbio); + +int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) +{ + int same; + if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0; + else same = 1; + if(arg1) { + *pass1 = app_get_pass(err, arg1, same); + if(!*pass1) return 0; + } else if(pass1) *pass1 = NULL; + if(arg2) { + *pass2 = app_get_pass(err, arg2, same ? 2 : 0); + if(!*pass2) return 0; + } else if(pass2) *pass2 = NULL; + return 1; +} + +static char *app_get_pass(BIO *err, char *arg, int keepbio) +{ + char *tmp, tpass[APP_PASS_LEN]; + static BIO *pwdbio = NULL; + int i; + if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5); + if(!strncmp(arg, "env:", 4)) { + tmp = getenv(arg + 4); + if(!tmp) { + BIO_printf(err, "Can't read environment variable %s\n", arg + 4); + return NULL; + } + return BUF_strdup(tmp); + } + if(!keepbio || !pwdbio) { + if(!strncmp(arg, "file:", 5)) { + pwdbio = BIO_new_file(arg + 5, "r"); + if(!pwdbio) { + BIO_printf(err, "Can't open file %s\n", arg + 5); + return NULL; + } + } else if(!strncmp(arg, "fd:", 3)) { + BIO *btmp; + i = atoi(arg + 3); + if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE); + if((i < 0) || !pwdbio) { + BIO_printf(err, "Can't access file descriptor %s\n", arg + 3); + return NULL; + } + /* Can't do BIO_gets on an fd BIO so add a buffering BIO */ + btmp = BIO_new(BIO_f_buffer()); + pwdbio = BIO_push(btmp, pwdbio); + } else if(!strcmp(arg, "stdin")) { + pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE); + if(!pwdbio) { + BIO_printf(err, "Can't open BIO for stdin\n"); + return NULL; + } + } else { + BIO_printf(err, "Invalid password argument \"%s\"\n", arg); + return NULL; + } + } + i = BIO_gets(pwdbio, tpass, APP_PASS_LEN); + if(keepbio != 1) { + BIO_free_all(pwdbio); + pwdbio = NULL; + } + if(i <= 0) { + BIO_printf(err, "Error reading password from BIO\n"); + return NULL; + } + tmp = strchr(tpass, '\n'); + if(tmp) *tmp = 0; + return BUF_strdup(tpass); +} diff --git a/apps/apps.h b/apps/apps.h index d2da5d196d..2dcdb88c43 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -145,10 +145,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); #ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); #endif +int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 #define FORMAT_TEXT 2 #define FORMAT_PEM 3 #define FORMAT_NETSCAPE 4 +#define APP_PASS_LEN 1024 + #endif @@ -533,7 +533,7 @@ bad: BIO_printf(bio_err,"trying to load CA private key\n"); goto err; } - pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key); + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); if(key) memset(key,0,strlen(key)); if (pkey == NULL) { diff --git a/apps/dsa.c b/apps/dsa.c index a94bc95058..4977671b8a 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -95,6 +95,7 @@ int MAIN(int argc, char **argv) int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; + char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -137,34 +138,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; - passin= *(++argv); - } - else if (strcmp(*argv,"-envpassin") == 0) - { - if (--argc < 1) goto bad; - if(!(passin= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } - } - else if (strcmp(*argv,"-envpassout") == 0) - { - if (--argc < 1) goto bad; - if(!(passout= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } + passargin= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; - passout= *(++argv); + passargout= *(++argv); } else if (strcmp(*argv,"-noout") == 0) noout=1; @@ -194,11 +173,9 @@ bad: BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -passin arg input file pass phrase\n"); - BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -passout arg output file pass phrase\n"); - BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n"); + BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA @@ -212,6 +189,11 @@ bad: ERR_load_crypto_strings(); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -237,7 +219,7 @@ bad: else dsa=d2i_DSAPrivateKey_bio(in,NULL); } else if (informat == FORMAT_PEM) { if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); - else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin); + else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin); } else { BIO_printf(bio_err,"bad input format specified for key\n"); @@ -285,7 +267,7 @@ bad: if(pubin || pubout) i=PEM_write_bio_DSA_PUBKEY(out,dsa); else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, - NULL,0,PEM_cb, passout); + NULL,0,NULL, passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; @@ -298,9 +280,11 @@ bad: else ret=0; end: - if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free(out); - if (dsa != NULL) DSA_free(dsa); + if(in != NULL) BIO_free(in); + if(out != NULL) BIO_free(out); + if(dsa != NULL) DSA_free(dsa); + if(passin) Free(passin); + if(passout) Free(passout); EXIT(ret); } #endif diff --git a/apps/gendsa.c b/apps/gendsa.c index 805f114516..d69a93da45 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -81,7 +81,7 @@ int MAIN(int argc, char **argv) int ret=1; char *outfile=NULL; char *inrand=NULL,*dsaparams=NULL; - char *passout = NULL; + char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; EVP_CIPHER *enc=NULL; @@ -101,21 +101,10 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } - else if (strcmp(*argv,"-envpassout") == 0) - { - if (--argc < 1) goto bad; - if(!(passout= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - goto bad; - } - } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; - passout= *(++argv); + passargout= *(++argv); } else if (strcmp(*argv,"-rand") == 0) { @@ -164,6 +153,12 @@ bad: goto end; } + if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); if (!(BIO_read_filename(in,dsaparams))) { @@ -207,7 +202,7 @@ bad: app_RAND_write_file(NULL, bio_err); - if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,PEM_cb, passout)) + if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) goto end; ret=0; end: @@ -216,6 +211,7 @@ end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free(out); if (dsa != NULL) DSA_free(dsa); + if(passout) Free(passout); EXIT(ret); } #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index a20cd30092..dc63ff02bd 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -87,7 +87,7 @@ int MAIN(int argc, char **argv) EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; - char *passout = NULL; + char *passargout = NULL, *passout = NULL; char *inrand=NULL; BIO *out=NULL; @@ -131,21 +131,10 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif - else if (strcmp(*argv,"-envpassout") == 0) - { - if (--argc < 1) goto bad; - if(!(passout= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - goto bad; - } - } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; - passout= *(++argv); + passargout= *(++argv); } else break; @@ -162,8 +151,7 @@ bad: BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); - BIO_printf(bio_err," -passout arg output file pass phrase\n"); - BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n"); + BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); BIO_printf(bio_err," -rand file:file:...\n"); @@ -173,6 +161,12 @@ bad: } ERR_load_crypto_strings(); + + if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { + BIO_printf(bio_err, "Error getting password\n"); + goto err; + } + if (outfile == NULL) BIO_set_fp(out,stdout,BIO_NOCLOSE); else @@ -212,13 +206,14 @@ bad: l+=rsa->e->d[i]; } BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); - if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,PEM_cb, passout)) + if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout)) goto err; ret=0; err: if (rsa != NULL) RSA_free(rsa); if (out != NULL) BIO_free(out); + if(passout) Free(passout); if (ret != 0) ERR_print_errors(bio_err); EXIT(ret); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 7b12902948..aefad61e15 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -113,6 +113,7 @@ int MAIN(int argc, char **argv) int noprompt = 0; STACK *canames = NULL; char *cpass = NULL, *mpass = NULL; + char *passargin = NULL, *passargout = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL; char *inrand = NULL; @@ -210,46 +211,17 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; - passin = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-envpassin")) { - if (args[1]) { - args++; - if(!(passin= getenv(*args))) { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *args); - badarg = 1; - } - } else badarg = 1; - } else if (!strcmp(*args,"-envpassout")) { - if (args[1]) { - args++; - if(!(passout= getenv(*args))) { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *args); - badarg = 1; - } + passargin = *args; } else badarg = 1; } else if (!strcmp(*args,"-passout")) { if (args[1]) { args++; - passout = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-envpass")) { - if (args[1]) { - args++; - if(!(cpass = getenv(*args))) { - BIO_printf(bio_err, - "Can't read environment variable %s\n", *args); - goto end; - } + passargout = *args; } else badarg = 1; } else if (!strcmp (*args, "-password")) { if (args[1]) { args++; - cpass = *args; + passarg = *args; noprompt = 1; } else badarg = 1; } else badarg = 1; @@ -290,18 +262,25 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); BIO_printf (bio_err, "-keyex set MS key exchange type\n"); BIO_printf (bio_err, "-keysig set MS key signature type\n"); - BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n"); - BIO_printf (bio_err, "-envpass p set import/export password from environment\n"); - BIO_printf (bio_err, "-passin p input file pass phrase\n"); - BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n"); - BIO_printf (bio_err, "-passout p output file pass phrase\n"); - BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n"); + BIO_printf (bio_err, "-password p set import/export password source\n"); + BIO_printf (bio_err, "-passin p input file pass phrase source\n"); + BIO_printf (bio_err, "-passout p output file pass phrase source\n"); BIO_printf(bio_err, "-rand file:file:...\n"); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } + if(passarg) { + if(export_cert) passargout = passarg; + else passargin = passarg; + } + + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + if(!cpass) { if(export_cert) cpass = passout; else cpass = passin; @@ -395,7 +374,7 @@ int MAIN(int argc, char **argv) #ifdef CRYPTO_MDEBUG CRYPTO_push_info("process -export_cert"); #endif - key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, PEM_cb, passin); + key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin); if (!inkey) (void) BIO_reset(in); else BIO_free(inkey); if (!key) { @@ -579,6 +558,8 @@ int MAIN(int argc, char **argv) #endif BIO_free(in); BIO_free(out); + if(passin) Free(passin); + if(passout) Free(passout); EXIT(ret); } @@ -643,7 +624,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, p8 = bag->value.keybag; if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; print_attribs (out, p8->attributes, "Key Attributes"); - PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; @@ -659,7 +640,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, if (!(pkey = EVP_PKCS82PKEY (p8))) return 0; print_attribs (out, p8->attributes, "Key Attributes"); PKCS8_PRIV_KEY_INFO_free(p8); - PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass); + PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index e3fa7d4bad..9c031956c5 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -71,6 +71,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { char **args, *infile = NULL, *outfile = NULL; + char *passargin = NULL, *passargout = NULL; BIO *in = NULL, *out = NULL; int topk8 = 0; int pbe_nid = -1; @@ -130,34 +131,12 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-passin")) { if (!args[1]) goto bad; - passin= *(++args); - } - else if (!strcmp(*args,"-envpassin")) - { - if (!args[1]) goto bad; - if(!(passin= getenv(*(++args)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *args); - badarg = 1; - } - } - else if (strcmp(*args,"-envpassout") == 0) - { - if (!args[1]) goto bad; - if(!(passout= getenv(*(++args)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *args); - badarg = 1; - } + passargin= *(++args); } else if (!strcmp(*args,"-passout")) { if (!args[1]) goto bad; - passout= *(++args); + passargout= *(++args); } else if (!strcmp (*args, "-in")) { if (args[1]) { @@ -179,12 +158,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); - BIO_printf(bio_err, "-passin arg input file pass phrase\n"); - BIO_printf(bio_err, "-envpassin arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, "-passout arg output file pass phrase\n"); - BIO_printf(bio_err, "-envpassout arg environment variable containing outut file pass phrase\n"); + BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); BIO_printf(bio_err, "-topk8 output PKCS8 file\n"); BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n"); BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n"); @@ -196,6 +173,11 @@ int MAIN(int argc, char **argv) return (1); } + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + return (1); + } + if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; if (infile) { @@ -216,7 +198,7 @@ int MAIN(int argc, char **argv) if (topk8) { if(informat == FORMAT_PEM) - pkey = PEM_read_bio_PrivateKey(in, NULL, PEM_cb, passin); + pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin); else if(informat == FORMAT_ASN1) pkey = d2i_PrivateKey_bio(in, NULL); else { @@ -339,7 +321,7 @@ int MAIN(int argc, char **argv) PKCS8_PRIV_KEY_INFO_free(p8inf); if(outformat == FORMAT_PEM) - PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, PEM_cb, passout); + PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); else if(outformat == FORMAT_ASN1) i2d_PrivateKey_bio(out, pkey); else { @@ -350,6 +332,8 @@ int MAIN(int argc, char **argv) EVP_PKEY_free(pkey); BIO_free(out); BIO_free(in); + if(passin) Free(passin); + if(passout) Free(passout); return (0); } diff --git a/apps/req.c b/apps/req.c index 14e8ef5a4f..07a47c607f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -156,6 +156,7 @@ int MAIN(int argc, char **argv) char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; + char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *p; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); @@ -231,34 +232,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; - passin= *(++argv); - } - else if (strcmp(*argv,"-envpassin") == 0) - { - if (--argc < 1) goto bad; - if(!(passin= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } - } - else if (strcmp(*argv,"-envpassout") == 0) - { - if (--argc < 1) goto bad; - if(!(passout= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } + passargin= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; - passout= *(++argv); + passargout= *(++argv); } else if (strcmp(*argv,"-newkey") == 0) { @@ -401,13 +380,16 @@ bad: BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); BIO_printf(bio_err," have been reported as requiring\n"); - BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n"); BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); goto end; } ERR_load_crypto_strings(); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } #ifndef MONOLITH /* else this has happened in openssl.c (global `config') */ /* Lets load up our environment a little */ @@ -540,7 +522,7 @@ bad: pkey=d2i_PrivateKey_bio(in,NULL); else if (keyform == FORMAT_PEM) { - pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin); + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); } else { @@ -629,7 +611,7 @@ bad: i=0; loop: if (!PEM_write_bio_PrivateKey(out,pkey,cipher, - NULL,0,PEM_cb,passout)) + NULL,0,NULL,passout)) { if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) @@ -892,6 +874,8 @@ end: EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); + if(passin) Free(passin); + if(passout) Free(passout); OBJ_cleanup(); #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); diff --git a/apps/rsa.c b/apps/rsa.c index 879b7ab522..53d234ca35 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -98,6 +98,7 @@ int MAIN(int argc, char **argv) int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; + char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -140,34 +141,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; - passin= *(++argv); - } - else if (strcmp(*argv,"-envpassin") == 0) - { - if (--argc < 1) goto bad; - if(!(passin= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } - } - else if (strcmp(*argv,"-envpassout") == 0) - { - if (--argc < 1) goto bad; - if(!(passout= getenv(*(++argv)))) - { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *argv); - badops = 1; - } + passargin= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; - passout= *(++argv); + passargout= *(++argv); } else if (strcmp(*argv,"-pubin") == 0) pubin=1; @@ -199,12 +178,10 @@ bad: BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -passin arg input file pass phrase\n"); - BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -passout arg output file pass phrase\n"); - BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n"); + BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA @@ -221,6 +198,11 @@ bad: ERR_load_crypto_strings(); + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + if(check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; @@ -279,7 +261,7 @@ bad: #endif else if (informat == FORMAT_PEM) { if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL); - else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin); + else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin); } else { @@ -379,7 +361,7 @@ bad: if(pubout || pubin) i=PEM_write_bio_RSA_PUBKEY(out,rsa); else i=PEM_write_bio_RSAPrivateKey(out,rsa, - enc,NULL,0,PEM_cb,passout); + enc,NULL,0,NULL,passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; @@ -392,9 +374,11 @@ bad: else ret=0; end: - if (in != NULL) BIO_free(in); - if (out != NULL) BIO_free(out); - if (rsa != NULL) RSA_free(rsa); + if(in != NULL) BIO_free(in); + if(out != NULL) BIO_free(out); + if(rsa != NULL) RSA_free(rsa); + if(passin) Free(passin); + if(passout) Free(passout); EXIT(ret); } #else /* !NO_RSA */ diff --git a/apps/smime.c b/apps/smime.c index 0d87960d69..c7426cc98b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -101,7 +101,8 @@ int MAIN(int argc, char **argv) int badarg = 0; int flags = PKCS7_DETACHED; char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL, *passin = NULL; + char *CAfile = NULL, *CApath = NULL; + char *passargin = NULL, *passin = NULL; char *inrand = NULL; int need_rand = 0; args = argv + 1; @@ -155,17 +156,7 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; - passin = *args; - } else badarg = 1; - } else if (!strcmp(*argv,"-envpassin")) { - if (args[1]) { - args++; - if(!(passin= getenv(*args))) { - BIO_printf(bio_err, - "Can't read environment variable %s\n", - *args); - badarg = 1; - } + passargin = *args; } else badarg = 1; } else if (!strcmp (*args, "-to")) { if (args[1]) { @@ -288,6 +279,11 @@ int MAIN(int argc, char **argv) goto end; } + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) @@ -536,6 +532,7 @@ end: BIO_free(in); BIO_free(indata); BIO_free(out); + if(passin) Free(passin); return (ret); } @@ -554,7 +551,7 @@ static EVP_PKEY *load_key(char *file, char *pass) BIO *in; EVP_PKEY *key; if(!(in = BIO_new_file(file, "r"))) return NULL; - key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass); + key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass); BIO_free(in); return key; } diff --git a/apps/spkac.c b/apps/spkac.c index e26a95d0fc..b35354a |