diff options
-rw-r--r-- | apps/apps.c | 121 | ||||
-rw-r--r-- | apps/apps.h | 22 | ||||
-rw-r--r-- | apps/ca.c | 28 | ||||
-rw-r--r-- | apps/dgst.c | 49 | ||||
-rw-r--r-- | apps/ocsp.c | 21 | ||||
-rw-r--r-- | apps/req.c | 38 | ||||
-rw-r--r-- | apps/rsautl.c | 10 | ||||
-rw-r--r-- | apps/smime.c | 36 | ||||
-rw-r--r-- | apps/x509.c | 12 |
9 files changed, 183 insertions, 154 deletions
diff --git a/apps/apps.c b/apps/apps.c index 4aeabdfa38..659a3ad7fd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -369,6 +369,57 @@ int dump_cert_text (BIO *out, X509 *x) return 0; } +int password_callback(char *buf, int bufsiz, int verify, + PW_CB_DATA *cb_data) + { + int i,j; + char prompt[80]; + const char *prompt_info = NULL; + const char *password = NULL; + + if (cb_data) + { + if (cb_data->password) + password = cb_data->password; + if (cb_data->prompt_info) + prompt_info = cb_data->prompt_info; + } + + if(password) { + i=strlen(password); + i=(i > bufsiz)?bufsiz:i; + memcpy(buf,password,i); + return(i); + } + + if (EVP_get_pw_prompt()) + BIO_snprintf(prompt, sizeof(prompt)-1, EVP_get_pw_prompt(), + prompt_info ? prompt_info : ""); + else + BIO_snprintf(prompt, sizeof(prompt)-1, + "Enter pass phrase for %s:", + prompt_info ? prompt_info : ""); + + for (;;) + { + i=EVP_read_pw_string(buf,bufsiz,prompt,verify); + if (i != 0) + { + BIO_printf(bio_err,"aborted!\n"); + memset(buf,0,(unsigned int)bufsiz); + return(-1); + } + j=strlen(buf); + if (j < PW_MIN_LENGTH) + { + BIO_printf(bio_err,"phrase is too short, needs to be at least %d chars\n",PW_MIN_LENGTH); + } + else + break; + } + return(j); + } + static char *app_get_pass(BIO *err, char *arg, int keepbio); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2) @@ -470,7 +521,8 @@ int add_oid_section(BIO *err, LHASH *conf) return 1; } -X509 *load_cert(BIO *err, char *file, int format) +X509 *load_cert(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip) { ASN1_HEADER *ah=NULL; BUF_MEM *buf=NULL; @@ -492,7 +544,9 @@ X509 *load_cert(BIO *err, char *file, int format) { if (BIO_read_filename(cert,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", + cert_descrip, file); + ERR_print_errors(err); goto end; } } @@ -543,7 +597,8 @@ X509 *load_cert(BIO *err, char *file, int format) ah->data=NULL; } else if (format == FORMAT_PEM) - x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL); + x=PEM_read_bio_X509_AUX(cert,NULL, + (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); @@ -553,7 +608,8 @@ X509 *load_cert(BIO *err, char *file, int format) p12 = NULL; } else { - BIO_printf(err,"bad input format specified for input cert\n"); + BIO_printf(err,"bad input format specified for %s\n", + cert_descrip); goto end; } end: @@ -568,10 +624,15 @@ end: return(x); } -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) +EVP_PKEY *load_key(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = file; if (file == NULL) { @@ -583,7 +644,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) if (!e) BIO_printf(bio_err,"no engine specified\n"); else - pkey = ENGINE_load_private_key(e, file, pass); + pkey = ENGINE_load_private_key(e, file, + (pem_password_cb *)password_callback, &cb_data); goto end; } key=BIO_new(BIO_s_file()); @@ -594,7 +656,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) } if (BIO_read_filename(key,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", key_descrip, file); + ERR_print_errors(err); goto end; } if (format == FORMAT_ASN1) @@ -603,7 +666,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) } else if (format == FORMAT_PEM) { - pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass); + pkey=PEM_read_bio_PrivateKey(key,NULL, + (pem_password_cb *)password_callback, &cb_data); } else if (format == FORMAT_PKCS12) { @@ -615,20 +679,25 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) } else { - BIO_printf(err,"bad input format specified for key\n"); + BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) - BIO_printf(err,"unable to load Private Key\n"); + BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); } -EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e) +EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = file; if (file == NULL) { @@ -640,7 +709,8 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e) if (!e) BIO_printf(bio_err,"no engine specified\n"); else - pkey = ENGINE_load_public_key(e, file, NULL); + pkey = ENGINE_load_public_key(e, file, + (pem_password_cb *)password_callback, &cb_data); goto end; } key=BIO_new(BIO_s_file()); @@ -651,7 +721,8 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e) } if (BIO_read_filename(key,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", key_descrip, file); + ERR_print_errors(err); goto end; } if (format == FORMAT_ASN1) @@ -660,27 +731,33 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e) } else if (format == FORMAT_PEM) { - pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL); + pkey=PEM_read_bio_PUBKEY(key,NULL, + (pem_password_cb *)password_callback, &cb_data); } else { - BIO_printf(err,"bad input format specified for key\n"); + BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) - BIO_printf(err,"unable to load Public Key\n"); + BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); } -STACK_OF(X509) *load_certs(BIO *err, char *file, int format) +STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip) { BIO *certs; int i; STACK_OF(X509) *othercerts = NULL; STACK_OF(X509_INFO) *allcerts = NULL; X509_INFO *xi; + PW_CB_DATA cb_data; + + cb_data.password = pass; + cb_data.prompt_info = file; if((certs = BIO_new(BIO_s_file())) == NULL) { @@ -694,7 +771,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) { if (BIO_read_filename(certs,file) <= 0) { - perror(file); + BIO_printf(err, "Error opening %s %s\n", + cert_descrip, file); + ERR_print_errors(err); goto end; } } @@ -708,7 +787,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) othercerts = NULL; goto end; } - allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); + allcerts = PEM_X509_INFO_read_bio(certs, NULL, + (pem_password_cb *)password_callback, &cb_data); for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { xi = sk_X509_INFO_value (allcerts, i); @@ -721,7 +801,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format) goto end; } else { - BIO_printf(err,"bad input format specified for input cert\n"); + BIO_printf(err,"bad input format specified for %s\n", + cert_descrip); goto end; } end: diff --git a/apps/apps.h b/apps/apps.h index 96dafd972d..a2b72f0878 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -142,6 +142,16 @@ typedef struct args_st int count; } ARGS; +#define PW_MIN_LENGTH 4 +typedef struct pw_cb_data + { + const void *password; + const char *prompt_info; + } PW_CB_DATA; + +int password_callback(char *buf, int bufsiz, int verify, + PW_CB_DATA *cb_data); + int should_retry(int i); int args_from_file(char *file, int *argc, char **argv[]); int str2fmt(char *s); @@ -157,10 +167,14 @@ int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(BIO *err, LHASH *conf); -X509 *load_cert(BIO *err, char *file, int format); -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e); -EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e); -STACK_OF(X509) *load_certs(BIO *err, char *file, int format); +X509 *load_cert(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip); +EVP_PKEY *load_key(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *key_descrip); +EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *key_descrip); +STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); #define FORMAT_UNDEF 0 @@ -702,34 +702,12 @@ bad: BIO_printf(bio_err,"Error getting password\n"); goto err; } - if (keyform == FORMAT_ENGINE) - { - if (!e) - { - BIO_printf(bio_err,"no engine specified\n"); - goto err; - } - pkey = ENGINE_load_private_key(e, keyfile, key); - } - else if (keyform == FORMAT_PEM) - { - if (BIO_read_filename(in,keyfile) <= 0) - { - perror(keyfile); - BIO_printf(bio_err,"trying to load CA private key\n"); - goto err; - } - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - } - else - { - BIO_printf(bio_err,"bad input format specified for key file\n"); - goto err; - } + pkey = load_key(bio_err, keyfile, keyform, key, e, + "CA private key"); if (key) memset(key,0,strlen(key)); if (pkey == NULL) { - BIO_printf(bio_err,"unable to load CA private key\n"); + /* load_key() has already printed an appropriate message */ goto err; } diff --git a/apps/dgst.c b/apps/dgst.c index a6b2e309c4..a010ba0719 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -289,52 +289,19 @@ int MAIN(int argc, char **argv) if(keyfile) { - if (keyform == FORMAT_PEM) - { - BIO *keybio; - keybio = BIO_new_file(keyfile, "r"); - if(!keybio) - { - BIO_printf(bio_err, - "Error opening key file %s\n", - keyfile); - ERR_print_errors(bio_err); - goto end; - } - if(want_pub) - sigkey = PEM_read_bio_PUBKEY(keybio, - NULL, NULL, NULL); - else - sigkey = PEM_read_bio_PrivateKey(keybio, - NULL, NULL, NULL); - BIO_free(keybio); - } - else if (keyform == FORMAT_ENGINE) - { - if (!e) - { - BIO_printf(bio_err,"no engine specified\n"); - goto end; - } - if (want_pub) - sigkey = ENGINE_load_public_key(e, keyfile, NULL); - else - sigkey = ENGINE_load_private_key(e, keyfile, NULL); - } + if (want_pub) + sigkey = load_pubkey(bio_err, keyfile, keyform, NULL, + e, "key file"); else + sigkey = load_key(bio_err, keyfile, keyform, NULL, + e, "key file"); + if (!sigkey) { - BIO_printf(bio_err, - "bad input format specified for key file\n"); + /* load_[pub]key() has already printed an appropriate + message */ goto end; } - - if(!sigkey) { - BIO_printf(bio_err, "Error reading key file %s\n", - keyfile); - ERR_print_errors(bio_err); - goto end; } - } if(sigfile && sigkey) { BIO *sigbio; diff --git a/apps/ocsp.c b/apps/ocsp.c index ba456fc58f..16207a6283 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -82,6 +82,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; char *reqin = NULL, *respin = NULL; @@ -326,7 +327,8 @@ int MAIN(int argc, char **argv) { args++; X509_free(issuer); - issuer = load_cert(bio_err, *args, FORMAT_PEM); + issuer = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "issuer certificate"); if(!issuer) goto end; } else badarg = 1; @@ -337,7 +339,8 @@ int MAIN(int argc, char **argv) { args++; X509_free(cert); - cert = load_cert(bio_err, *args, FORMAT_PEM); + cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "certificate"); if(!cert) goto end; if(!add_ocsp_cert(&req, cert, issuer, ids)) goto end; @@ -445,7 +448,8 @@ int MAIN(int argc, char **argv) if (signfile) { if (!keyfile) keyfile = signfile; - signer = load_cert(bio_err, signfile, FORMAT_PEM); + signer = load_cert(bio_err, signfile, FORMAT_PEM, + NULL, e, "signer certificate"); if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); @@ -453,13 +457,17 @@ int MAIN(int argc, char **argv) } if (sign_certfile) { - sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM); + sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, + NULL, e, "signer certificates"); if (!sign_other) goto end; } - key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL); + key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL, + "signer private key"); if (!key) { +#if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Error loading signer private key\n"); +#endif goto end; } if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags)) @@ -565,7 +573,8 @@ int MAIN(int argc, char **argv) if(!store) goto end; if (verify_certfile) { - verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM); + verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, + NULL, e, "validator certificate"); if (!verify_other) goto end; } diff --git a/apps/req.c b/apps/req.c index f422d3e0b7..429eb9d4a0 100644 --- a/apps/req.c +++ b/apps/req.c @@ -606,40 +606,12 @@ bad: if (keyfile != NULL) { - if (keyform == FORMAT_ENGINE) + pkey = load_key(bio_err, keyfile, keyform, NULL, e, + "Private Key"); + if (!pkey) { - if (!e) - { - BIO_printf(bio_err,"no engine specified\n"); - goto end; - } - pkey = ENGINE_load_private_key(e, keyfile, NULL); - } - else - { - if (BIO_read_filename(in,keyfile) <= 0) - { - perror(keyfile); - goto end; - } - - if (keyform == FORMAT_ASN1) - pkey=d2i_PrivateKey_bio(in,NULL); - else if (keyform == FORMAT_PEM) - { - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL, - passin); - } - else - { - BIO_printf(bio_err,"bad input format specified for X509 request\n"); - goto end; - } - } - - if (pkey == NULL) - { - BIO_printf(bio_err,"unable to load Private key\n"); + /* load_key() has already printed an appropriate + message */ goto end; } if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) diff --git a/apps/rsautl.c b/apps/rsautl.c index 662c11a70b..86aa95d38a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -180,15 +180,18 @@ int MAIN(int argc, char **argv) switch(key_type) { case KEY_PRIVKEY: - pkey = load_key(bio_err, keyfile, keyform, NULL, e); + pkey = load_key(bio_err, keyfile, keyform, + NULL, e, "Private Key"); break; case KEY_PUBKEY: - pkey = load_pubkey(bio_err, keyfile, keyform, e); + pkey = load_pubkey(bio_err, keyfile, keyform, + NULL, e, "Public Key"); break; case KEY_CERT: - x = load_cert(bio_err, keyfile, keyform); + x = load_cert(bio_err, keyfile, keyform, + NULL, e, "Certificate"); if(x) { pkey = X509_get_pubkey(x); X509_free(x); @@ -197,7 +200,6 @@ int MAIN(int argc, char **argv) } if(!pkey) { - BIO_printf(bio_err, "Error loading key\n"); return 1; } diff --git a/apps/smime.c b/apps/smime.c index ede9531c55..869933459b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -372,8 +372,11 @@ int MAIN(int argc, char **argv) } encerts = sk_X509_new_null(); while (*args) { - if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) { + if(!(cert = load_cert(bio_err,*args,FORMAT_PEM, + NULL, e, "recipient certificate file"))) { +#if 0 /* An appropriate message is already printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); +#endif goto end; } sk_X509_push(encerts, cert); @@ -383,23 +386,32 @@ int MAIN(int argc, char **argv) } if(signerfile && (operation == SMIME_SIGN)) { - if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) { + if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, + e, "signer certificate"))) { +#if 0 /* An appropri message has already been printed */ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); +#endif goto end; } } if(certfile) { - if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) { + if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, + e, "certificate file"))) { +#if 0 /* An appropriate message has already been printed */ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); +#endif ERR_print_errors(bio_err); goto end; } } if(recipfile && (operation == SMIME_DECRYPT)) { - if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) { + if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, + e, "recipient certificate file"))) { +#if 0 /* An appropriate message has alrady been printed */ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); +#endif ERR_print_errors(bio_err); goto end; } @@ -412,18 +424,10 @@ int MAIN(int argc, char **argv) } else keyfile = NULL; if(keyfile) { - if (keyform == FORMAT_ENGINE) { - if (!e) { - BIO_printf(bio_err,"no engine specified\n"); - goto end; - } - key = ENGINE_load_private_key(e, keyfile, passin); - } else { - if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) { - BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); - ERR_print_errors(bio_err); - goto end; - } + key = load_key(bio_err, keyfile, keyform, passin, e, + "signing key file"); + if (!key) { + goto end; } } diff --git a/apps/x509.c b/apps/x509.c index 391bb3eef9..5be90740c6 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -619,12 +619,12 @@ bad: EVP_PKEY_free(pkey); } else - x=load_cert(bio_err,infile,informat); + x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); if (x == NULL) goto end; if (CA_flag) { - xca=load_cert(bio_err,CAfile,CAformat); + xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate"); if (xca == NULL) goto end; } @@ -874,7 +874,8 @@ bad: if (Upkey == NULL) { Upkey=load_key(bio_err, - keyfile,keyformat, passin, e); + keyfile,keyformat, passin, e, + "Private key"); if (Upkey == NULL) goto end; } #ifndef OPENSSL_NO_DSA @@ -893,7 +894,7 @@ bad: { CApkey=load_key(bio_err, CAkeyfile,CAkeyformat, passin, - e); + e, "CA Private Key"); if (CApkey == NULL) goto end; } #ifndef OPENSSL_NO_DSA @@ -920,7 +921,8 @@ bad: else { pk=load_key(bio_err, - keyfile,FORMAT_PEM, passin, e); + keyfile,FORMAT_PEM, passin, e, + "request key"); if (pk == NULL) goto end; } |