Allow passwords to be included on command line for a few
authorDr. Stephen Henson <steve@openssl.org>
Fri, 24 Dec 1999 23:53:57 +0000 (23:53 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 24 Dec 1999 23:53:57 +0000 (23:53 +0000)
more utilities.

15 files changed:
CHANGES
apps/apps.c
apps/apps.h
apps/ca.c
apps/dsa.c
apps/openssl.cnf
apps/req.c
apps/rsa.c
apps/smime.c
apps/x509.c
crypto/pem/pem.h
crypto/pem/pem_lib.c
crypto/x509/x509.h
crypto/x509/x_all.c
util/libeay.num

diff --git a/CHANGES b/CHANGES
index e19ea18..b26145c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add a password callback function PEM_cb() which either prompts for
+     a password if usr_data is NULL or otherwise assumes it is a null
+     terminate password. Allow passwords to be passed on command line
+     environment or config files in a few more utilities.
+     [Steve Henson]
+
   *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
      keys. Add some short names for PKCS#8 PBE algorithms and allow them
      to be specified on the command line for the pkcs8 and pkcs12 utilities.
index 4e3f32d..6833108 100644 (file)
@@ -325,17 +325,6 @@ int app_init(long mesgwin)
        }
 #endif
 
-int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
-       {
-       int i;
-
-       if (key == NULL) return(0);
-       i=strlen(key);
-       i=(i > len)?len:i;
-       memcpy(buf,key,i);
-       return(i);
-       }
-
 int dump_cert_text (BIO *out, X509 *x)
 {
        char buf[256];
index d4c88ab..793126d 100644 (file)
@@ -143,7 +143,6 @@ int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
 #endif
index 89a73b6..ff11c2a 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -528,13 +528,8 @@ bad:
                BIO_printf(bio_err,"trying to load CA private key\n");
                goto err;
                }
-       if (key == NULL)
-               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
-       else
-               {
-               pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
-               memset(key,0,strlen(key));
-               }
+               pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key);
+               if(key) memset(key,0,strlen(key));
        if (pkey == NULL)
                {
                BIO_printf(bio_err,"unable to load CA private key\n");
index a5ff647..94f71b5 100644 (file)
@@ -236,11 +236,7 @@ bad:
                else dsa=d2i_DSAPrivateKey_bio(in,NULL);
        } else if (informat == FORMAT_PEM) {
                if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
-               else {
-                       if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
-                                                               key_cb,passin);
-                       else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
-               }
+               else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin);
        } else
                {
                BIO_printf(bio_err,"bad input format specified for key\n");
@@ -287,12 +283,8 @@ bad:
        } else if (outformat == FORMAT_PEM) {
                if(pubin || pubout)
                        i=PEM_write_bio_DSA_PUBKEY(out,dsa);
-               else {
-                       if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
-                                                       NULL,0,key_cb, passout);
-                       i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
-                                                                    NULL,NULL);
-               }
+               else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+                                                       NULL,0,PEM_cb, passout);
        } else {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
index 33b0866..9070329 100644 (file)
@@ -3,6 +3,9 @@
 # This is mostly being used for generation of certificate requests.
 #
 
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                   = .
 RANDFILE               = $ENV::HOME/.rnd
 oid_file               = $ENV::HOME/.oid
 oid_section            = new_oids
@@ -86,6 +89,10 @@ distinguished_name   = req_distinguished_name
 attributes             = req_attributes
 x509_extensions        = v3_ca # The extentions to add to the self signed cert
 
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
 # This sets the permitted types in a DirectoryString. There are several
 # options. 
 # default: PrintableString, T61String, BMPString.
index 75f2b85..24e666f 100644 (file)
@@ -146,6 +146,7 @@ int MAIN(int argc, char **argv)
        char *req_exts = NULL;
        EVP_CIPHER *cipher=NULL;
        int modulus=0;
+       char *passin = NULL, *passout = NULL;
        char *p;
        const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
@@ -217,6 +218,39 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        keyout= *(++argv);
                        }
+               else if (strcmp(*argv,"-passin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passin= *(++argv);
+                       }
+               else if (strcmp(*argv,"-envpassin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passin= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       }
+               else if (strcmp(*argv,"-envpassout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passout= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       argv++;
+                       }
+               else if (strcmp(*argv,"-passout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passout= *(++argv);
+                       }
                else if (strcmp(*argv,"-newkey") == 0)
                        {
                        int is_numeric;
@@ -452,6 +486,12 @@ bad:
                }
        }
 
+       if(!passin)
+               passin = CONF_get_string(req_conf, SECTION, "input_password");
+
+       if(!passout)
+               passout = CONF_get_string(req_conf, SECTION, "output_password");
+
        p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE);
 
        if(p && !ASN1_STRING_set_default_mask_asc(p)) {
@@ -491,7 +531,9 @@ bad:
                        rsa=d2i_RSAPrivateKey_bio(in,NULL);
                else */
                if (keyform == FORMAT_PEM)
-                       pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
+                       {
+                       pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
+                       }
                else
                        {
                        BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -579,7 +621,7 @@ bad:
                i=0;
 loop:
                if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-                       NULL,0,NULL,NULL))
+                       NULL,0,PEM_cb,passout))
                        {
                        if ((ERR_GET_REASON(ERR_peek_error()) ==
                                PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
index 219bdd6..684252c 100644 (file)
@@ -278,11 +278,7 @@ bad:
 #endif
        else if (informat == FORMAT_PEM) {
                if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
-               else {
-                       if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                                                               key_cb,passin);
-                       else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
-               }
+               else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin);
        }
        else
                {
@@ -381,12 +377,8 @@ bad:
        else if (outformat == FORMAT_PEM) {
                if(pubout || pubin)
                    i=PEM_write_bio_RSA_PUBKEY(out,rsa);
-               else {
-                       if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
-                                               enc,NULL,0,key_cb,passout);
-                       else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
-                                                               0,NULL,NULL);
-               }
+               else i=PEM_write_bio_RSAPrivateKey(out,rsa,
+                                               enc,NULL,0,PEM_cb,passout);
        } else  {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
index 882838c..6c15dcf 100644 (file)
 
 #include <stdio.h>
 #include <string.h>
+#include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include "apps.h"
 
 #undef PROG
 #define PROG smime_main
 static X509 *load_cert(char *file);
-static EVP_PKEY *load_key(char *file);
+static EVP_PKEY *load_key(char *file, char *pass);
 static STACK_OF(X509) *load_certs(char *file);
 static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
@@ -98,7 +98,7 @@ int MAIN(int argc, char **argv)
        int badarg = 0;
        int flags = PKCS7_DETACHED;
        char *to = NULL, *from = NULL, *subject = NULL;
-       char *CAfile = NULL, *CApath = NULL;
+       char *CAfile = NULL, *CApath = NULL, *passin = NULL;
 
        args = argv + 1;
 
@@ -138,7 +138,18 @@ int MAIN(int argc, char **argv)
                                flags |= PKCS7_BINARY;
                else if (!strcmp (*args, "-nosigs"))
                                flags |= PKCS7_NOSIGS;
-               else if (!strcmp (*args, "-to")) {
+               else if (!strcmp(*argv,"-passin")) {
+                       if (--argc < 1) badarg = 1;
+                       else passin= *(++argv);
+               } else if (!strcmp(*argv,"-envpassin")) {
+                       if (--argc < 1) badarg = 1;
+                       else if(!(passin= getenv(*(++argv)))) {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badarg = 1;
+                       }
+               } else if (!strcmp (*args, "-to")) {
                        if (args[1]) {
                                args++;
                                to = *args;
@@ -303,7 +314,7 @@ int MAIN(int argc, char **argv)
        } else keyfile = NULL;
 
        if(keyfile) {
-               if(!(key = load_key(keyfile))) {
+               if(!(key = load_key(keyfile, passin))) {
                        BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
                        ERR_print_errors(bio_err);
                        goto end;
@@ -405,12 +416,12 @@ static X509 *load_cert(char *file)
        return cert;
 }
 
-static EVP_PKEY *load_key(char *file)
+static EVP_PKEY *load_key(char *file, char *pass)
 {
        BIO *in;
        EVP_PKEY *key;
        if(!(in = BIO_new_file(file, "r"))) return NULL;
-       key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL);
+       key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass);
        BIO_free(in);
        return key;
 }
index 0ed5ef1..797ee39 100644 (file)
@@ -92,6 +92,8 @@ static char *x509_usage[]={
 " -CAkeyform arg  - CA key format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
+" -passin arg     - private key password\n",
+" -envpassin arg  - read private key password from encvironment variable \"arg\"\n",
 " -serial         - print serial number value\n",
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
@@ -129,7 +131,7 @@ NULL
 };
 
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format);
+static EVP_PKEY *load_key(char *file, int format, char *passin);
 static X509 *load_cert(char *file, int format);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
                                                LHASH *conf, char *section);
@@ -166,7 +168,7 @@ int MAIN(int argc, char **argv)
        char buf[256];
        const EVP_MD *md_alg,*digest=EVP_md5();
        LHASH *extconf = NULL;
-       char *extsect = NULL, *extfile = NULL;
+       char *extsect = NULL, *extfile = NULL, *passin = NULL;
        int need_rand = 0;
 
        reqfile=0;
@@ -232,6 +234,22 @@ int MAIN(int argc, char **argv)
                                goto bad;
                                }
                        }
+               else if (strcmp(*argv,"-passin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passin= *(++argv);
+                       }
+               else if (strcmp(*argv,"-envpassin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passin= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       }
                else if (strcmp(*argv,"-extfile") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -751,7 +769,7 @@ bad:
                                BIO_printf(bio_err,"Getting Private key\n");
                                if (Upkey == NULL)
                                        {
-                                       Upkey=load_key(keyfile,keyformat);
+                                       Upkey=load_key(keyfile,keyformat, passin);
                                        if (Upkey == NULL) goto end;
                                        }
 #ifndef NO_DSA
@@ -768,7 +786,7 @@ bad:
                                BIO_printf(bio_err,"Getting CA Private Key\n");
                                if (CAkeyfile != NULL)
                                        {
-                                       CApkey=load_key(CAkeyfile,CAkeyformat);
+                                       CApkey=load_key(CAkeyfile,CAkeyformat, passin);
                                        if (CApkey == NULL) goto end;
                                        }
 #ifndef NO_DSA
@@ -794,7 +812,7 @@ bad:
                                        }
                                else
                                        {
-                                       pk=load_key(keyfile,FORMAT_PEM);
+                                       pk=load_key(keyfile,FORMAT_PEM, passin);
                                        if (pk == NULL) goto end;
                                        }
 
@@ -1049,7 +1067,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
                }
        }
 
-static EVP_PKEY *load_key(char *file, int format)
+static EVP_PKEY *load_key(char *file, int format, char *passin)
        {
        BIO *key=NULL;
        EVP_PKEY *pkey=NULL;
@@ -1088,7 +1106,7 @@ static EVP_PKEY *load_key(char *file, int format)
 #endif
                if (format == FORMAT_PEM)
                {
-               pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
+               pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin);
                }
        else
                {
index 26c313b..80ab491 100644 (file)
@@ -601,6 +601,9 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
 
 int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
                              char *kstr,int klen, pem_password_cb *cd, void *u);
+#ifdef MS_CALLBACK
+int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key);
+#endif
 
 #endif /* SSLEAY_MACROS */
 
index 2bafb5e..bb2597b 100644 (file)
@@ -121,6 +121,22 @@ static int def_callback(char *buf, int num, int w, void *userdata)
 #endif
        }
 
+/* This is a generic callback. If the user data is not NULL it is assumed 
+ * to be a null terminated password. Otherwise the default password callback
+ * is called.
+ */
+
+
+int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key)
+{
+       int i;
+       if (key == NULL) return def_callback(buf, len, verify, key);
+       i=strlen(key);
+       i=(i > len)?len:i;
+       memcpy(buf,key,i);
+       return(i);
+}
+
 void PEM_proc_type(char *buf, int type)
        {
        const char *str;
index 68b5818..a5e83ee 100644 (file)
@@ -663,6 +663,7 @@ int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
                                                PKCS8_PRIV_KEY_INFO **p8inf);
 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
 #endif
 #endif
 
@@ -692,6 +693,7 @@ int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
                                                PKCS8_PRIV_KEY_INFO **p8inf);
 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
 #endif
 
 X509 *X509_dup(X509 *x509);
index e2db827..887999f 100644 (file)
@@ -469,6 +469,18 @@ int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
        {
        return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
        }
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+       {
+       PKCS8_PRIV_KEY_INFO *p8inf;
+       int ret;
+       p8inf = EVP_PKEY2PKCS8(key);
+       if(!p8inf) return 0;
+       ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+       PKCS8_PRIV_KEY_INFO_free(p8inf);
+       return ret;
+       }
+
 #endif
 
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -484,3 +496,14 @@ int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
        {
        return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
        }
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+       {
+       PKCS8_PRIV_KEY_INFO *p8inf;
+       int ret;
+       p8inf = EVP_PKEY2PKCS8(key);
+       if(!p8inf) return 0;
+       ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+       PKCS8_PRIV_KEY_INFO_free(p8inf);
+       return ret;
+       }
index 3c2c06b..7db8acf 100755 (executable)
@@ -2149,3 +2149,6 @@ i2d_ASN1_NULL                           2173
 i2d_PKCS8PrivateKey_nid_fp              2174
 d2i_PKCS8PrivateKey_fp                  2175
 i2d_PKCS8PrivateKey_nid_bio             2176
+i2d_PKCS8PrivateKeyInfo_fp              2177
+i2d_PKCS8PrivateKeyInfo_bio             2178
+PEM_cb                                  2179