more utilities.
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Add a password callback function PEM_cb() which either prompts for
+ a password if usr_data is NULL or otherwise assumes it is a null
+ terminate password. Allow passwords to be passed on command line
+ environment or config files in a few more utilities.
+ [Steve Henson]
+
*) Add a bunch of DER and PEM functions to handle PKCS#8 format private
keys. Add some short names for PKCS#8 PBE algorithms and allow them
to be specified on the command line for the pkcs8 and pkcs12 utilities.
}
#endif
-int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
- {
- int i;
-
- if (key == NULL) return(0);
- i=strlen(key);
- i=(i > len)?len:i;
- memcpy(buf,key,i);
- return(i);
- }
-
int dump_cert_text (BIO *out, X509 *x)
{
char buf[256];
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
#endif
BIO_printf(bio_err,"trying to load CA private key\n");
goto err;
}
- if (key == NULL)
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
- else
- {
- pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
- memset(key,0,strlen(key));
- }
+ pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key);
+ if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else {
- if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
- key_cb,passin);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
- }
+ else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin);
} else
{
BIO_printf(bio_err,"bad input format specified for key\n");
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
- else {
- if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
- NULL,0,key_cb, passout);
- i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
- NULL,NULL);
- }
+ else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+ NULL,0,PEM_cb, passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
# This is mostly being used for generation of certificate requests.
#
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
# This sets the permitted types in a DirectoryString. There are several
# options.
# default: PrintableString, T61String, BMPString.
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
+ char *passin = NULL, *passout = NULL;
char *p;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
#ifndef MONOLITH
if (--argc < 1) goto bad;
keyout= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passin= *(++argv);
+ }
+ else if (strcmp(*argv,"-envpassin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passin= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ }
+ else if (strcmp(*argv,"-envpassout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passout= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ argv++;
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passout= *(++argv);
+ }
else if (strcmp(*argv,"-newkey") == 0)
{
int is_numeric;
}
}
+ if(!passin)
+ passin = CONF_get_string(req_conf, SECTION, "input_password");
+
+ if(!passout)
+ passout = CONF_get_string(req_conf, SECTION, "output_password");
+
p = CONF_get_string(req_conf, SECTION, DIRSTRING_TYPE);
if(p && !ASN1_STRING_set_default_mask_asc(p)) {
rsa=d2i_RSAPrivateKey_bio(in,NULL);
else */
if (keyform == FORMAT_PEM)
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
+ {
+ pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
+ }
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
i=0;
loop:
if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,NULL,NULL))
+ NULL,0,PEM_cb,passout))
{
if ((ERR_GET_REASON(ERR_peek_error()) ==
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
#endif
else if (informat == FORMAT_PEM) {
if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
- else {
- if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- key_cb,passin);
- else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
- }
+ else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin);
}
else
{
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
i=PEM_write_bio_RSA_PUBKEY(out,rsa);
- else {
- if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
- enc,NULL,0,key_cb,passout);
- else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
- 0,NULL,NULL);
- }
+ else i=PEM_write_bio_RSAPrivateKey(out,rsa,
+ enc,NULL,0,PEM_cb,passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
-#include "apps.h"
#undef PROG
#define PROG smime_main
static X509 *load_cert(char *file);
-static EVP_PKEY *load_key(char *file);
+static EVP_PKEY *load_key(char *file, char *pass);
static STACK_OF(X509) *load_certs(char *file);
static X509_STORE *setup_verify(char *CAfile, char *CApath);
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
int badarg = 0;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
+ char *CAfile = NULL, *CApath = NULL, *passin = NULL;
args = argv + 1;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
- else if (!strcmp (*args, "-to")) {
+ else if (!strcmp(*argv,"-passin")) {
+ if (--argc < 1) badarg = 1;
+ else passin= *(++argv);
+ } else if (!strcmp(*argv,"-envpassin")) {
+ if (--argc < 1) badarg = 1;
+ else if(!(passin= getenv(*(++argv)))) {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badarg = 1;
+ }
+ } else if (!strcmp (*args, "-to")) {
if (args[1]) {
args++;
to = *args;
} else keyfile = NULL;
if(keyfile) {
- if(!(key = load_key(keyfile))) {
+ if(!(key = load_key(keyfile, passin))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
ERR_print_errors(bio_err);
goto end;
return cert;
}
-static EVP_PKEY *load_key(char *file)
+static EVP_PKEY *load_key(char *file, char *pass)
{
BIO *in;
EVP_PKEY *key;
if(!(in = BIO_new_file(file, "r"))) return NULL;
- key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL);
+ key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass);
BIO_free(in);
return key;
}
" -CAkeyform arg - CA key format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
+" -passin arg - private key password\n",
+" -envpassin arg - read private key password from encvironment variable \"arg\"\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
};
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format);
+static EVP_PKEY *load_key(char *file, int format, char *passin);
static X509 *load_cert(char *file, int format);
static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
LHASH *conf, char *section);
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
- char *extsect = NULL, *extfile = NULL;
+ char *extsect = NULL, *extfile = NULL, *passin = NULL;
int need_rand = 0;
reqfile=0;
goto bad;
}
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passin= *(++argv);
+ }
+ else if (strcmp(*argv,"-envpassin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passin= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ }
else if (strcmp(*argv,"-extfile") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err,"Getting Private key\n");
if (Upkey == NULL)
{
- Upkey=load_key(keyfile,keyformat);
+ Upkey=load_key(keyfile,keyformat, passin);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
BIO_printf(bio_err,"Getting CA Private Key\n");
if (CAkeyfile != NULL)
{
- CApkey=load_key(CAkeyfile,CAkeyformat);
+ CApkey=load_key(CAkeyfile,CAkeyformat, passin);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
}
else
{
- pk=load_key(keyfile,FORMAT_PEM);
+ pk=load_key(keyfile,FORMAT_PEM, passin);
if (pk == NULL) goto end;
}
}
}
-static EVP_PKEY *load_key(char *file, int format)
+static EVP_PKEY *load_key(char *file, int format, char *passin)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
#endif
if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
+ pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin);
}
else
{
int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
char *kstr,int klen, pem_password_cb *cd, void *u);
+#ifdef MS_CALLBACK
+int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key);
+#endif
#endif /* SSLEAY_MACROS */
#endif
}
+/* This is a generic callback. If the user data is not NULL it is assumed
+ * to be a null terminated password. Otherwise the default password callback
+ * is called.
+ */
+
+
+int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key)
+{
+ int i;
+ if (key == NULL) return def_callback(buf, len, verify, key);
+ i=strlen(key);
+ i=(i > len)?len:i;
+ memcpy(buf,key,i);
+ return(i);
+}
+
void PEM_proc_type(char *buf, int type)
{
const char *str;
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
PKCS8_PRIV_KEY_INFO **p8inf);
int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
#endif
#endif
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
PKCS8_PRIV_KEY_INFO **p8inf);
int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
#endif
X509 *X509_dup(X509 *x509);
{
return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+ {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ int ret;
+ p8inf = EVP_PKEY2PKCS8(key);
+ if(!p8inf) return 0;
+ ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+ }
+
#endif
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
{
return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+ {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ int ret;
+ p8inf = EVP_PKEY2PKCS8(key);
+ if(!p8inf) return 0;
+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+ }
i2d_PKCS8PrivateKey_nid_fp 2174
d2i_PKCS8PrivateKey_fp 2175
i2d_PKCS8PrivateKey_nid_bio 2176
+i2d_PKCS8PrivateKeyInfo_fp 2177
+i2d_PKCS8PrivateKeyInfo_bio 2178
+PEM_cb 2179
projects / openssl.git / commitdiff