Pass phrase reorganisation.
[openssl.git] / apps / req.c
index 14e8ef5..07a47c6 100644 (file)
@@ -156,6 +156,7 @@ int MAIN(int argc, char **argv)
        char *req_exts = NULL;
        EVP_CIPHER *cipher=NULL;
        int modulus=0;
+       char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
        char *p;
        const EVP_MD *md_alg=NULL,*digest=EVP_md5();
@@ -231,34 +232,12 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-passin") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       passin= *(++argv);
-                       }
-               else if (strcmp(*argv,"-envpassin") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                               if(!(passin= getenv(*(++argv))))
-                               {
-                               BIO_printf(bio_err,
-                                "Can't read environment variable %s\n",
-                                                               *argv);
-                               badops = 1;
-                               }
-                       }
-               else if (strcmp(*argv,"-envpassout") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       if(!(passout= getenv(*(++argv))))
-                               {
-                               BIO_printf(bio_err,
-                                "Can't read environment variable %s\n",
-                                                               *argv);
-                               badops = 1;
-                               }
+                       passargin= *(++argv);
                        }
                else if (strcmp(*argv,"-passout") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       passout= *(++argv);
+                       passargout= *(++argv);
                        }
                else if (strcmp(*argv,"-newkey") == 0)
                        {
@@ -401,13 +380,16 @@ bad:
                BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
                BIO_printf(bio_err,"                have been reported as requiring\n");
-               BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
                BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
                BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
                goto end;
                }
 
        ERR_load_crypto_strings();
+       if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+               BIO_printf(bio_err, "Error getting passwords\n");
+               goto end;
+       }
 
 #ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
        /* Lets load up our environment a little */
@@ -540,7 +522,7 @@ bad:
                        pkey=d2i_PrivateKey_bio(in,NULL);
                else if (keyform == FORMAT_PEM)
                        {
-                       pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
+                       pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
                        }
                else
                        {
@@ -629,7 +611,7 @@ bad:
                i=0;
 loop:
                if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-                       NULL,0,PEM_cb,passout))
+                       NULL,0,NULL,passout))
                        {
                        if ((ERR_GET_REASON(ERR_peek_error()) ==
                                PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -892,6 +874,8 @@ end:
        EVP_PKEY_free(pkey);
        X509_REQ_free(req);
        X509_free(x509ss);
+       if(passin) Free(passin);
+       if(passout) Free(passout);
        OBJ_cleanup();
 #ifndef NO_DSA
        if (dsa_params != NULL) DSA_free(dsa_params);