#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
+#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
* -out arg - output file - default stdout
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
- int verify=0,noout=0;
+ int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
+ char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
- LHASH *conf;
+ LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else badops = 1;
if (badops)
{
bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
- BIO_printf(bio_err," -noout don't print SPKAC\n");
- BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -challenge arg challenge string\n");
+ BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err," -noout don't print SPKAC\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
+ BIO_printf(bio_err," -verify verify SPKAC signature\n");
goto end;
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
ERR_print_errors(bio_err);
goto end;
}
- pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
+ pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
if(!pkey) {
BIO_printf(bio_err, "Error reading private key\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
+ Free(spkstr);
ret = 0;
goto end;
}
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
}
if(!noout) NETSCAPE_SPKI_print(out, spki);
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
- EVP_PKEY *pktmp;
- pktmp = NETSCAPE_SPKI_get_pubkey(spki);
- i = NETSCAPE_SPKI_verify(spki, pktmp);
- EVP_PKEY_free(pktmp);
+ i = NETSCAPE_SPKI_verify(spki, pkey);
if(i) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
goto end;
}
}
+ if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
end:
+ CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free(out);
BIO_free(key);
EVP_PKEY_free(pkey);
- if(spkstr) Free(spkstr);
+ if(passin) Free(passin);
EXIT(ret);
}
projects / openssl.git / blobdiff