Pass phrase reorganisation.
diff --git a/apps/apps.c b/apps/apps.c
index 6833108..a87d23b 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -325,6 +325,7 @@
}
#endif
+
int dump_cert_text (BIO *out, X509 *x)
{
char buf[256];
@@ -338,3 +339,78 @@
BIO_puts(out,"\n");
return 0;
}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+ int same;
+ if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
+ else same = 1;
+ if(arg1) {
+ *pass1 = app_get_pass(err, arg1, same);
+ if(!*pass1) return 0;
+ } else if(pass1) *pass1 = NULL;
+ if(arg2) {
+ *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ if(!*pass2) return 0;
+ } else if(pass2) *pass2 = NULL;
+ return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+ char *tmp, tpass[APP_PASS_LEN];
+ static BIO *pwdbio = NULL;
+ int i;
+ if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
+ if(!strncmp(arg, "env:", 4)) {
+ tmp = getenv(arg + 4);
+ if(!tmp) {
+ BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ return NULL;
+ }
+ return BUF_strdup(tmp);
+ }
+ if(!keepbio || !pwdbio) {
+ if(!strncmp(arg, "file:", 5)) {
+ pwdbio = BIO_new_file(arg + 5, "r");
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open file %s\n", arg + 5);
+ return NULL;
+ }
+ } else if(!strncmp(arg, "fd:", 3)) {
+ BIO *btmp;
+ i = atoi(arg + 3);
+ if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+ if((i < 0) || !pwdbio) {
+ BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ return NULL;
+ }
+ /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
+ btmp = BIO_new(BIO_f_buffer());
+ pwdbio = BIO_push(btmp, pwdbio);
+ } else if(!strcmp(arg, "stdin")) {
+ pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open BIO for stdin\n");
+ return NULL;
+ }
+ } else {
+ BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ return NULL;
+ }
+ }
+ i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+ if(keepbio != 1) {
+ BIO_free_all(pwdbio);
+ pwdbio = NULL;
+ }
+ if(i <= 0) {
+ BIO_printf(err, "Error reading password from BIO\n");
+ return NULL;
+ }
+ tmp = strchr(tpass, '\n');
+ if(tmp) *tmp = 0;
+ return BUF_strdup(tpass);
+}
diff --git a/apps/apps.h b/apps/apps.h
index d2da5d1..2dcdb88 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -145,10 +145,13 @@
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
#endif
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
+#define APP_PASS_LEN 1024
+
#endif
diff --git a/apps/ca.c b/apps/ca.c
index d16df65..272b0e3 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -533,7 +533,7 @@
BIO_printf(bio_err,"trying to load CA private key\n");
goto err;
}
- pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,key);
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
diff --git a/apps/dsa.c b/apps/dsa.c
index a94bc95..4977671 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -95,6 +95,7 @@
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -137,34 +138,12 @@
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
- }
- else if (strcmp(*argv,"-envpassout") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passout= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
- passout= *(++argv);
+ passargout= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
@@ -194,11 +173,9 @@
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -passin arg input file pass phrase\n");
- BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase\n");
- BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
@@ -212,6 +189,11 @@
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -237,7 +219,7 @@
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,PEM_cb,passin);
+ else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
} else
{
BIO_printf(bio_err,"bad input format specified for key\n");
@@ -285,7 +267,7 @@
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
- NULL,0,PEM_cb, passout);
+ NULL,0,NULL, passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
@@ -298,9 +280,11 @@
else
ret=0;
end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (dsa != NULL) DSA_free(dsa);
+ if(in != NULL) BIO_free(in);
+ if(out != NULL) BIO_free(out);
+ if(dsa != NULL) DSA_free(dsa);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
#endif
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 805f114..d69a93d 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -81,7 +81,7 @@
int ret=1;
char *outfile=NULL;
char *inrand=NULL,*dsaparams=NULL;
- char *passout = NULL;
+ char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
@@ -101,21 +101,10 @@
if (--argc < 1) goto bad;
outfile= *(++argv);
}
- else if (strcmp(*argv,"-envpassout") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passout= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- goto bad;
- }
- }
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
- passout= *(++argv);
+ passargout= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
@@ -164,6 +153,12 @@
goto end;
}
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
in=BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams)))
{
@@ -207,7 +202,7 @@
app_RAND_write_file(NULL, bio_err);
- if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,PEM_cb, passout))
+ if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
goto end;
ret=0;
end:
@@ -216,6 +211,7 @@
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (dsa != NULL) DSA_free(dsa);
+ if(passout) Free(passout);
EXIT(ret);
}
#endif
diff --git a/apps/genrsa.c b/apps/genrsa.c
index a20cd30..dc63ff0 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -87,7 +87,7 @@
EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
- char *passout = NULL;
+ char *passargout = NULL, *passout = NULL;
char *inrand=NULL;
BIO *out=NULL;
@@ -131,21 +131,10 @@
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
- else if (strcmp(*argv,"-envpassout") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passout= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- goto bad;
- }
- }
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
- passout= *(++argv);
+ passargout= *(++argv);
}
else
break;
@@ -162,8 +151,7 @@
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
BIO_printf(bio_err," -out file output the key to 'file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase\n");
- BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
BIO_printf(bio_err," -rand file:file:...\n");
@@ -173,6 +161,12 @@
}
ERR_load_crypto_strings();
+
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+
if (outfile == NULL)
BIO_set_fp(out,stdout,BIO_NOCLOSE);
else
@@ -212,13 +206,14 @@
l+=rsa->e->d[i];
}
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
- if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,PEM_cb, passout))
+ if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
goto err;
ret=0;
err:
if (rsa != NULL) RSA_free(rsa);
if (out != NULL) BIO_free(out);
+ if(passout) Free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
EXIT(ret);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 7b12902..aefad61 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -113,6 +113,7 @@
int noprompt = 0;
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
+ char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
@@ -210,46 +211,17 @@
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
- passin = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-envpassin")) {
- if (args[1]) {
- args++;
- if(!(passin= getenv(*args))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *args);
- badarg = 1;
- }
- } else badarg = 1;
- } else if (!strcmp(*args,"-envpassout")) {
- if (args[1]) {
- args++;
- if(!(passout= getenv(*args))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *args);
- badarg = 1;
- }
+ passargin = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passout")) {
if (args[1]) {
args++;
- passout = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-envpass")) {
- if (args[1]) {
- args++;
- if(!(cpass = getenv(*args))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n", *args);
- goto end;
- }
+ passargout = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-password")) {
if (args[1]) {
args++;
- cpass = *args;
+ passarg = *args;
noprompt = 1;
} else badarg = 1;
} else badarg = 1;
@@ -290,18 +262,25 @@
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
- BIO_printf (bio_err, "-envpass p set import/export password from environment\n");
- BIO_printf (bio_err, "-passin p input file pass phrase\n");
- BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
- BIO_printf (bio_err, "-passout p output file pass phrase\n");
- BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
+ BIO_printf (bio_err, "-password p set import/export password source\n");
+ BIO_printf (bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf (bio_err, "-passout p output file pass phrase source\n");
BIO_printf(bio_err, "-rand file:file:...\n");
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
+ if(passarg) {
+ if(export_cert) passargout = passarg;
+ else passargin = passarg;
+ }
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
if(!cpass) {
if(export_cert) cpass = passout;
else cpass = passin;
@@ -395,7 +374,7 @@
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("process -export_cert");
#endif
- key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, PEM_cb, passin);
+ key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
if (!inkey) (void) BIO_reset(in);
else BIO_free(inkey);
if (!key) {
@@ -579,6 +558,8 @@
#endif
BIO_free(in);
BIO_free(out);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
@@ -643,7 +624,7 @@
p8 = bag->value.keybag;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass);
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@@ -659,7 +640,7 @@
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, PEM_cb, pempass);
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index e3fa7d4..9c03195 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -71,6 +71,7 @@
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
+ char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
@@ -130,34 +131,12 @@
else if (!strcmp(*args,"-passin"))
{
if (!args[1]) goto bad;
- passin= *(++args);
- }
- else if (!strcmp(*args,"-envpassin"))
- {
- if (!args[1]) goto bad;
- if(!(passin= getenv(*(++args))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *args);
- badarg = 1;
- }
- }
- else if (strcmp(*args,"-envpassout") == 0)
- {
- if (!args[1]) goto bad;
- if(!(passout= getenv(*(++args))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *args);
- badarg = 1;
- }
+ passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
- passout= *(++args);
+ passargout= *(++args);
}
else if (!strcmp (*args, "-in")) {
if (args[1]) {
@@ -179,12 +158,10 @@
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
- BIO_printf(bio_err, "-passin arg input file pass phrase\n");
- BIO_printf(bio_err, "-envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-passout arg output file pass phrase\n");
- BIO_printf(bio_err, "-envpassout arg environment variable containing outut file pass phrase\n");
+ BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
@@ -196,6 +173,11 @@
return (1);
}
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ return (1);
+ }
+
if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) {
@@ -216,7 +198,7 @@
if (topk8) {
if(informat == FORMAT_PEM)
- pkey = PEM_read_bio_PrivateKey(in, NULL, PEM_cb, passin);
+ pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
else if(informat == FORMAT_ASN1)
pkey = d2i_PrivateKey_bio(in, NULL);
else {
@@ -339,7 +321,7 @@
PKCS8_PRIV_KEY_INFO_free(p8inf);
if(outformat == FORMAT_PEM)
- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, PEM_cb, passout);
+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if(outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
else {
@@ -350,6 +332,8 @@
EVP_PKEY_free(pkey);
BIO_free(out);
BIO_free(in);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
return (0);
}
diff --git a/apps/req.c b/apps/req.c
index 14e8ef5..07a47c6 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -156,6 +156,7 @@
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
+ char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
@@ -231,34 +232,12 @@
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
- }
- else if (strcmp(*argv,"-envpassout") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passout= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
- passout= *(++argv);
+ passargout= *(++argv);
}
else if (strcmp(*argv,"-newkey") == 0)
{
@@ -401,13 +380,16 @@
BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err," have been reported as requiring\n");
- BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
goto end;
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
/* Lets load up our environment a little */
@@ -540,7 +522,7 @@
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
}
else
{
@@ -629,7 +611,7 @@
i=0;
loop:
if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,PEM_cb,passout))
+ NULL,0,NULL,passout))
{
if ((ERR_GET_REASON(ERR_peek_error()) ==
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -892,6 +874,8 @@
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
OBJ_cleanup();
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
diff --git a/apps/rsa.c b/apps/rsa.c
index 879b7ab..53d234c 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -98,6 +98,7 @@
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -140,34 +141,12 @@
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
- }
- else if (strcmp(*argv,"-envpassout") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passout= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
- passout= *(++argv);
+ passargout= *(++argv);
}
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
@@ -199,12 +178,10 @@
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -passin arg input file pass phrase\n");
- BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase\n");
- BIO_printf(bio_err," -envpassout arg environment variable containing output file pass phrase\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
@@ -221,6 +198,11 @@
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
if(check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
@@ -279,7 +261,7 @@
#endif
else if (informat == FORMAT_PEM) {
if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
- else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, PEM_cb,passin);
+ else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
}
else
{
@@ -379,7 +361,7 @@
if(pubout || pubin)
i=PEM_write_bio_RSA_PUBKEY(out,rsa);
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
- enc,NULL,0,PEM_cb,passout);
+ enc,NULL,0,NULL,passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
@@ -392,9 +374,11 @@
else
ret=0;
end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (rsa != NULL) RSA_free(rsa);
+ if(in != NULL) BIO_free(in);
+ if(out != NULL) BIO_free(out);
+ if(rsa != NULL) RSA_free(rsa);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
#else /* !NO_RSA */
diff --git a/apps/smime.c b/apps/smime.c
index 0d87960..c7426cc 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -101,7 +101,8 @@
int badarg = 0;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL, *passin = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
args = argv + 1;
@@ -155,17 +156,7 @@
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
- passin = *args;
- } else badarg = 1;
- } else if (!strcmp(*argv,"-envpassin")) {
- if (args[1]) {
- args++;
- if(!(passin= getenv(*args))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *args);
- badarg = 1;
- }
+ passargin = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-to")) {
if (args[1]) {
@@ -288,6 +279,11 @@
goto end;
}
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
@@ -536,6 +532,7 @@
BIO_free(in);
BIO_free(indata);
BIO_free(out);
+ if(passin) Free(passin);
return (ret);
}
@@ -554,7 +551,7 @@
BIO *in;
EVP_PKEY *key;
if(!(in = BIO_new_file(file, "r"))) return NULL;
- key = PEM_read_bio_PrivateKey(in, NULL,PEM_cb,pass);
+ key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
BIO_free(in);
return key;
}
diff --git a/apps/spkac.c b/apps/spkac.c
index e26a95d..b35354a 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -82,7 +82,8 @@
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
- char *infile = NULL,*outfile = NULL,*prog, *passin = NULL;
+ char *infile = NULL,*outfile = NULL,*prog;
+ char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf = NULL;
@@ -111,18 +112,7 @@
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
@@ -163,8 +153,7 @@
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
- BIO_printf(bio_err," -passin arg input file pass phrase\n");
- BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
@@ -174,6 +163,10 @@
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
@@ -183,7 +176,7 @@
ERR_print_errors(bio_err);
goto end;
}
- pkey = PEM_read_bio_PrivateKey(key, NULL, PEM_cb, passin);
+ pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
if(!pkey) {
BIO_printf(bio_err, "Error reading private key\n");
ERR_print_errors(bio_err);
@@ -276,5 +269,6 @@
BIO_free(out);
BIO_free(key);
EVP_PKEY_free(pkey);
+ if(passin) Free(passin);
EXIT(ret);
}
diff --git a/apps/x509.c b/apps/x509.c
index 1e90726..472d8c2 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -92,8 +92,7 @@
" -CAkeyform arg - CA key format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
-" -passin arg - private key password\n",
-" -envpassin arg - read private key password from environment variable \"arg\"\n",
+" -passin arg - private key password source\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
@@ -171,7 +170,7 @@
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
- char *extsect = NULL, *extfile = NULL, *passin = NULL;
+ char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
reqfile=0;
@@ -240,18 +239,7 @@
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-extfile") == 0)
{
@@ -404,6 +392,11 @@
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
if (!X509_STORE_set_default_paths(ctx))
{
ERR_print_errors(bio_err);
@@ -882,6 +875,7 @@
X509_REQ_free(rq);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ if(passin) Free(passin);
EXIT(ret);
}
@@ -1101,7 +1095,7 @@
#endif
if (format == FORMAT_PEM)
{
- pkey=PEM_read_bio_PrivateKey(key,NULL,PEM_cb,passin);
+ pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
}
else
{
