Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a3fe382e
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a3fe382e
编写于
2月 16, 2000
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Pass phrase reorganisation.
上级
bd03b99b
变更
25
隐藏空白更改
内联
并排
Showing
25 changed file
with
334 addition
and
390 deletion
+334
-390
CHANGES
CHANGES
+8
-0
apps/apps.c
apps/apps.c
+76
-0
apps/apps.h
apps/apps.h
+3
-0
apps/ca.c
apps/ca.c
+1
-1
apps/dsa.c
apps/dsa.c
+17
-33
apps/gendsa.c
apps/gendsa.c
+10
-14
apps/genrsa.c
apps/genrsa.c
+11
-16
apps/pkcs12.c
apps/pkcs12.c
+22
-41
apps/pkcs8.c
apps/pkcs8.c
+14
-30
apps/req.c
apps/req.c
+11
-27
apps/rsa.c
apps/rsa.c
+17
-33
apps/smime.c
apps/smime.c
+10
-13
apps/spkac.c
apps/spkac.c
+10
-16
apps/x509.c
apps/x509.c
+10
-16
crypto/asn1/asn1_lib.c
crypto/asn1/asn1_lib.c
+1
-1
crypto/pem/pem.h
crypto/pem/pem.h
+0
-3
crypto/pem/pem_lib.c
crypto/pem/pem_lib.c
+7
-17
doc/apps/dsa.pod
doc/apps/dsa.pod
+8
-18
doc/apps/genrsa.pod
doc/apps/genrsa.pod
+9
-13
doc/apps/openssl.pod
doc/apps/openssl.pod
+43
-0
doc/apps/pkcs12.pod
doc/apps/pkcs12.pod
+18
-33
doc/apps/pkcs8.pod
doc/apps/pkcs8.pod
+8
-18
doc/apps/req.pod
doc/apps/req.pod
+10
-20
doc/apps/rsa.pod
doc/apps/rsa.pod
+7
-17
doc/apps/spkac.pod
doc/apps/spkac.pod
+3
-10
未找到文件。
CHANGES
浏览文件 @
a3fe382e
...
...
@@ -4,6 +4,14 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
*) Reorganise password command line arguments: now passwords can be
obtained from various sources. Delete the PEM_cb function and make
it the default behaviour: i.e. if the callback is NULL and the
usrdata argument is not NULL interpret it as a null terminated pass
phrase. If usrdata and the callback are NULL then the pass phrase
is prompted for as usual.
[Steve Henson]
*) Add support for the Compaq Atalla crypto accelerator. If it is installed,
the support is automatically enabled. The resulting binaries will
autodetect the card and use it if present.
...
...
apps/apps.c
浏览文件 @
a3fe382e
...
...
@@ -325,6 +325,7 @@ int app_init(long mesgwin)
}
#endif
int
dump_cert_text
(
BIO
*
out
,
X509
*
x
)
{
char
buf
[
256
];
...
...
@@ -338,3 +339,78 @@ int dump_cert_text (BIO *out, X509 *x)
BIO_puts
(
out
,
"
\n
"
);
return
0
;
}
static
char
*
app_get_pass
(
BIO
*
err
,
char
*
arg
,
int
keepbio
);
int
app_passwd
(
BIO
*
err
,
char
*
arg1
,
char
*
arg2
,
char
**
pass1
,
char
**
pass2
)
{
int
same
;
if
(
!
arg2
||
!
arg1
||
strcmp
(
arg1
,
arg2
))
same
=
0
;
else
same
=
1
;
if
(
arg1
)
{
*
pass1
=
app_get_pass
(
err
,
arg1
,
same
);
if
(
!*
pass1
)
return
0
;
}
else
if
(
pass1
)
*
pass1
=
NULL
;
if
(
arg2
)
{
*
pass2
=
app_get_pass
(
err
,
arg2
,
same
?
2
:
0
);
if
(
!*
pass2
)
return
0
;
}
else
if
(
pass2
)
*
pass2
=
NULL
;
return
1
;
}
static
char
*
app_get_pass
(
BIO
*
err
,
char
*
arg
,
int
keepbio
)
{
char
*
tmp
,
tpass
[
APP_PASS_LEN
];
static
BIO
*
pwdbio
=
NULL
;
int
i
;
if
(
!
strncmp
(
arg
,
"pass:"
,
5
))
return
BUF_strdup
(
arg
+
5
);
if
(
!
strncmp
(
arg
,
"env:"
,
4
))
{
tmp
=
getenv
(
arg
+
4
);
if
(
!
tmp
)
{
BIO_printf
(
err
,
"Can't read environment variable %s
\n
"
,
arg
+
4
);
return
NULL
;
}
return
BUF_strdup
(
tmp
);
}
if
(
!
keepbio
||
!
pwdbio
)
{
if
(
!
strncmp
(
arg
,
"file:"
,
5
))
{
pwdbio
=
BIO_new_file
(
arg
+
5
,
"r"
);
if
(
!
pwdbio
)
{
BIO_printf
(
err
,
"Can't open file %s
\n
"
,
arg
+
5
);
return
NULL
;
}
}
else
if
(
!
strncmp
(
arg
,
"fd:"
,
3
))
{
BIO
*
btmp
;
i
=
atoi
(
arg
+
3
);
if
(
i
>=
0
)
pwdbio
=
BIO_new_fd
(
i
,
BIO_NOCLOSE
);
if
((
i
<
0
)
||
!
pwdbio
)
{
BIO_printf
(
err
,
"Can't access file descriptor %s
\n
"
,
arg
+
3
);
return
NULL
;
}
/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
btmp
=
BIO_new
(
BIO_f_buffer
());
pwdbio
=
BIO_push
(
btmp
,
pwdbio
);
}
else
if
(
!
strcmp
(
arg
,
"stdin"
))
{
pwdbio
=
BIO_new_fp
(
stdin
,
BIO_NOCLOSE
);
if
(
!
pwdbio
)
{
BIO_printf
(
err
,
"Can't open BIO for stdin
\n
"
);
return
NULL
;
}
}
else
{
BIO_printf
(
err
,
"Invalid password argument
\"
%s
\"\n
"
,
arg
);
return
NULL
;
}
}
i
=
BIO_gets
(
pwdbio
,
tpass
,
APP_PASS_LEN
);
if
(
keepbio
!=
1
)
{
BIO_free_all
(
pwdbio
);
pwdbio
=
NULL
;
}
if
(
i
<=
0
)
{
BIO_printf
(
err
,
"Error reading password from BIO
\n
"
);
return
NULL
;
}
tmp
=
strchr
(
tpass
,
'\n'
);
if
(
tmp
)
*
tmp
=
0
;
return
BUF_strdup
(
tpass
);
}
apps/apps.h
浏览文件 @
a3fe382e
...
...
@@ -145,10 +145,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int
dump_cert_text
(
BIO
*
out
,
X509
*
x
);
#endif
int
app_passwd
(
BIO
*
err
,
char
*
arg1
,
char
*
arg2
,
char
**
pass1
,
char
**
pass2
);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
#define APP_PASS_LEN 1024
#endif
apps/ca.c
浏览文件 @
a3fe382e
...
...
@@ -533,7 +533,7 @@ bad:
BIO_printf
(
bio_err
,
"trying to load CA private key
\n
"
);
goto
err
;
}
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
PEM_cb
,
key
);
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
key
);
if
(
key
)
memset
(
key
,
0
,
strlen
(
key
));
if
(
pkey
==
NULL
)
{
...
...
apps/dsa.c
浏览文件 @
a3fe382e
...
...
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int
informat
,
outformat
,
text
=
0
,
noout
=
0
;
int
pubin
=
0
,
pubout
=
0
;
char
*
infile
,
*
outfile
,
*
prog
;
char
*
passargin
=
NULL
,
*
passargout
=
NULL
;
char
*
passin
=
NULL
,
*
passout
=
NULL
;
int
modulus
=
0
;
...
...
@@ -137,34 +138,12 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-passin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
}
else
if
(
strcmp
(
*
argv
,
"-envpassout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
passargin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-passout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passout
=
*
(
++
argv
);
pass
arg
out
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-noout"
)
==
0
)
noout
=
1
;
...
...
@@ -194,11 +173,9 @@ bad:
BIO_printf
(
bio_err
,
" -inform arg input format - DER or PEM
\n
"
);
BIO_printf
(
bio_err
,
" -outform arg output format - DER or PEM
\n
"
);
BIO_printf
(
bio_err
,
" -in arg input file
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassin arg environment variable containing input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -out arg output file
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassout arg environment variable containing output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -des encrypt PEM output with cbc des
\n
"
);
BIO_printf
(
bio_err
,
" -des3 encrypt PEM output with ede cbc des using 168 bit key
\n
"
);
#ifndef NO_IDEA
...
...
@@ -212,6 +189,11 @@ bad:
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
passargin
,
passargout
,
&
passin
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting passwords
\n
"
);
goto
end
;
}
in
=
BIO_new
(
BIO_s_file
());
out
=
BIO_new
(
BIO_s_file
());
if
((
in
==
NULL
)
||
(
out
==
NULL
))
...
...
@@ -237,7 +219,7 @@ bad:
else
dsa
=
d2i_DSAPrivateKey_bio
(
in
,
NULL
);
}
else
if
(
informat
==
FORMAT_PEM
)
{
if
(
pubin
)
dsa
=
PEM_read_bio_DSA_PUBKEY
(
in
,
NULL
,
NULL
,
NULL
);
else
dsa
=
PEM_read_bio_DSAPrivateKey
(
in
,
NULL
,
PEM_cb
,
passin
);
else
dsa
=
PEM_read_bio_DSAPrivateKey
(
in
,
NULL
,
NULL
,
passin
);
}
else
{
BIO_printf
(
bio_err
,
"bad input format specified for key
\n
"
);
...
...
@@ -285,7 +267,7 @@ bad:
if
(
pubin
||
pubout
)
i
=
PEM_write_bio_DSA_PUBKEY
(
out
,
dsa
);
else
i
=
PEM_write_bio_DSAPrivateKey
(
out
,
dsa
,
enc
,
NULL
,
0
,
PEM_cb
,
passout
);
NULL
,
0
,
NULL
,
passout
);
}
else
{
BIO_printf
(
bio_err
,
"bad output format specified for outfile
\n
"
);
goto
end
;
...
...
@@ -298,9 +280,11 @@ bad:
else
ret
=
0
;
end:
if
(
in
!=
NULL
)
BIO_free
(
in
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
dsa
!=
NULL
)
DSA_free
(
dsa
);
if
(
in
!=
NULL
)
BIO_free
(
in
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
dsa
!=
NULL
)
DSA_free
(
dsa
);
if
(
passin
)
Free
(
passin
);
if
(
passout
)
Free
(
passout
);
EXIT
(
ret
);
}
#endif
apps/gendsa.c
浏览文件 @
a3fe382e
...
...
@@ -81,7 +81,7 @@ int MAIN(int argc, char **argv)
int
ret
=
1
;
char
*
outfile
=
NULL
;
char
*
inrand
=
NULL
,
*
dsaparams
=
NULL
;
char
*
passout
=
NULL
;
char
*
pass
argout
=
NULL
,
*
pass
out
=
NULL
;
BIO
*
out
=
NULL
,
*
in
=
NULL
;
EVP_CIPHER
*
enc
=
NULL
;
...
...
@@ -101,21 +101,10 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
outfile
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
goto
bad
;
}
}
else
if
(
strcmp
(
*
argv
,
"-passout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passout
=
*
(
++
argv
);
pass
arg
out
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-rand"
)
==
0
)
{
...
...
@@ -164,6 +153,12 @@ bad:
goto
end
;
}
if
(
!
app_passwd
(
bio_err
,
NULL
,
passargout
,
NULL
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting password
\n
"
);
goto
end
;
}
in
=
BIO_new
(
BIO_s_file
());
if
(
!
(
BIO_read_filename
(
in
,
dsaparams
)))
{
...
...
@@ -207,7 +202,7 @@ bad:
app_RAND_write_file
(
NULL
,
bio_err
);
if
(
!
PEM_write_bio_DSAPrivateKey
(
out
,
dsa
,
enc
,
NULL
,
0
,
PEM_cb
,
passout
))
if
(
!
PEM_write_bio_DSAPrivateKey
(
out
,
dsa
,
enc
,
NULL
,
0
,
NULL
,
passout
))
goto
end
;
ret
=
0
;
end:
...
...
@@ -216,6 +211,7 @@ end:
if
(
in
!=
NULL
)
BIO_free
(
in
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
dsa
!=
NULL
)
DSA_free
(
dsa
);
if
(
passout
)
Free
(
passout
);
EXIT
(
ret
);
}
#endif
apps/genrsa.c
浏览文件 @
a3fe382e
...
...
@@ -87,7 +87,7 @@ int MAIN(int argc, char **argv)
EVP_CIPHER
*
enc
=
NULL
;
unsigned
long
f4
=
RSA_F4
;
char
*
outfile
=
NULL
;
char
*
passout
=
NULL
;
char
*
pass
argout
=
NULL
,
*
pass
out
=
NULL
;
char
*
inrand
=
NULL
;
BIO
*
out
=
NULL
;
...
...
@@ -131,21 +131,10 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-idea"
)
==
0
)
enc
=
EVP_idea_cbc
();
#endif
else
if
(
strcmp
(
*
argv
,
"-envpassout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
goto
bad
;
}
}
else
if
(
strcmp
(
*
argv
,
"-passout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passout
=
*
(
++
argv
);
pass
arg
out
=
*
(
++
argv
);
}
else
break
;
...
...
@@ -162,8 +151,7 @@ bad:
BIO_printf
(
bio_err
,
" -idea encrypt the generated key with IDEA in cbc mode
\n
"
);
#endif
BIO_printf
(
bio_err
,
" -out file output the key to 'file
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassout arg environment variable containing output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -f4 use F4 (0x10001) for the E value
\n
"
);
BIO_printf
(
bio_err
,
" -3 use 3 for the E value
\n
"
);
BIO_printf
(
bio_err
,
" -rand file:file:...
\n
"
);
...
...
@@ -173,6 +161,12 @@ bad:
}
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
NULL
,
passargout
,
NULL
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting password
\n
"
);
goto
err
;
}
if
(
outfile
==
NULL
)
BIO_set_fp
(
out
,
stdout
,
BIO_NOCLOSE
);
else
...
...
@@ -212,13 +206,14 @@ bad:
l
+=
rsa
->
e
->
d
[
i
];
}
BIO_printf
(
bio_err
,
"e is %ld (0x%lX)
\n
"
,
l
,
l
);
if
(
!
PEM_write_bio_RSAPrivateKey
(
out
,
rsa
,
enc
,
NULL
,
0
,
PEM_cb
,
passout
))
if
(
!
PEM_write_bio_RSAPrivateKey
(
out
,
rsa
,
enc
,
NULL
,
0
,
NULL
,
passout
))
goto
err
;
ret
=
0
;
err:
if
(
rsa
!=
NULL
)
RSA_free
(
rsa
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
passout
)
Free
(
passout
);
if
(
ret
!=
0
)
ERR_print_errors
(
bio_err
);
EXIT
(
ret
);
...
...
apps/pkcs12.c
浏览文件 @
a3fe382e
...
...
@@ -113,6 +113,7 @@ int MAIN(int argc, char **argv)
int
noprompt
=
0
;
STACK
*
canames
=
NULL
;
char
*
cpass
=
NULL
,
*
mpass
=
NULL
;
char
*
passargin
=
NULL
,
*
passargout
=
NULL
,
*
passarg
=
NULL
;
char
*
passin
=
NULL
,
*
passout
=
NULL
;
char
*
inrand
=
NULL
;
...
...
@@ -210,46 +211,17 @@ int MAIN(int argc, char **argv)
}
else
if
(
!
strcmp
(
*
args
,
"-passin"
))
{
if
(
args
[
1
])
{
args
++
;
passin
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-envpassin"
))
{
if
(
args
[
1
])
{
args
++
;
if
(
!
(
passin
=
getenv
(
*
args
)))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
badarg
=
1
;
}
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-envpassout"
))
{
if
(
args
[
1
])
{
args
++
;
if
(
!
(
passout
=
getenv
(
*
args
)))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
badarg
=
1
;
}
passargin
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-passout"
))
{
if
(
args
[
1
])
{
args
++
;
passout
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-envpass"
))
{
if
(
args
[
1
])
{
args
++
;
if
(
!
(
cpass
=
getenv
(
*
args
)))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
goto
end
;
}
passargout
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-password"
))
{
if
(
args
[
1
])
{
args
++
;
cpass
=
*
args
;
passarg
=
*
args
;
noprompt
=
1
;
}
else
badarg
=
1
;
}
else
badarg
=
1
;
...
...
@@ -290,18 +262,25 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"-keypbe alg specify private key PBE algorithm (default 3DES)
\n
"
);
BIO_printf
(
bio_err
,
"-keyex set MS key exchange type
\n
"
);
BIO_printf
(
bio_err
,
"-keysig set MS key signature type
\n
"
);
BIO_printf
(
bio_err
,
"-password p set import/export password (NOT RECOMMENDED)
\n
"
);
BIO_printf
(
bio_err
,
"-envpass p set import/export password from environment
\n
"
);
BIO_printf
(
bio_err
,
"-passin p input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-envpassin p environment variable containing input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-passout p output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-envpassout p environment variable containing output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-password p set import/export password source
\n
"
);
BIO_printf
(
bio_err
,
"-passin p input file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
"-passout p output file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
"-rand file:file:...
\n
"
);
BIO_printf
(
bio_err
,
" load the file (or the files in the directory) into
\n
"
);
BIO_printf
(
bio_err
,
" the random number generator
\n
"
);
goto
end
;
}
if
(
passarg
)
{
if
(
export_cert
)
passargout
=
passarg
;
else
passargin
=
passarg
;
}
if
(
!
app_passwd
(
bio_err
,
passargin
,
passargout
,
&
passin
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting passwords
\n
"
);
goto
end
;
}
if
(
!
cpass
)
{
if
(
export_cert
)
cpass
=
passout
;
else
cpass
=
passin
;
...
...
@@ -395,7 +374,7 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info
(
"process -export_cert"
);
#endif
key
=
PEM_read_bio_PrivateKey
(
inkey
?
inkey
:
in
,
NULL
,
PEM_cb
,
passin
);
key
=
PEM_read_bio_PrivateKey
(
inkey
?
inkey
:
in
,
NULL
,
NULL
,
passin
);
if
(
!
inkey
)
(
void
)
BIO_reset
(
in
);
else
BIO_free
(
inkey
);
if
(
!
key
)
{
...
...
@@ -579,6 +558,8 @@ int MAIN(int argc, char **argv)
#endif
BIO_free
(
in
);
BIO_free
(
out
);
if
(
passin
)
Free
(
passin
);
if
(
passout
)
Free
(
passout
);
EXIT
(
ret
);
}
...
...
@@ -643,7 +624,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
p8
=
bag
->
value
.
keybag
;
if
(
!
(
pkey
=
EVP_PKCS82PKEY
(
p8
)))
return
0
;
print_attribs
(
out
,
p8
->
attributes
,
"Key Attributes"
);
PEM_write_bio_PrivateKey
(
out
,
pkey
,
enc
,
NULL
,
0
,
PEM_cb
,
pempass
);
PEM_write_bio_PrivateKey
(
out
,
pkey
,
enc
,
NULL
,
0
,
NULL
,
pempass
);
EVP_PKEY_free
(
pkey
);
break
;
...
...
@@ -659,7 +640,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if
(
!
(
pkey
=
EVP_PKCS82PKEY
(
p8
)))
return
0
;
print_attribs
(
out
,
p8
->
attributes
,
"Key Attributes"
);
PKCS8_PRIV_KEY_INFO_free
(
p8
);
PEM_write_bio_PrivateKey
(
out
,
pkey
,
enc
,
NULL
,
0
,
PEM_cb
,
pempass
);
PEM_write_bio_PrivateKey
(
out
,
pkey
,
enc
,
NULL
,
0
,
NULL
,
pempass
);
EVP_PKEY_free
(
pkey
);
break
;
...
...
apps/pkcs8.c
浏览文件 @
a3fe382e
...
...
@@ -71,6 +71,7 @@ int MAIN(int, char **);
int
MAIN
(
int
argc
,
char
**
argv
)
{
char
**
args
,
*
infile
=
NULL
,
*
outfile
=
NULL
;
char
*
passargin
=
NULL
,
*
passargout
=
NULL
;
BIO
*
in
=
NULL
,
*
out
=
NULL
;
int
topk8
=
0
;
int
pbe_nid
=
-
1
;
...
...
@@ -130,34 +131,12 @@ int MAIN(int argc, char **argv)
else
if
(
!
strcmp
(
*
args
,
"-passin"
))
{
if
(
!
args
[
1
])
goto
bad
;
passin
=
*
(
++
args
);
}
else
if
(
!
strcmp
(
*
args
,
"-envpassin"
))
{
if
(
!
args
[
1
])
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
args
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
badarg
=
1
;
}
}
else
if
(
strcmp
(
*
args
,
"-envpassout"
)
==
0
)
{
if
(
!
args
[
1
])
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
args
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
badarg
=
1
;
}
passargin
=
*
(
++
args
);
}
else
if
(
!
strcmp
(
*
args
,
"-passout"
))
{
if
(
!
args
[
1
])
goto
bad
;
passout
=
*
(
++
args
);
pass
arg
out
=
*
(
++
args
);
}
else
if
(
!
strcmp
(
*
args
,
"-in"
))
{
if
(
args
[
1
])
{
...
...
@@ -179,12 +158,10 @@ int MAIN(int argc, char **argv)
BIO_printf
(
bio_err
,
"where options are
\n
"
);
BIO_printf
(
bio_err
,
"-in file input file
\n
"
);
BIO_printf
(
bio_err
,
"-inform X input format (DER or PEM)
\n
"
);
BIO_printf
(
bio_err
,
"-passin arg input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-envpassin arg environment variable containing input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-passin arg input file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
"-outform X output format (DER or PEM)
\n
"
);
BIO_printf
(
bio_err
,
"-out file output file
\n
"
);
BIO_printf
(
bio_err
,
"-passout arg output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-envpassout arg environment variable containing outut file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
"-passout arg output file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
"-topk8 output PKCS8 file
\n
"
);
BIO_printf
(
bio_err
,
"-nooct use (nonstandard) no octet format
\n
"
);
BIO_printf
(
bio_err
,
"-embed use (nonstandard) embedded DSA parameters format
\n
"
);
...
...
@@ -196,6 +173,11 @@ int MAIN(int argc, char **argv)
return
(
1
);
}
if
(
!
app_passwd
(
bio_err
,
passargin
,
passargout
,
&
passin
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting passwords
\n
"
);
return
(
1
);
}
if
((
pbe_nid
==
-
1
)
&&
!
cipher
)
pbe_nid
=
NID_pbeWithMD5AndDES_CBC
;
if
(
infile
)
{
...
...
@@ -216,7 +198,7 @@ int MAIN(int argc, char **argv)
if
(
topk8
)
{
if
(
informat
==
FORMAT_PEM
)
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
PEM_cb
,
passin
);
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
passin
);
else
if
(
informat
==
FORMAT_ASN1
)
pkey
=
d2i_PrivateKey_bio
(
in
,
NULL
);
else
{
...
...
@@ -339,7 +321,7 @@ int MAIN(int argc, char **argv)
PKCS8_PRIV_KEY_INFO_free
(
p8inf
);
if
(
outformat
==
FORMAT_PEM
)
PEM_write_bio_PrivateKey
(
out
,
pkey
,
NULL
,
NULL
,
0
,
PEM_cb
,
passout
);
PEM_write_bio_PrivateKey
(
out
,
pkey
,
NULL
,
NULL
,
0
,
NULL
,
passout
);
else
if
(
outformat
==
FORMAT_ASN1
)
i2d_PrivateKey_bio
(
out
,
pkey
);
else
{
...
...
@@ -350,6 +332,8 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free
(
pkey
);
BIO_free
(
out
);
BIO_free
(
in
);
if
(
passin
)
Free
(
passin
);
if
(
passout
)
Free
(
passout
);
return
(
0
);
}
apps/req.c
浏览文件 @
a3fe382e
...
...
@@ -156,6 +156,7 @@ int MAIN(int argc, char **argv)
char
*
req_exts
=
NULL
;
EVP_CIPHER
*
cipher
=
NULL
;
int
modulus
=
0
;
char
*
passargin
=
NULL
,
*
passargout
=
NULL
;
char
*
passin
=
NULL
,
*
passout
=
NULL
;
char
*
p
;
const
EVP_MD
*
md_alg
=
NULL
,
*
digest
=
EVP_md5
();
...
...
@@ -231,34 +232,12 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-passin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
}
else
if
(
strcmp
(
*
argv
,
"-envpassout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
passargin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-passout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passout
=
*
(
++
argv
);
pass
arg
out
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-newkey"
)
==
0
)
{
...
...
@@ -401,13 +380,16 @@ bad:
BIO_printf
(
bio_err
,
" -days number of days a x509 generated by -x509 is valid for.
\n
"
);
BIO_printf
(
bio_err
,
" -asn1-kludge Output the 'request' in a format that is wrong but some CA's
\n
"
);
BIO_printf
(
bio_err
,
" have been reported as requiring
\n
"
);
BIO_printf
(
bio_err
,
" [ It is now always turned on but can be turned off with -no-asn1-kludge ]
\n
"
);
BIO_printf
(
bio_err
,
" -extensions .. specify certificate extension section (override value in config file)
\n
"
);
BIO_printf
(
bio_err
,
" -reqexts .. specify request extension section (override value in config file)
\n
"
);
goto
end
;
}
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
passargin
,
passargout
,
&
passin
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting passwords
\n
"
);
goto
end
;
}
#ifndef MONOLITH
/* else this has happened in openssl.c (global `config') */
/* Lets load up our environment a little */
...
...
@@ -540,7 +522,7 @@ bad:
pkey
=
d2i_PrivateKey_bio
(
in
,
NULL
);
else
if
(
keyform
==
FORMAT_PEM
)
{
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
PEM_cb
,
passin
);
pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
passin
);
}
else
{
...
...
@@ -629,7 +611,7 @@ bad:
i
=
0
;
loop:
if
(
!
PEM_write_bio_PrivateKey
(
out
,
pkey
,
cipher
,
NULL
,
0
,
PEM_cb
,
passout
))
NULL
,
0
,
NULL
,
passout
))
{
if
((
ERR_GET_REASON
(
ERR_peek_error
())
==
PEM_R_PROBLEMS_GETTING_PASSWORD
)
&&
(
i
<
3
))
...
...
@@ -892,6 +874,8 @@ end:
EVP_PKEY_free
(
pkey
);
X509_REQ_free
(
req
);
X509_free
(
x509ss
);
if
(
passin
)
Free
(
passin
);
if
(
passout
)
Free
(
passout
);
OBJ_cleanup
();
#ifndef NO_DSA
if
(
dsa_params
!=
NULL
)
DSA_free
(
dsa_params
);
...
...
apps/rsa.c
浏览文件 @
a3fe382e
...
...
@@ -98,6 +98,7 @@ int MAIN(int argc, char **argv)
int
informat
,
outformat
,
text
=
0
,
check
=
0
,
noout
=
0
;
int
pubin
=
0
,
pubout
=
0
;
char
*
infile
,
*
outfile
,
*
prog
;
char
*
passargin
=
NULL
,
*
passargout
=
NULL
;
char
*
passin
=
NULL
,
*
passout
=
NULL
;
int
modulus
=
0
;
...
...
@@ -140,34 +141,12 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-passin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
}
else
if
(
strcmp
(
*
argv
,
"-envpassout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passout
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
passargin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-passout"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passout
=
*
(
++
argv
);
pass
arg
out
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-pubin"
)
==
0
)
pubin
=
1
;
...
...
@@ -199,12 +178,10 @@ bad:
BIO_printf
(
bio_err
,
" -inform arg input format - one of DER NET PEM
\n
"
);
BIO_printf
(
bio_err
,
" -outform arg output format - one of DER NET PEM
\n
"
);
BIO_printf
(
bio_err
,
" -in arg input file
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassin arg environment variable containing input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -in arg input file
\n
"
);
BIO_printf
(
bio_err
,
" -out arg output file
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassout arg environment variable containing output file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passout arg output file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -des encrypt PEM output with cbc des
\n
"
);
BIO_printf
(
bio_err
,
" -des3 encrypt PEM output with ede cbc des using 168 bit key
\n
"
);
#ifndef NO_IDEA
...
...
@@ -221,6 +198,11 @@ bad:
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
passargin
,
passargout
,
&
passin
,
&
passout
))
{
BIO_printf
(
bio_err
,
"Error getting passwords
\n
"
);
goto
end
;
}
if
(
check
&&
pubin
)
{
BIO_printf
(
bio_err
,
"Only private keys can be checked
\n
"
);
goto
end
;
...
...
@@ -279,7 +261,7 @@ bad:
#endif
else
if
(
informat
==
FORMAT_PEM
)
{
if
(
pubin
)
rsa
=
PEM_read_bio_RSA_PUBKEY
(
in
,
NULL
,
NULL
,
NULL
);
else
rsa
=
PEM_read_bio_RSAPrivateKey
(
in
,
NULL
,
PEM_cb
,
passin
);
else
rsa
=
PEM_read_bio_RSAPrivateKey
(
in
,
NULL
,
NULL
,
passin
);
}
else
{
...
...
@@ -379,7 +361,7 @@ bad:
if
(
pubout
||
pubin
)
i
=
PEM_write_bio_RSA_PUBKEY
(
out
,
rsa
);
else
i
=
PEM_write_bio_RSAPrivateKey
(
out
,
rsa
,
enc
,
NULL
,
0
,
PEM_cb
,
passout
);
enc
,
NULL
,
0
,
NULL
,
passout
);
}
else
{
BIO_printf
(
bio_err
,
"bad output format specified for outfile
\n
"
);
goto
end
;
...
...
@@ -392,9 +374,11 @@ bad:
else
ret
=
0
;
end:
if
(
in
!=
NULL
)
BIO_free
(
in
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
rsa
!=
NULL
)
RSA_free
(
rsa
);
if
(
in
!=
NULL
)
BIO_free
(
in
);
if
(
out
!=
NULL
)
BIO_free
(
out
);
if
(
rsa
!=
NULL
)
RSA_free
(
rsa
);
if
(
passin
)
Free
(
passin
);
if
(
passout
)
Free
(
passout
);
EXIT
(
ret
);
}
#else
/* !NO_RSA */
...
...
apps/smime.c
浏览文件 @
a3fe382e
...
...
@@ -101,7 +101,8 @@ int MAIN(int argc, char **argv)
int
badarg
=
0
;
int
flags
=
PKCS7_DETACHED
;
char
*
to
=
NULL
,
*
from
=
NULL
,
*
subject
=
NULL
;
char
*
CAfile
=
NULL
,
*
CApath
=
NULL
,
*
passin
=
NULL
;
char
*
CAfile
=
NULL
,
*
CApath
=
NULL
;
char
*
passargin
=
NULL
,
*
passin
=
NULL
;
char
*
inrand
=
NULL
;
int
need_rand
=
0
;
args
=
argv
+
1
;
...
...
@@ -155,17 +156,7 @@ int MAIN(int argc, char **argv)
}
else
if
(
!
strcmp
(
*
args
,
"-passin"
))
{
if
(
args
[
1
])
{
args
++
;
passin
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
argv
,
"-envpassin"
))
{
if
(
args
[
1
])
{
args
++
;
if
(
!
(
passin
=
getenv
(
*
args
)))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
args
);
badarg
=
1
;
}
passargin
=
*
args
;
}
else
badarg
=
1
;
}
else
if
(
!
strcmp
(
*
args
,
"-to"
))
{
if
(
args
[
1
])
{
...
...
@@ -288,6 +279,11 @@ int MAIN(int argc, char **argv)
goto
end
;
}
if
(
!
app_passwd
(
bio_err
,
passargin
,
NULL
,
&
passin
,
NULL
))
{
BIO_printf
(
bio_err
,
"Error getting password
\n
"
);
goto
end
;
}
if
(
need_rand
)
{
app_RAND_load_file
(
NULL
,
bio_err
,
(
inrand
!=
NULL
));
if
(
inrand
!=
NULL
)
...
...
@@ -536,6 +532,7 @@ end:
BIO_free
(
in
);
BIO_free
(
indata
);
BIO_free
(
out
);
if
(
passin
)
Free
(
passin
);
return
(
ret
);
}
...
...
@@ -554,7 +551,7 @@ static EVP_PKEY *load_key(char *file, char *pass)
BIO
*
in
;
EVP_PKEY
*
key
;
if
(
!
(
in
=
BIO_new_file
(
file
,
"r"
)))
return
NULL
;
key
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
PEM_cb
,
pass
);
key
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
pass
);
BIO_free
(
in
);
return
key
;
}
...
...
apps/spkac.c
浏览文件 @
a3fe382e
...
...
@@ -82,7 +82,8 @@ int MAIN(int argc, char **argv)
int
i
,
badops
=
0
,
ret
=
1
;
BIO
*
in
=
NULL
,
*
out
=
NULL
,
*
key
=
NULL
;
int
verify
=
0
,
noout
=
0
,
pubkey
=
0
;
char
*
infile
=
NULL
,
*
outfile
=
NULL
,
*
prog
,
*
passin
=
NULL
;
char
*
infile
=
NULL
,
*
outfile
=
NULL
,
*
prog
;
char
*
passargin
=
NULL
,
*
passin
=
NULL
;
char
*
spkac
=
"SPKAC"
,
*
spksect
=
"default"
,
*
spkstr
=
NULL
;
char
*
challenge
=
NULL
,
*
keyfile
=
NULL
;
LHASH
*
conf
=
NULL
;
...
...
@@ -111,18 +112,7 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-passin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
passargin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-key"
)
==
0
)
{
...
...
@@ -163,8 +153,7 @@ bad:
BIO_printf
(
bio_err
,
" -in arg input file
\n
"
);
BIO_printf
(
bio_err
,
" -out arg output file
\n
"
);
BIO_printf
(
bio_err
,
" -key arg create SPKAC using private key
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -envpassin arg environment variable containing input file pass phrase
\n
"
);
BIO_printf
(
bio_err
,
" -passin arg input file pass phrase source
\n
"
);
BIO_printf
(
bio_err
,
" -challenge arg challenge string
\n
"
);
BIO_printf
(
bio_err
,
" -spkac arg alternative SPKAC name
\n
"
);
BIO_printf
(
bio_err
,
" -noout don't print SPKAC
\n
"
);
...
...
@@ -174,6 +163,10 @@ bad:
}
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
passargin
,
NULL
,
&
passin
,
NULL
))
{
BIO_printf
(
bio_err
,
"Error getting password
\n
"
);
goto
end
;
}
if
(
keyfile
)
{
if
(
strcmp
(
keyfile
,
"-"
))
key
=
BIO_new_file
(
keyfile
,
"r"
);
...
...
@@ -183,7 +176,7 @@ bad:
ERR_print_errors
(
bio_err
);
goto
end
;
}
pkey
=
PEM_read_bio_PrivateKey
(
key
,
NULL
,
PEM_cb
,
passin
);
pkey
=
PEM_read_bio_PrivateKey
(
key
,
NULL
,
NULL
,
passin
);
if
(
!
pkey
)
{
BIO_printf
(
bio_err
,
"Error reading private key
\n
"
);
ERR_print_errors
(
bio_err
);
...
...
@@ -276,5 +269,6 @@ end:
BIO_free
(
out
);
BIO_free
(
key
);
EVP_PKEY_free
(
pkey
);
if
(
passin
)
Free
(
passin
);
EXIT
(
ret
);
}
apps/x509.c
浏览文件 @
a3fe382e
...
...
@@ -92,8 +92,7 @@ static char *x509_usage[]={
" -CAkeyform arg - CA key format - default PEM
\n
"
,
" -in arg - input file - default stdin
\n
"
,
" -out arg - output file - default stdout
\n
"
,
" -passin arg - private key password
\n
"
,
" -envpassin arg - read private key password from environment variable
\"
arg
\"\n
"
,
" -passin arg - private key password source
\n
"
,
" -serial - print serial number value
\n
"
,
" -hash - print hash value
\n
"
,
" -subject - print subject DN
\n
"
,
...
...
@@ -171,7 +170,7 @@ int MAIN(int argc, char **argv)
char
buf
[
256
];
const
EVP_MD
*
md_alg
,
*
digest
=
EVP_md5
();
LHASH
*
extconf
=
NULL
;
char
*
extsect
=
NULL
,
*
extfile
=
NULL
,
*
passin
=
NULL
;
char
*
extsect
=
NULL
,
*
extfile
=
NULL
,
*
passin
=
NULL
,
*
passargin
=
NULL
;
int
need_rand
=
0
;
reqfile
=
0
;
...
...
@@ -240,18 +239,7 @@ int MAIN(int argc, char **argv)
else
if
(
strcmp
(
*
argv
,
"-passin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
passin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-envpassin"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
if
(
!
(
passin
=
getenv
(
*
(
++
argv
))))
{
BIO_printf
(
bio_err
,
"Can't read environment variable %s
\n
"
,
*
argv
);
badops
=
1
;
}
passargin
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-extfile"
)
==
0
)
{
...
...
@@ -404,6 +392,11 @@ bad:
ERR_load_crypto_strings
();
if
(
!
app_passwd
(
bio_err
,
passargin
,
NULL
,
&
passin
,
NULL
))
{
BIO_printf
(
bio_err
,
"Error getting password
\n
"
);
goto
end
;
}
if
(
!
X509_STORE_set_default_paths
(
ctx
))
{
ERR_print_errors
(
bio_err
);
...
...
@@ -882,6 +875,7 @@ end:
X509_REQ_free
(
rq
);
sk_ASN1_OBJECT_pop_free
(
trust
,
ASN1_OBJECT_free
);
sk_ASN1_OBJECT_pop_free
(
reject
,
ASN1_OBJECT_free
);
if
(
passin
)
Free
(
passin
);
EXIT
(
ret
);
}
...
...
@@ -1101,7 +1095,7 @@ static EVP_PKEY *load_key(char *file, int format, char *passin)
#endif
if
(
format
==
FORMAT_PEM
)
{
pkey
=
PEM_read_bio_PrivateKey
(
key
,
NULL
,
PEM_cb
,
passin
);
pkey
=
PEM_read_bio_PrivateKey
(
key
,
NULL
,
NULL
,
passin
);
}
else
{
...
...
crypto/asn1/asn1_lib.c
浏览文件 @
a3fe382e
...
...
@@ -421,4 +421,4 @@ int ASN1_STRING_type(ASN1_STRING *x)
{
return
M_ASN1_STRING_type
(
x
);
}
unsigned
char
*
ASN1_STRING_data
(
ASN1_STRING
*
x
)
{
return
ASN1_STRING_data
(
x
);
}
{
return
M_
ASN1_STRING_data
(
x
);
}
crypto/pem/pem.h
浏览文件 @
a3fe382e
...
...
@@ -601,9 +601,6 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
int
PEM_write_PKCS8PrivateKey
(
FILE
*
fp
,
EVP_PKEY
*
x
,
const
EVP_CIPHER
*
enc
,
char
*
kstr
,
int
klen
,
pem_password_cb
*
cd
,
void
*
u
);
#ifdef MS_CALLBACK
int
MS_CALLBACK
PEM_cb
(
char
*
buf
,
int
len
,
int
verify
,
void
*
key
);
#endif
#endif
/* SSLEAY_MACROS */
...
...
crypto/pem/pem_lib.c
浏览文件 @
a3fe382e
...
...
@@ -85,7 +85,7 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
char
*
kstr
,
int
klen
,
pem_password_cb
*
cb
,
void
*
u
);
static
int
def_callback
(
char
*
buf
,
int
num
,
int
w
,
void
*
userdata
)
static
int
def_callback
(
char
*
buf
,
int
num
,
int
w
,
void
*
key
)
{
#ifdef NO_FP_API
/* We should not ever call the default callback routine from
...
...
@@ -95,6 +95,12 @@ static int def_callback(char *buf, int num, int w, void *userdata)
#else
int
i
,
j
;
const
char
*
prompt
;
if
(
key
)
{
i
=
strlen
(
key
);
i
=
(
i
>
num
)
?
num
:
i
;
memcpy
(
buf
,
key
,
i
);
return
(
i
);
}
prompt
=
EVP_get_pw_prompt
();
if
(
prompt
==
NULL
)
...
...
@@ -121,22 +127,6 @@ static int def_callback(char *buf, int num, int w, void *userdata)
#endif
}
/* This is a generic callback. If the user data is not NULL it is assumed
* to be a null terminated password. Otherwise the default password callback
* is called.
*/
int
MS_CALLBACK
PEM_cb
(
char
*
buf
,
int
len
,
int
verify
,
void
*
key
)
{
int
i
;
if
(
key
==
NULL
)
return
def_callback
(
buf
,
len
,
verify
,
key
);
i
=
strlen
(
key
);
i
=
(
i
>
len
)
?
len
:
i
;
memcpy
(
buf
,
key
,
i
);
return
(
i
);
}
void
PEM_proc_type
(
char
*
buf
,
int
type
)
{
const
char
*
str
;
...
...
doc/apps/dsa.pod
浏览文件 @
a3fe382e
...
...
@@ -10,11 +10,9 @@ B<openssl> B<dsa>
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-passout arg>]
[B<-des>]
[B<-des3>]
[B<-idea>]
...
...
@@ -58,14 +56,10 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin
password
>
=item B<-passin
arg
>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-out filename>
...
...
@@ -74,14 +68,10 @@ is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
=item B<-passout arg>
read the output file password from the environment variable B<var>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-des|-des3|-idea>
...
...
doc/apps/genrsa.pod
浏览文件 @
a3fe382e
...
...
@@ -8,8 +8,7 @@ genrsa - generate an RSA private key
B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-passout arg>]
[B<-des>]
[B<-des3>]
[B<-idea>]
...
...
@@ -31,21 +30,17 @@ The B<genrsa> command generates an RSA private key.
the output filename. If this argument is not specified then standard output is
used.
=item B<-passout
password
>
=item B<-passout
arg
>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the
IDEA ciphers respectively before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout>
or B<-envpassout> arguments
.
for if it is not supplied via the B<-passout>
argument
.
=item B<-F4|-3>
...
...
@@ -69,9 +64,10 @@ specified. The default is 512.
RSA private key generation essentially involves the generation of two prime
numbers. When generating a private key various symbols will be output to
indicate the progress of the generation. A B<.> represents each number tested.
A B<+> means a number has passed a single primality test. A newline means that
the number has passed all the prime tests (currently set to 5 single tests).
indicate the progress of the generation. A B<.> represents each number which
has passed an initial sieve test, B<+> means a number has passed a single
round of the Miller-Rabin primality test. A newline means that the number has
passed all the prime tests (the actual number depends on the key size).
Because key generation is a random process the time taken to generate a key
may vary somewhat.
...
...
doc/apps/openssl.pod
浏览文件 @
a3fe382e
...
...
@@ -233,6 +233,49 @@ RC5 Cipher
=back
=head1 PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using B<-passin>
and B<-passout> for input and output passwords respectively. These allow
the password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
=over 10
=item B<pass:password>
the actual password is B<password>. Since the password is visible
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.
=item B<env:var>
obtain the password from the environment variable B<var>. Since
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.
=item B<file:pathname>
the first line of B<pathname> is the password. If the same B<pathname>
argument is supplied to B<-passin> and B<-passout> arguments then the first
line will be used for the input password and the next line for the output
password. B<pathname> need not refer to a regular file: it could for example
refer to a device or named pipe.
=item B<fd:number>
read the password from the file descriptor B<number>. This can be used to
send the data via a pipe for example.
=item B<stdin>
read the password from standard input.
=back
=head1 SEE ALSO
L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
...
...
doc/apps/pkcs12.pod
浏览文件 @
a3fe382e
...
...
@@ -35,12 +35,9 @@ B<openssl> B<pkcs12>
[B<-keypbe>]
[B<-keyex>]
[B<-keysig>]
[B<-password password>]
[B<-envpass var>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passout password>]
[B<-envpassout var>]
[B<-password arg>]
[B<-passin arg>]
[B<-passout arg>]
[B<-rand file(s)>]
=head1 DESCRIPTION
...
...
@@ -69,23 +66,17 @@ by default.
The filename to write certificates and private keys to, standard output by default.
They are all written in PEM format.
=item B<-pass
password>, B<-passin password
>
=item B<-pass
arg>, B<-passin arg
>
the PKCS#12 file (i.e. input file) password. Since certain utilities like "ps" make
the command line visible this option should be used with caution.
the PKCS#12 file (i.e. input file) password source. For more information about the
format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
L<openssl(1)|openssl(1)>.
=item B<-
envpass var>, B<-envpassin password
>
=item B<-
passout arg
>
read the PKCS#12 file password from the environment variable B<var>.
=item B<-passout password>
pass phrase to encrypt any outputed private keys with. Since certain utilities like
"ps" make the command line visible this option should be used with caution.
=item B<-envpass var>, B<-envpassin password>
read the outputed private keys file password from the environment variable B<var>.
pass phrase source to encrypt any outputed private keys with. For more information
about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
L<openssl(1)|openssl(1)>.
=item B<-noout>
...
...
@@ -183,23 +174,17 @@ used multiple times to specify names for all certificates in the order they
appear. Netscape ignores friendly names on other certificates whereas MSIE
displays them.
=item B<-pass
password>, B<-passout password
>
=item B<-pass
arg>, B<-passout arg
>
the PKCS#12 file (i.e. output file) password. Since certain utilities like "ps"
make the command line visible this option should be used with caution.
=item B<-envpass var>, B<-envpassout var>
read the PKCS#12 file password from the environment variable B<var>.
the PKCS#12 file (i.e. output file) password source. For more information about
the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
L<openssl(1)|openssl(1)>.
=item B<-passin password>
pass phrase to decrypt the input private key with. Since certain utilities like
"ps" make the command line visible this option should be used with caution.
=item B<-envpassin password>
read the input private key file password from the environment variable B<var>.
pass phrase source to decrypt any input private keys with. For more information
about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
L<openssl(1)|openssl(1)>.
=item B<-chain>
...
...
doc/apps/pkcs8.pod
浏览文件 @
a3fe382e
...
...
@@ -11,11 +11,9 @@ B<openssl> B<pkcs8>
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-passout arg>]
[B<-noiter>]
[B<-nocrypt>]
[B<-nooct>]
...
...
@@ -59,14 +57,10 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin
password
>
=item B<-passin
arg
>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-out filename>
...
...
@@ -75,14 +69,10 @@ default. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
=item B<-passout arg>
read the output file password from the environment variable B<var>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-nocrypt>
...
...
doc/apps/req.pod
浏览文件 @
a3fe382e
...
...
@@ -11,11 +11,9 @@ B<openssl> B<req>
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-passout arg>]
[B<-text>]
[B<-noout>]
[B<-verify>]
...
...
@@ -63,28 +61,20 @@ This specifies the input filename to read a request from or standard input
if this option is not specified. A request is only read if the creation
options (B<-new> and B<-newkey>) are not specified.
=item B<-passin
password
>
=item B<-passin
arg
>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-out filename>
This specifies the output filename to write to or standard output by
default.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
=item B<-passout arg>
read the output file password from the environment variable B<var>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-text>
...
...
@@ -207,8 +197,8 @@ The options available are described in detail below.
The passwords for the input private key file (if present) and
the output private key file (if one will be created). The
command line options B<passin>
, B<envpassin>, B<passout> and
B<envpassout> override the
configuration file values.
command line options B<passin>
and B<passout> override the
configuration file values.
=item B<default_bits>
...
...
doc/apps/rsa.pod
浏览文件 @
a3fe382e
...
...
@@ -11,11 +11,9 @@ B<openssl> B<rsa>
[B<-inform PEM|NET|DER>]
[B<-outform PEM|NET|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-passout arg>]
[B<-des>]
[B<-des3>]
[B<-idea>]
...
...
@@ -59,14 +57,10 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin
password
>
=item B<-passin
arg
>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-out filename>
...
...
@@ -77,12 +71,8 @@ filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-des|-des3|-idea>
...
...
doc/apps/spkac.pod
浏览文件 @
a3fe382e
...
...
@@ -10,8 +10,7 @@ B<openssl> B<spkac>
[B<-in filename>]
[B<-out filename>]
[B<-key keyfile>]
[B<-passin password>]
[B<-envpassin var>]
[B<-passin arg>]
[B<-challenge string>]
[B<-pubkey>]
[B<-spkac spkacname>]
...
...
@@ -48,14 +47,8 @@ present.
=item B<-passin password>
the private key file password. Since certain utilities like "ps" make the
command line visible this option should be used with caution. Ignored if
the B<-key> argument is not used.
=item B<-envpassin var>
read the private key file password from the environment variable B<var>.
Ignored if the B<-key> argument is not used.
the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
=item B<-challenge string>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录