#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
+#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#undef PROG
#define PROG spkac_main
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
- char *infile = NULL,*outfile = NULL,*prog, *passin = NULL;
+ char *infile = NULL,*outfile = NULL,*prog;
+ char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
+ char *engine=NULL;
apps_startup();
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
- passin= *(++argv);
- }
- else if (strcmp(*argv,"-envpassin") == 0)
- {
- if (--argc < 1) goto bad;
- if(!(passin= getenv(*(++argv))))
- {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badops = 1;
- }
+ passargin= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
spksect= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
- BIO_printf(bio_err," -passin arg input file pass phrase\n");
- BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
ERR_print_errors(bio_err);
goto end;
}
- pkey = PEM_read_bio_PrivateKey(key, NULL, PEM_cb, passin);
+ pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
if(!pkey) {
BIO_printf(bio_err, "Error reading private key\n");
ERR_print_errors(bio_err);
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w");
- else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
- Free(spkstr);
+ OPENSSL_free(spkstr);
ret = 0;
goto end;
}
}
if (outfile) out = BIO_new_file(outfile, "w");
- else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
- BIO_free(out);
+ BIO_free_all(out);
BIO_free(key);
EVP_PKEY_free(pkey);
+ if(passin) OPENSSL_free(passin);
EXIT(ret);
}