diff --git a/CHANGES b/CHANGES index 9617f5212f479a040ba39f0a3a85909bf7df92f1..18b5c23a33c4aad510f83e322fb6de9deaba9222 100644 --- a/CHANGES +++ b/CHANGES @@ -745,6 +745,9 @@ Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + *) Add new -passin argument to dgst. + [Steve Henson] + *) Perform some character comparisons of different types in X509_NAME_cmp: this is needed for some certificates that reencode DNs into UTF8Strings (in violation of RFC3280) and can't or wont issue name rollover diff --git a/apps/dgst.c b/apps/dgst.c index 30253149114186123e8159b811248a7d7bdc527f..c13535f3b21f59f4fc12ed8944c7b2ed9c10108d 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -100,6 +100,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; + char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif @@ -145,6 +146,12 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyfile=*(++argv); } + else if (!strcmp(*argv,"-passin")) + { + if (--argc < 1) + break; + passargin=*++argv; + } else if (strcmp(*argv,"-verify") == 0) { if (--argc < 1) break; @@ -257,6 +264,12 @@ int MAIN(int argc, char **argv) BIO_set_callback_arg(in,bio_err); } + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } + if ((in == NULL) || (bmd == NULL)) { ERR_print_errors(bio_err); @@ -298,7 +311,7 @@ int MAIN(int argc, char **argv) sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, e, "key file"); else - sigkey = load_key(bio_err, keyfile, keyform, 0, NULL, + sigkey = load_key(bio_err, keyfile, keyform, 0, passin, e, "key file"); if (!sigkey) { @@ -385,6 +398,8 @@ end: OPENSSL_free(buf); } if (in != NULL) BIO_free(in); + if (passin) + OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); if(sigbuf) OPENSSL_free(sigbuf); diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 1648742bcfe188647539f55978ac7d48bbb6d505..b0d198724c6b28770e0ea5656421939de522c1da 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -14,6 +14,7 @@ B B [B<-binary>] [B<-out filename>] [B<-sign filename>] +[B<-passin arg>] [B<-verify filename>] [B<-prverify filename>] [B<-signature filename>] @@ -59,6 +60,11 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in "filename". +=item B<-passin arg> + +the private key password source. For more information about the format of B +see the B section in L. + =item B<-verify filename> verify the signature using the the public key in "filename".