diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-04 13:09:57 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-04 13:12:50 +0200 |
| commit | ac9f8f44da045aaca5b4bd257fc99046596adc69 (patch) | |
| tree | 5e9c82456367eef926d69fb3642920f11ab3ce58 | |
| parent | b0962b305de154fa3fce0b3c5a4b10958fd30ce7 (diff) | |
| download | gnutls-ac9f8f44da045aaca5b4bd257fc99046596adc69.tar.gz | |
Restored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now accepts the option --null-password.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | lib/gnutls_privkey.c | 5 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 2 | ||||
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 2 | ||||
| -rw-r--r-- | lib/includes/gnutls/x509.h | 19 | ||||
| -rw-r--r-- | lib/x509/pkcs12_encr.c | 20 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 17 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 10 | ||||
| -rw-r--r-- | src/certtool-args.c | 559 | ||||
| -rw-r--r-- | src/certtool-args.def | 6 | ||||
| -rw-r--r-- | src/certtool-args.h | 124 | ||||
| -rw-r--r-- | src/certtool-common.h | 1 | ||||
| -rw-r--r-- | src/certtool.c | 80 | ||||
| -rw-r--r-- | src/cli.c | 2 | ||||
| -rwxr-xr-x | tests/pkcs12-decode/pkcs12 | 8 | ||||
| -rw-r--r-- | tests/pkcs12-decode/test-null.p12 | bin | 0 -> 1649 bytes |
16 files changed, 456 insertions, 404 deletions
@@ -13,6 +13,10 @@ and --benchmark-tls-ciphers ** certtool: generated PKCS #12 structures may hold more than one private key. Patch by Lucas Fisher. +** certtool: Added option --null-password to generate/decrypt keys +that use a NULL password (in schemas that distinguish between NULL +an empty passwords). + ** libgnutls: requires libnettle 2.5. ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) @@ -42,6 +46,7 @@ by Alexandre Bique. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added GNUTLS_CAMELLIA_192_CBC: Added +GNUTLS_PKCS_NULL_PASSWORD: Added gnutls_url_is_supported: Added gnutls_pkcs11_obj_list_import_url2: Added gnutls_pkcs11_obj_set_pin_function: Added diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 816e941a7d..ae41fafa86 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -839,6 +839,7 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key, * @data: The private key data to be imported * @format: The format of the private key * @password: A password (optional) + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * * This function will import the given private key to the abstract * #gnutls_privkey_t structure. @@ -851,7 +852,7 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key, int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password) + const char* password, unsigned int flags) { gnutls_x509_privkey_t xpriv; int ret; @@ -860,7 +861,7 @@ int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, if (ret < 0) return gnutls_assert_val(ret); - ret = gnutls_x509_privkey_import2(xpriv, data, format, password); + ret = gnutls_x509_privkey_import2(xpriv, data, format, password, flags); if (ret < 0) { gnutls_assert(); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index e4bb73c32d..a443cd1e00 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -505,7 +505,7 @@ read_key_mem (gnutls_certificate_credentials_t res, if (res->pin.cb) gnutls_privkey_set_pin_function(privkey, res->pin.cb, res->pin.data); - ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, NULL); + ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, NULL, 0); if (ret < 0) { gnutls_assert (); diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 0f8255b85f..68e6fc3e37 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -220,7 +220,7 @@ int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password); + const char* password, unsigned int flags); int gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey, diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 0ec4f218ca..3c86c34168 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -674,16 +674,18 @@ extern "C" /* Flags for the gnutls_x509_privkey_export_pkcs8() function. */ +#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN +#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES +#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR +#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 + /** * gnutls_pkcs_encrypt_flags_t: * @GNUTLS_PKCS_PLAIN: Unencrypted private key. - * @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN. + * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty and a NULL password. * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES. - * @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES. * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR. - * @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR. * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40. - * @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40. * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES. * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128. * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192. @@ -694,17 +696,14 @@ extern "C" typedef enum gnutls_pkcs_encrypt_flags_t { GNUTLS_PKCS_PLAIN = 1, - GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_USE_PKCS12_3DES = 2, - GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES, GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, - GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR, GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, - GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40, GNUTLS_PKCS_USE_PBES2_3DES = 16, GNUTLS_PKCS_USE_PBES2_AES_128 = 32, GNUTLS_PKCS_USE_PBES2_AES_192 = 64, - GNUTLS_PKCS_USE_PBES2_AES_256 = 128 + GNUTLS_PKCS_USE_PBES2_AES_256 = 128, + GNUTLS_PKCS_NULL_PASSWORD = 256 } gnutls_pkcs_encrypt_flags_t; int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); @@ -728,7 +727,7 @@ extern "C" int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password); + const char* password, unsigned int flags); int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, const gnutls_datum_t * m, diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index 68b5286864..8c02b1e354 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -47,6 +47,9 @@ _pkcs12_check_pass (const char *pass, size_t plen) * 3 for MAC * 2 for IV * 1 for encryption key + * + * Note that this function produces different key for the + * NULL password, and for the password with zero length. */ int _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt, @@ -64,12 +67,13 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt, size_t cur_keylen; size_t n, m; const uint8_t buf_512[] = /* 2^64 */ - { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00 }; cur_keylen = 0; @@ -132,14 +136,12 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt, _gnutls_hash_deinit (&md, hash); for (i = 1; i < iter; i++) { - rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1); + rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, hash, 20, hash); if (rc < 0) { gnutls_assert (); goto cleanup; } - _gnutls_hash (&md, hash, 20); - _gnutls_hash_deinit (&md, hash); } for (i = 0; i < 20 && cur_keylen < req_keylen; i++) keybuf[cur_keylen++] = hash[i]; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9d32025db0..98095aa5a0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -564,6 +564,7 @@ failover: * @data: The DER or PEM encoded certificate. * @format: One of DER or PEM * @password: A password (optional) + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * * This function will import the given DER or PEM encoded key, to * the native #gnutls_x509_privkey_t format, irrespective of the @@ -582,11 +583,11 @@ int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password) + const char* password, unsigned int flags) { int ret = 0; - if (password == NULL) + if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { ret = gnutls_x509_privkey_import(key, data, format); if (ret < 0) @@ -595,12 +596,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, } } - if (password != NULL || ret < 0) + if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0) { - ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, 0); + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags); if (ret < 0) { - if (format == GNUTLS_X509_FMT_PEM) + if (format == GNUTLS_X509_FMT_PEM && password != NULL) { int err; err = gnutls_x509_privkey_import_openssl(key, data, password); @@ -611,8 +612,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, goto cleanup; } } + else + { + gnutls_assert(); + goto cleanup; + } } - } ret = 0; diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 95711ce865..d5b02437e2 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -626,7 +626,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, schema = _gnutls_pkcs_flags_to_schema (flags); - if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) + if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { _gnutls_free_datum (&tmp); @@ -640,7 +640,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, else { asn1_delete_structure (&pkey_info); /* we don't need it */ - + ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); _gnutls_free_datum (&tmp); @@ -1239,7 +1239,11 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, need_free = 1; } - if (password == NULL || (flags & GNUTLS_PKCS_PLAIN)) + /* Here we don't check for password == NULL to maintain a backwards + * compatibility behavior, with old versions that were encrypting using + * a NULL password. + */ + if (flags & GNUTLS_PKCS_PLAIN) { result = decode_private_key_info (&_data, key); if (result < 0) diff --git a/src/certtool-args.c b/src/certtool-args.c index 58e045fe07..269adc5138 100644 --- a/src/certtool-args.c +++ b/src/certtool-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.c) * - * It has been AutoGen-ed June 25, 2012 at 07:39:02 PM by AutoGen 5.16 + * It has been AutoGen-ed August 4, 2012 at 12:13:08 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -67,7 +67,7 @@ extern FILE * option_usage_fp; /* * certtool option static const strings */ -static char const certtool_opt_strs[4606] = +static char const certtool_opt_strs[4658] = /* 0 */ "certtool @VERSION@\n" "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -153,112 +153,115 @@ static char const certtool_opt_strs[4606] = /* 2257 */ "Password to use\0" /* 2273 */ "PASSWORD\0" /* 2282 */ "password\0" -/* 2291 */ "Print information on the given certificate\0" -/* 2334 */ "CERTIFICATE_INFO\0" -/* 2351 */ "certificate-info\0" -/* 2368 */ "Print certificate's public key\0" -/* 2399 */ "CERTIFICATE_PUBKEY\0" -/* 2418 */ "certificate-pubkey\0" -/* 2437 */ "Print information on the given OpenPGP certificate\0" -/* 2488 */ "PGP_CERTIFICATE_INFO\0" -/* 2509 */ "pgp-certificate-info\0" -/* 2530 */ "Print information on the given OpenPGP keyring structure\0" -/* 2587 */ "PGP_RING_INFO\0" -/* 2601 */ "pgp-ring-info\0" -/* 2615 */ "Print information on the given CRL structure\0" -/* 2660 */ "CRL_INFO\0" -/* 2669 */ "crl-info\0" -/* 2678 */ "Print information on the given certificate request\0" -/* 2729 */ "CRQ_INFO\0" -/* 2738 */ "crq-info\0" -/* 2747 */ "Do not use extensions in certificate requests\0" -/* 2793 */ "NO_CRQ_EXTENSIONS\0" -/* 2811 */ "no-crq-extensions\0" -/* 2829 */ "Print information on a PKCS #12 structure\0" -/* 2871 */ "P12_INFO\0" -/* 2880 */ "p12-info\0" -/* 2889 */ "Print information on a PKCS #7 structure\0" -/* 2930 */ "P7_INFO\0" -/* 2938 */ "p7-info\0" -/* 2946 */ "Convert S/MIME to PKCS #7 structure\0" -/* 2982 */ "SMIME_TO_P7\0" -/* 2994 */ "smime-to-p7\0" -/* 3006 */ "Print information on a private key\0" -/* 3041 */ "KEY_INFO\0" -/* 3050 */ "key-info\0" -/* 3059 */ "Print information on an OpenPGP private key\0" -/* 3103 */ "PGP_KEY_INFO\0" -/* 3116 */ "pgp-key-info\0" -/* 3129 */ "Print information on a public key\0" -/* 3163 */ "PUBKEY_INFO\0" -/* 3175 */ "pubkey-info\0" -/* 3187 */ "Generate an X.509 version 1 certificate (with no extensions)\0" -/* 3248 */ "V1\0" -/* 3251 */ "v1\0" -/* 3254 */ "Generate a PKCS #12 structure\0" -/* 3284 */ "TO_P12\0" -/* 3291 */ "to-p12\0" -/* 3298 */ "Generate a PKCS #8 structure\0" -/* 3327 */ "TO_P8\0" -/* 3333 */ "to-p8\0" -/* 3339 */ "Use PKCS #8 format for private keys\0" -/* 3375 */ "PKCS8\0" -/* 3381 */ "pkcs8\0" -/* 3387 */ "Generate RSA key\0" -/* 3404 */ "RSA\0" -/* 3408 */ "rsa\0" -/* 3412 */ "Generate DSA key\0" -/* 3429 */ "DSA\0" -/* 3433 */ "dsa\0" -/* 3437 */ "Generate ECC (ECDSA) key\0" -/* 3462 */ "ECC\0" -/* 3466 */ "ecc\0" -/* 3470 */ "Hash algorithm to use for signing.\0" -/* 3505 */ "HASH\0" -/* 3510 */ "hash\0" -/* 3515 */ "Use DER format for input certificates and private keys.\0" -/* 3571 */ "INDER\0" -/* 3577 */ "no-inder\0" -/* 3586 */ "no\0" -/* 3589 */ "This is an alias for 'inder'\0" -/* 3618 */ "inraw\0" -/* 3624 */ "Use DER format for output certificates and private keys\0" -/* 3680 */ "OUTDER\0" -/* 3687 */ "no-outder\0" -/* 3697 */ "This is an alias for 'outder'\0" -/* 3727 */ "outraw\0" -/* 3734 */ "Specify the number of bits for key generate\0" -/* 3778 */ "BITS\0" -/* 3783 */ "bits\0" -/* 3788 */ "Specify the security level [low, legacy, normal, high, ultra].\0" -/* 3851 */ "SEC_PARAM\0" -/* 3861 */ "sec-param\0" -/* 3871 */ "No effect\0" -/* 3881 */ "DISABLE_QUICK_RANDOM\0" -/* 3902 */ "disable-quick-random\0" -/* 3923 */ "Template file to use for non-interactive operation\0" -/* 3974 */ "TEMPLATE\0" -/* 3983 */ "template\0" -/* 3992 */ "Cipher to use for PKCS #8 and #12 operations\0" -/* 4037 */ "PKCS_CIPHER\0" -/* 4049 */ "pkcs-cipher\0" -/* 4061 */ "Display extended usage information and exit\0" -/* 4105 */ "help\0" -/* 4110 */ "Extended usage information passed thru pager\0" -/* 4155 */ "more-help\0" -/* 4165 */ "Output version information and exit\0" -/* 4201 */ "version\0" -/* 4209 */ "CERTTOOL\0" -/* 4218 */ "certtool - GnuTLS PKCS #11 tool - Ver. @VERSION@\n" +/* 2291 */ "Enforce a NULL password\0" +/* 2315 */ "NULL_PASSWORD\0" +/* 2329 */ "null-password\0" +/* 2343 */ "Print information on the given certificate\0" +/* 2386 */ "CERTIFICATE_INFO\0" +/* 2403 */ "certificate-info\0" +/* 2420 */ "Print certificate's public key\0" +/* 2451 */ "CERTIFICATE_PUBKEY\0" +/* 2470 */ "certificate-pubkey\0" +/* 2489 */ "Print information on the given OpenPGP certificate\0" +/* 2540 */ "PGP_CERTIFICATE_INFO\0" +/* 2561 */ "pgp-certificate-info\0" +/* 2582 */ "Print information on the given OpenPGP keyring structure\0" +/* 2639 */ "PGP_RING_INFO\0" +/* 2653 */ "pgp-ring-info\0" +/* 2667 */ "Print information on the given CRL structure\0" +/* 2712 */ "CRL_INFO\0" +/* 2721 */ "crl-info\0" +/* 2730 */ "Print information on the given certificate request\0" +/* 2781 */ "CRQ_INFO\0" +/* 2790 */ "crq-info\0" +/* 2799 */ "Do not use extensions in certificate requests\0" +/* 2845 */ "NO_CRQ_EXTENSIONS\0" +/* 2863 */ "no-crq-extensions\0" +/* 2881 */ "Print information on a PKCS #12 structure\0" +/* 2923 */ "P12_INFO\0" +/* 2932 */ "p12-info\0" +/* 2941 */ "Print information on a PKCS #7 structure\0" +/* 2982 */ "P7_INFO\0" +/* 2990 */ "p7-info\0" +/* 2998 */ "Convert S/MIME to PKCS #7 structure\0" +/* 3034 */ "SMIME_TO_P7\0" +/* 3046 */ "smime-to-p7\0" +/* 3058 */ "Print information on a private key\0" +/* 3093 */ "KEY_INFO\0" +/* 3102 */ "key-info\0" +/* 3111 */ "Print information on an OpenPGP private key\0" +/* 3155 */ "PGP_KEY_INFO\0" +/* 3168 */ "pgp-key-info\0" +/* 3181 */ "Print information on a public key\0" +/* 3215 */ "PUBKEY_INFO\0" +/* 3227 */ "pubkey-info\0" +/* 3239 */ "Generate an X.509 version 1 certificate (with no extensions)\0" +/* 3300 */ "V1\0" +/* 3303 */ "v1\0" +/* 3306 */ "Generate a PKCS #12 structure\0" +/* 3336 */ "TO_P12\0" +/* 3343 */ "to-p12\0" +/* 3350 */ "Generate a PKCS #8 structure\0" +/* 3379 */ "TO_P8\0" +/* 3385 */ "to-p8\0" +/* 3391 */ "Use PKCS #8 format for private keys\0" +/* 3427 */ "PKCS8\0" +/* 3433 */ "pkcs8\0" +/* 3439 */ "Generate RSA key\0" +/* 3456 */ "RSA\0" +/* 3460 */ "rsa\0" +/* 3464 */ "Generate DSA key\0" +/* 3481 */ "DSA\0" +/* 3485 */ "dsa\0" +/* 3489 */ "Generate ECC (ECDSA) key\0" +/* 3514 */ "ECC\0" +/* 3518 */ "ecc\0" +/* 3522 */ "Hash algorithm to use for signing.\0" +/* 3557 */ "HASH\0" +/* 3562 */ "hash\0" +/* 3567 */ "Use DER format for input certificates and private keys.\0" +/* 3623 */ "INDER\0" +/* 3629 */ "no-inder\0" +/* 3638 */ "no\0" +/* 3641 */ "This is an alias for 'inder'\0" +/* 3670 */ "inraw\0" +/* 3676 */ "Use DER format for output certificates and private keys\0" +/* 3732 */ "OUTDER\0" +/* 3739 */ "no-outder\0" +/* 3749 */ "This is an alias for 'outder'\0" +/* 3779 */ "outraw\0" +/* 3786 */ "Specify the number of bits for key generate\0" +/* 3830 */ "BITS\0" +/* 3835 */ "bits\0" +/* 3840 */ "Specify the security level [low, legacy, normal, high, ultra].\0" +/* 3903 */ "SEC_PARAM\0" +/* 3913 */ "sec-param\0" +/* 3923 */ "No effect\0" +/* 3933 */ "DISABLE_QUICK_RANDOM\0" +/* 3954 */ "disable-quick-random\0" +/* 3975 */ "Template file to use for non-interactive operation\0" +/* 4026 */ "TEMPLATE\0" +/* 4035 */ "template\0" +/* 4044 */ "Cipher to use for PKCS #8 and #12 operations\0" +/* 4089 */ "PKCS_CIPHER\0" +/* 4101 */ "pkcs-cipher\0" +/* 4113 */ "Display extended usage information and exit\0" +/* 4157 */ "help\0" +/* 4162 */ "Extended usage information passed thru pager\0" +/* 4207 */ "more-help\0" +/* 4217 */ "Output version information and exit\0" +/* 4253 */ "version\0" +/* 4261 */ "CERTTOOL\0" +/* 4270 */ "certtool - GnuTLS PKCS #11 tool - Ver. @VERSION@\n" "USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" -/* 4325 */ "bug-gnutls@gnu.org\0" -/* 4344 */ "\n\n\0" -/* 4347 */ "\n" +/* 4377 */ "bug-gnutls@gnu.org\0" +/* 4396 */ "\n\n\0" +/* 4399 */ "\n" "Tool to parse and generate X.509 certificates, requests and private keys.\n" "It can be used interactively or non interactively by specifying the\n" "template command line option.\n\0" -/* 4521 */ "certtool @VERSION@\0" -/* 4540 */ "certtool [options] [url]\n" +/* 4573 */ "certtool @VERSION@\0" +/* 4592 */ "certtool [options] [url]\n" "certtool --help for usage instructions.\n"; /* @@ -462,124 +465,132 @@ static int const aVerify_CrlMustList[] = { | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* + * null-password option description: + */ +#define NULL_PASSWORD_DESC (certtool_opt_strs+2291) +#define NULL_PASSWORD_NAME (certtool_opt_strs+2315) +#define NULL_PASSWORD_name (certtool_opt_strs+2329) +#define NULL_PASSWORD_FLAGS (OPTST_DISABLED) + +/* * certificate-info option description: */ -#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2291) -#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2334) -#define CERTIFICATE_INFO_name (certtool_opt_strs+2351) +#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2343) +#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2386) +#define CERTIFICATE_INFO_name (certtool_opt_strs+2403) #define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * certificate-pubkey option description: */ -#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2368) -#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2399) -#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2418) +#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2420) +#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2451) +#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2470) #define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED) /* * pgp-certificate-info option description: */ -#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2437) -#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2488) -#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2509) +#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2489) +#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2540) +#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2561) #define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * pgp-ring-info option description: */ -#define PGP_RING_INFO_DESC (certtool_opt_strs+2530) -#define PGP_RING_INFO_NAME (certtool_opt_strs+2587) -#define PGP_RING_INFO_name (certtool_opt_strs+2601) +#define PGP_RING_INFO_DESC (certtool_opt_strs+2582) +#define PGP_RING_INFO_NAME (certtool_opt_strs+2639) +#define PGP_RING_INFO_name (certtool_opt_strs+2653) #define PGP_RING_INFO_FLAGS (OPTST_DISABLED) /* * crl-info option description: */ -#define CRL_INFO_DESC (certtool_opt_strs+2615) -#define CRL_INFO_NAME (certtool_opt_strs+2660) -#define CRL_INFO_name (certtool_opt_strs+2669) +#define CRL_INFO_DESC (certtool_opt_strs+2667) +#define CRL_INFO_NAME (certtool_opt_strs+2712) +#define CRL_INFO_name (certtool_opt_strs+2721) #define CRL_INFO_FLAGS (OPTST_DISABLED) /* * crq-info option description: */ -#define CRQ_INFO_DESC (certtool_opt_strs+2678) -#define CRQ_INFO_NAME (certtool_opt_strs+2729) -#define CRQ_INFO_name (certtool_opt_strs+2738) +#define CRQ_INFO_DESC (certtool_opt_strs+2730) +#define CRQ_INFO_NAME (certtool_opt_strs+2781) +#define CRQ_INFO_name (certtool_opt_strs+2790) #define CRQ_INFO_FLAGS (OPTST_DISABLED) /* * no-crq-extensions option description: */ -#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2747) -#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2793) -#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2811) +#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2799) +#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2845) +#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2863) #define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED) /* * p12-info option description: */ -#define P12_INFO_DESC (certtool_opt_strs+2829) -#define P12_INFO_NAME (certtool_opt_strs+2871) -#define P12_INFO_name (certtool_opt_strs+2880) +#define P12_INFO_DESC (certtool_opt_strs+2881) +#define P12_INFO_NAME (certtool_opt_strs+2923) +#define P12_INFO_name (certtool_opt_strs+2932) #define P12_INFO_FLAGS (OPTST_DISABLED) /* * p7-info option description: */ -#define P7_INFO_DESC (certtool_opt_strs+2889) -#define P7_INFO_NAME (certtool_opt_strs+2930) -#define P7_INFO_name (certtool_opt_strs+2938) +#define P7_INFO_DESC (certtool_opt_strs+2941) +#define P7_INFO_NAME (certtool_opt_strs+2982) +#define P7_INFO_name (certtool_opt_strs+2990) #define P7_INFO_FLAGS (OPTST_DISABLED) /* * smime-to-p7 option description: */ -#define SMIME_TO_P7_DESC (certtool_opt_strs+2946) -#define SMIME_TO_P7_NAME (certtool_opt_strs+2982) -#define SMIME_TO_P7_name (certtool_opt_strs+2994) +#define SMIME_TO_P7_DESC (certtool_opt_strs+2998) +#define SMIME_TO_P7_NAME (certtool_opt_strs+3034) +#define SMIME_TO_P7_name (certtool_opt_strs+3046) #define SMIME_TO_P7_FLAGS (OPTST_DISABLED) /* * key-info option description: */ -#define KEY_INFO_DESC (certtool_opt_strs+3006) -#define KEY_INFO_NAME (certtool_opt_strs+3041) -#define KEY_INFO_name (certtool_opt_strs+3050) +#define KEY_INFO_DESC (certtool_opt_strs+3058) +#define KEY_INFO_NAME (certtool_opt_strs+3093) +#define KEY_INFO_name (certtool_opt_strs+3102) #define KEY_INFO_FLAGS (OPTST_DISABLED) /* * pgp-key-info option description: */ -#define PGP_KEY_INFO_DESC (certtool_opt_strs+3059) -#define PGP_KEY_INFO_NAME (certtool_opt_strs+3103) -#define PGP_KEY_INFO_name (certtool_opt_strs+3116) +#define PGP_KEY_INFO_DESC (certtool_opt_strs+3111) +#define PGP_KEY_INFO_NAME (certtool_opt_strs+3155) +#define PGP_KEY_INFO_name (certtool_opt_strs+3168) #define PGP_KEY_INFO_FLAGS (OPTST_DISABLED) /* * pubkey-info option description: */ -#define PUBKEY_INFO_DESC (certtool_opt_strs+3129) -#define PUBKEY_INFO_NAME (certtool_opt_strs+3163) -#define PUBKEY_INFO_name (certtool_opt_strs+3175) +#define PUBKEY_INFO_DESC (certtool_opt_strs+3181) +#define PUBKEY_INFO_NAME (certtool_opt_strs+3215) +#define PUBKEY_INFO_name (certtool_opt_strs+3227) #define PUBKEY_INFO_FLAGS (OPTST_DISABLED) /* * v1 option description: */ -#define V1_DESC (certtool_opt_strs+3187) -#define V1_NAME (certtool_opt_strs+3248) -#define V1_name (certtool_opt_strs+3251) +#define V1_DESC (certtool_opt_strs+3239) +#define V1_NAME (certtool_opt_strs+3300) +#define V1_name (certtool_opt_strs+3303) #define V1_FLAGS (OPTST_DISABLED) /* * to-p12 option description with * "Must also have options" and "Incompatible options": */ -#define TO_P12_DESC (certtool_opt_strs+3254) -#define TO_P12_NAME (certtool_opt_strs+3284) -#define TO_P12_name (certtool_opt_strs+3291) +#define TO_P12_DESC (certtool_opt_strs+3306) +#define TO_P12_NAME (certtool_opt_strs+3336) +#define TO_P12_name (certtool_opt_strs+3343) static int const aTo_P12MustList[] = { INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT }; #define TO_P12_FLAGS (OPTST_DISABLED) @@ -587,140 +598,140 @@ static int const aTo_P12MustList[] = { /* * to-p8 option description: */ -#define TO_P8_DESC (certtool_opt_strs+3298) -#define TO_P8_NAME (certtool_opt_strs+3327) -#define TO_P8_name (certtool_opt_strs+3333) +#define TO_P8_DESC (certtool_opt_strs+3350) +#define TO_P8_NAME (certtool_opt_strs+3379) +#define TO_P8_name (certtool_opt_strs+3385) #define TO_P8_FLAGS (OPTST_DISABLED) /* * pkcs8 option description: */ -#define PKCS8_DESC (certtool_opt_strs+3339) -#define PKCS8_NAME (certtool_opt_strs+3375) -#define PKCS8_name (certtool_opt_strs+3381) +#define PKCS8_DESC (certtool_opt_strs+3391) +#define PKCS8_NAME (certtool_opt_strs+3427) +#define PKCS8_name (certtool_opt_strs+3433) #define PKCS8_FLAGS (OPTST_DISABLED) /* * rsa option description: */ -#define RSA_DESC (certtool_opt_strs+3387) -#define RSA_NAME (certtool_opt_strs+3404) -#define RSA_name (certtool_opt_strs+3408) +#define RSA_DESC (certtool_opt_strs+3439) +#define RSA_NAME (certtool_opt_strs+3456) +#define RSA_name (certtool_opt_strs+3460) #define RSA_FLAGS (OPTST_DISABLED) /* * dsa option description: */ -#define DSA_DESC (certtool_opt_strs+3412) -#define DSA_NAME (certtool_opt_strs+3429) -#define DSA_name (certtool_opt_strs+3433) +#define DSA_DESC (certtool_opt_strs+3464) +#define DSA_NAME (certtool_opt_strs+3481) +#define DSA_name (certtool_opt_strs+3485) #define DSA_FLAGS (OPTST_DISABLED) /* * ecc option description: */ -#define ECC_DESC (certtool_opt_strs+3437) -#define ECC_NAME (certtool_opt_strs+3462) -#define ECC_name (certtool_opt_strs+3466) +#define ECC_DESC (certtool_opt_strs+3489) +#define ECC_NAME (certtool_opt_strs+3514) +#define ECC_name (certtool_opt_strs+3518) #define ECC_FLAGS (OPTST_DISABLED) /* * hash option description: */ -#define HASH_DESC (certtool_opt_strs+3470) -#define HASH_NAME (certtool_opt_strs+3505) -#define HASH_name (certtool_opt_strs+3510) +#define HASH_DESC (certtool_opt_strs+3522) +#define HASH_NAME (certtool_opt_strs+3557) +#define HASH_name (certtool_opt_strs+3562) #define HASH_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * inder option description: */ -#define INDER_DESC (certtool_opt_strs+3515) -#define INDER_NAME (certtool_opt_strs+3571) -#define NOT_INDER_name (certtool_opt_strs+3577) -#define NOT_INDER_PFX (certtool_opt_strs+3586) +#define INDER_DESC (certtool_opt_strs+3567) +#define INDER_NAME (certtool_opt_strs+3623) +#define NOT_INDER_name (certtool_opt_strs+3629) +#define NOT_INDER_PFX (certtool_opt_strs+3638) #define INDER_name (NOT_INDER_name + 3) #define INDER_FLAGS (OPTST_DISABLED) /* * inraw option description: */ -#define INRAW_DESC (certtool_opt_strs+3589) +#define INRAW_DESC (certtool_opt_strs+3641) #define INRAW_NAME NULL -#define INRAW_name (certtool_opt_strs+3618) +#define INRAW_name (certtool_opt_strs+3670) #define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS) /* * outder option description: */ -#define OUTDER_DESC (certtool_opt_strs+3624) -#define OUTDER_NAME (certtool_opt_strs+3680) -#define NOT_OUTDER_name (certtool_opt_strs+3687) -#define NOT_OUTDER_PFX (certtool_opt_strs+3586) +#define OUTDER_DESC (certtool_opt_strs+3676) +#define OUTDER_NAME (certtool_opt_strs+3732) +#define NOT_OUTDER_name (certtool_opt_strs+3739) +#define NOT_OUTDER_PFX (certtool_opt_strs+3638) #define OUTDER_name (NOT_OUTDER_name + 3) #define OUTDER_FLAGS (OPTST_DISABLED) /* * outraw option description: */ -#define OUTRAW_DESC (certtool_opt_strs+3697) +#define OUTRAW_DESC (certtool_opt_strs+3749) #define OUTRAW_NAME NULL -#define OUTRAW_name (certtool_opt_strs+3727) +#define OUTRAW_name (certtool_opt_strs+3779) #define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS) /* * bits option description: */ -#define BITS_DESC (certtool_opt_strs+3734) -#define BITS_NAME (certtool_opt_strs+3778) -#define BITS_name (certtool_opt_strs+3783) +#define BITS_DESC (certtool_opt_strs+3786) +#define BITS_NAME (certtool_opt_strs+3830) +#define BITS_name (certtool_opt_strs+3835) #define BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * sec-param option description: */ -#define SEC_PARAM_DESC (certtool_opt_strs+3788) -#define SEC_PARAM_NAME (certtool_opt_strs+3851) -#define SEC_PARAM_name (certtool_opt_strs+3861) +#define SEC_PARAM_DESC (certtool_opt_strs+3840) +#define SEC_PARAM_NAME (certtool_opt_strs+3903) +#define SEC_PARAM_name (certtool_opt_strs+3913) #define SEC_PARAM_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * disable-quick-random option description: */ -#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3871) -#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3881) -#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3902) +#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3923) +#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3933) +#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3954) #define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED) /* * template option description: */ -#define TEMPLATE_DESC (certtool_opt_strs+3923) -#define TEMPLATE_NAME (certtool_opt_strs+3974) -#define TEMPLATE_name (certtool_opt_strs+3983) +#define TEMPLATE_DESC (certtool_opt_strs+3975) +#define TEMPLATE_NAME (certtool_opt_strs+4026) +#define TEMPLATE_name (certtool_opt_strs+4035) #define TEMPLATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pkcs-cipher option description: */ -#define PKCS_CIPHER_DESC (certtool_opt_strs+3992) -#define PKCS_CIPHER_NAME (certtool_opt_strs+4037) -#define PKCS_CIPHER_name (certtool_opt_strs+4049) +#define PKCS_CIPHER_DESC (certtool_opt_strs+4044) +#define PKCS_CIPHER_NAME (certtool_opt_strs+4089) +#define PKCS_CIPHER_name (certtool_opt_strs+4101) #define PKCS_CIPHER_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (certtool_opt_strs+4061) -#define HELP_name (certtool_opt_strs+4105) +#define HELP_DESC (certtool_opt_strs+4113) +#define HELP_name (certtool_opt_strs+4157) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (certtool_opt_strs+4110) -#define MORE_HELP_name (certtool_opt_strs+4155) +#define MORE_HELP_DESC (certtool_opt_strs+4162) +#define MORE_HELP_name (certtool_opt_strs+4207) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC NULL @@ -733,8 +744,8 @@ static int const aTo_P12MustList[] = { # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (certtool_opt_strs+4165) -#define VER_name (certtool_opt_strs+4201) +#define VER_DESC (certtool_opt_strs+4217) +#define VER_name (certtool_opt_strs+4253) /* * Declare option callback procedures */ @@ -1032,8 +1043,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 23, VALUE_OPT_CERTIFICATE_INFO, - /* equiv idx, value */ 23, VALUE_OPT_CERTIFICATE_INFO, + { /* entry idx, value */ 23, VALUE_OPT_NULL_PASSWORD, + /* equiv idx, value */ 23, VALUE_OPT_NULL_PASSWORD, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ NULL_PASSWORD_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --null-password */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME, NULL_PASSWORD_name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO, + /* equiv idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CERTIFICATE_INFO_FLAGS, 0, @@ -1044,8 +1067,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CERTIFICATE_INFO_DESC, CERTIFICATE_INFO_NAME, CERTIFICATE_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 24, VALUE_OPT_CERTIFICATE_PUBKEY, - /* equiv idx, value */ 24, VALUE_OPT_CERTIFICATE_PUBKEY, + { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY, + /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CERTIFICATE_PUBKEY_FLAGS, 0, @@ -1056,8 +1079,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CERTIFICATE_PUBKEY_DESC, CERTIFICATE_PUBKEY_NAME, CERTIFICATE_PUBKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 25, VALUE_OPT_PGP_CERTIFICATE_INFO, - /* equiv idx, value */ 25, VALUE_OPT_PGP_CERTIFICATE_INFO, + { /* entry idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO, + /* equiv idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_CERTIFICATE_INFO_FLAGS, 0, @@ -1068,8 +1091,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_CERTIFICATE_INFO_DESC, PGP_CERTIFICATE_INFO_NAME, PGP_CERTIFICATE_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 26, VALUE_OPT_PGP_RING_INFO, - /* equiv idx, value */ 26, VALUE_OPT_PGP_RING_INFO, + { /* entry idx, value */ 27, VALUE_OPT_PGP_RING_INFO, + /* equiv idx, value */ 27, VALUE_OPT_PGP_RING_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_RING_INFO_FLAGS, 0, @@ -1080,8 +1103,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_RING_INFO_DESC, PGP_RING_INFO_NAME, PGP_RING_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 27, VALUE_OPT_CRL_INFO, - /* equiv idx, value */ 27, VALUE_OPT_CRL_INFO, + { /* entry idx, value */ 28, VALUE_OPT_CRL_INFO, + /* equiv idx, value */ 28, VALUE_OPT_CRL_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRL_INFO_FLAGS, 0, @@ -1092,8 +1115,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 28, VALUE_OPT_CRQ_INFO, - /* equiv idx, value */ 28, VALUE_OPT_CRQ_INFO, + { /* entry idx, value */ 29, VALUE_OPT_CRQ_INFO, + /* equiv idx, value */ 29, VALUE_OPT_CRQ_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRQ_INFO_FLAGS, 0, @@ -1104,8 +1127,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRQ_INFO_DESC, CRQ_INFO_NAME, CRQ_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 29, VALUE_OPT_NO_CRQ_EXTENSIONS, - /* equiv idx, value */ 29, VALUE_OPT_NO_CRQ_EXTENSIONS, + { /* entry idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS, + /* equiv idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NO_CRQ_EXTENSIONS_FLAGS, 0, @@ -1116,8 +1139,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NO_CRQ_EXTENSIONS_DESC, NO_CRQ_EXTENSIONS_NAME, NO_CRQ_EXTENSIONS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 30, VALUE_OPT_P12_INFO, - /* equiv idx, value */ 30, VALUE_OPT_P12_INFO, + { /* entry idx, value */ 31, VALUE_OPT_P12_INFO, + /* equiv idx, value */ 31, VALUE_OPT_P12_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P12_INFO_FLAGS, 0, @@ -1128,8 +1151,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P12_INFO_DESC, P12_INFO_NAME, P12_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 31, VALUE_OPT_P7_INFO, - /* equiv idx, value */ 31, VALUE_OPT_P7_INFO, + { /* entry idx, value */ 32, VALUE_OPT_P7_INFO, + /* equiv idx, value */ 32, VALUE_OPT_P7_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_INFO_FLAGS, 0, @@ -1140,8 +1163,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 32, VALUE_OPT_SMIME_TO_P7, - /* equiv idx, value */ 32, VALUE_OPT_SMIME_TO_P7, + { /* entry idx, value */ 33, VALUE_OPT_SMIME_TO_P7, + /* equiv idx, value */ 33, VALUE_OPT_SMIME_TO_P7, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SMIME_TO_P7_FLAGS, 0, @@ -1152,8 +1175,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SMIME_TO_P7_DESC, SMIME_TO_P7_NAME, SMIME_TO_P7_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 33, VALUE_OPT_KEY_INFO, - /* equiv idx, value */ 33, VALUE_OPT_KEY_INFO, + { /* entry idx, value */ 34, VALUE_OPT_KEY_INFO, + /* equiv idx, value */ 34, VALUE_OPT_KEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ KEY_INFO_FLAGS, 0, @@ -1164,8 +1187,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ KEY_INFO_DESC, KEY_INFO_NAME, KEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 34, VALUE_OPT_PGP_KEY_INFO, - /* equiv idx, value */ 34, VALUE_OPT_PGP_KEY_INFO, + { /* entry idx, value */ 35, VALUE_OPT_PGP_KEY_INFO, + /* equiv idx, value */ 35, VALUE_OPT_PGP_KEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGP_KEY_INFO_FLAGS, 0, @@ -1176,8 +1199,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGP_KEY_INFO_DESC, PGP_KEY_INFO_NAME, PGP_KEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 35, VALUE_OPT_PUBKEY_INFO, - /* equiv idx, value */ 35, VALUE_OPT_PUBKEY_INFO, + { /* entry idx, value */ 36, VALUE_OPT_PUBKEY_INFO, + /* equiv idx, value */ 36, VALUE_OPT_PUBKEY_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PUBKEY_INFO_FLAGS, 0, @@ -1188,8 +1211,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PUBKEY_INFO_DESC, PUBKEY_INFO_NAME, PUBKEY_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 36, VALUE_OPT_V1, - /* equiv idx, value */ 36, VALUE_OPT_V1, + { /* entry idx, value */ 37, VALUE_OPT_V1, + /* equiv idx, value */ 37, VALUE_OPT_V1, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ V1_FLAGS, 0, @@ -1200,8 +1223,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ V1_DESC, V1_NAME, V1_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 37, VALUE_OPT_TO_P12, - /* equiv idx, value */ 37, VALUE_OPT_TO_P12, + { /* entry idx, value */ 38, VALUE_OPT_TO_P12, + /* equiv idx, value */ 38, VALUE_OPT_TO_P12, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TO_P12_FLAGS, 0, @@ -1212,8 +1235,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TO_P12_DESC, TO_P12_NAME, TO_P12_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 38, VALUE_OPT_TO_P8, - /* equiv idx, value */ 38, VALUE_OPT_TO_P8, + { /* entry idx, value */ 39, VALUE_OPT_TO_P8, + /* equiv idx, value */ 39, VALUE_OPT_TO_P8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TO_P8_FLAGS, 0, @@ -1224,8 +1247,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 39, VALUE_OPT_PKCS8, - /* equiv idx, value */ 39, VALUE_OPT_PKCS8, + { /* entry idx, value */ 40, VALUE_OPT_PKCS8, + /* equiv idx, value */ 40, VALUE_OPT_PKCS8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS8_FLAGS, 0, @@ -1236,8 +1259,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 40, VALUE_OPT_RSA, - /* equiv idx, value */ 40, VALUE_OPT_RSA, + { /* entry idx, value */ 41, VALUE_OPT_RSA, + /* equiv idx, value */ 41, VALUE_OPT_RSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RSA_FLAGS, 0, @@ -1248,8 +1271,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 41, VALUE_OPT_DSA, - /* equiv idx, value */ 41, VALUE_OPT_DSA, + { /* entry idx, value */ 42, VALUE_OPT_DSA, + /* equiv idx, value */ 42, VALUE_OPT_DSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DSA_FLAGS, 0, @@ -1260,8 +1283,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 42, VALUE_OPT_ECC, - /* equiv idx, value */ 42, VALUE_OPT_ECC, + { /* entry idx, value */ 43, VALUE_OPT_ECC, + /* equiv idx, value */ 43, VALUE_OPT_ECC, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ ECC_FLAGS, 0, @@ -1272,8 +1295,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 43, VALUE_OPT_HASH, - /* equiv idx, value */ 43, VALUE_OPT_HASH, + { /* entry idx, value */ 44, VALUE_OPT_HASH, + /* equiv idx, value */ 44, VALUE_OPT_HASH, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HASH_FLAGS, 0, @@ -1284,8 +1307,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 44, VALUE_OPT_INDER, - /* equiv idx, value */ 44, VALUE_OPT_INDER, + { /* entry idx, value */ 45, VALUE_OPT_INDER, + /* equiv idx, value */ 45, VALUE_OPT_INDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INDER_FLAGS, 0, @@ -1296,8 +1319,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name, /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX }, - { /* entry idx, value */ 45, VALUE_OPT_INRAW, - /* equiv idx, value */ 45, VALUE_OPT_INRAW, + { /* entry idx, value */ 46, VALUE_OPT_INRAW, + /* equiv idx, value */ 46, VALUE_OPT_INRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INRAW_FLAGS, 0, @@ -1308,8 +1331,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 46, VALUE_OPT_OUTDER, - /* equiv idx, value */ 46, VALUE_OPT_OUTDER, + { /* entry idx, value */ 47, VALUE_OPT_OUTDER, + /* equiv idx, value */ 47, VALUE_OPT_OUTDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTDER_FLAGS, 0, @@ -1320,8 +1343,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name, /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX }, - { /* entry idx, value */ 47, VALUE_OPT_OUTRAW, - /* equiv idx, value */ 47, VALUE_OPT_OUTRAW, + { /* entry idx, value */ 48, VALUE_OPT_OUTRAW, + /* equiv idx, value */ 48, VALUE_OPT_OUTRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTRAW_FLAGS, 0, @@ -1332,8 +1355,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 48, VALUE_OPT_BITS, - /* equiv idx, value */ 48, VALUE_OPT_BITS, + { /* entry idx, value */ 49, VALUE_OPT_BITS, + /* equiv idx, value */ 49, VALUE_OPT_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BITS_FLAGS, 0, @@ -1344,8 +1367,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 49, VALUE_OPT_SEC_PARAM, - /* equiv idx, value */ 49, VALUE_OPT_SEC_PARAM, + { /* entry idx, value */ 50, VALUE_OPT_SEC_PARAM, + /* equiv idx, value */ 50, VALUE_OPT_SEC_PARAM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SEC_PARAM_FLAGS, 0, @@ -1356,8 +1379,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 50, VALUE_OPT_DISABLE_QUICK_RANDOM, - /* equiv idx, value */ 50, VALUE_OPT_DISABLE_QUICK_RANDOM, + { /* entry idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM, + /* equiv idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0, @@ -1368,8 +1391,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC, DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 51, VALUE_OPT_TEMPLATE, - /* equiv idx, value */ 51, VALUE_OPT_TEMPLATE, + { /* entry idx, value */ 52, VALUE_OPT_TEMPLATE, + /* equiv idx, value */ 52, VALUE_OPT_TEMPLATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TEMPLATE_FLAGS, 0, @@ -1380,8 +1403,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 52, VALUE_OPT_PKCS_CIPHER, - /* equiv idx, value */ 52, VALUE_OPT_PKCS_CIPHER, + { /* entry idx, value */ 53, VALUE_OPT_PKCS_CIPHER, + /* equiv idx, value */ 53, VALUE_OPT_PKCS_CIPHER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS_CIPHER_FLAGS, 0, @@ -1436,14 +1459,14 @@ static tOptDesc optDesc[OPTION_CT] = { * * Define the certtool Option Environment */ -#define zPROGNAME (certtool_opt_strs+4209) -#define zUsageTitle (certtool_opt_strs+4218) +#define zPROGNAME (certtool_opt_strs+4261) +#define zUsageTitle (certtool_opt_strs+4270) #define zRcName NULL #define apzHomeList NULL -#define zBugsAddr (certtool_opt_strs+4325) -#define zExplain (certtool_opt_strs+4344) -#define zDetail (certtool_opt_strs+4347) -#define zFullVersion (certtool_opt_strs+4521) +#define zBugsAddr (certtool_opt_strs+4377) +#define zExplain (certtool_opt_strs+4396) +#define zDetail (certtool_opt_strs+4399) +#define zFullVersion (certtool_opt_strs+4573) /* extracted from optcode.tlib near line 350 */ #if defined(ENABLE_NLS) @@ -1457,7 +1480,7 @@ static tOptDesc optDesc[OPTION_CT] = { #define certtool_full_usage (NULL) -#define certtool_short_usage (certtool_opt_strs+4540) +#define certtool_short_usage (certtool_opt_strs+4592) #endif /* not defined __doxygen__ */ @@ -1674,7 +1697,7 @@ tOptions certtoolOptions = { NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 56 /* full option count */, 53 /* user option count */, + 57 /* full option count */, 54 /* user option count */, certtool_full_usage, certtool_short_usage, NULL, NULL, PKGDATADIR, certtool_packager_info diff --git a/src/certtool-args.def b/src/certtool-args.def index 57cac19a98..f802dcc255 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -150,6 +150,12 @@ flag = { }; flag = { + name = null-password; + descrip = "Enforce a NULL password"; + doc = "This option enforces a NULL password. This may be different than the empty password in some schemas."; +}; + +flag = { name = certificate-info; value = i; descrip = "Print information on the given certificate"; diff --git a/src/certtool-args.h b/src/certtool-args.h index 2e8d3d653a..b7d9f6ede7 100644 --- a/src/certtool-args.h +++ b/src/certtool-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.h) * - * It has been AutoGen-ed June 25, 2012 at 07:39:01 PM by AutoGen 5.16 + * It has been AutoGen-ed August 4, 2012 at 12:13:08 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -90,42 +90,43 @@ typedef enum { INDEX_OPT_LOAD_CA_PRIVKEY = 20, INDEX_OPT_LOAD_CA_CERTIFICATE = 21, INDEX_OPT_PASSWORD = 22, - INDEX_OPT_CERTIFICATE_INFO = 23, - INDEX_OPT_CERTIFICATE_PUBKEY = 24, - INDEX_OPT_PGP_CERTIFICATE_INFO = 25, - INDEX_OPT_PGP_RING_INFO = 26, - INDEX_OPT_CRL_INFO = 27, - INDEX_OPT_CRQ_INFO = 28, - INDEX_OPT_NO_CRQ_EXTENSIONS = 29, - INDEX_OPT_P12_INFO = 30, - INDEX_OPT_P7_INFO = 31, - INDEX_OPT_SMIME_TO_P7 = 32, - INDEX_OPT_KEY_INFO = 33, - INDEX_OPT_PGP_KEY_INFO = 34, - INDEX_OPT_PUBKEY_INFO = 35, - INDEX_OPT_V1 = 36, - INDEX_OPT_TO_P12 = 37, - INDEX_OPT_TO_P8 = 38, - INDEX_OPT_PKCS8 = 39, - INDEX_OPT_RSA = 40, - INDEX_OPT_DSA = 41, - INDEX_OPT_ECC = 42, - INDEX_OPT_HASH = 43, - INDEX_OPT_INDER = 44, - INDEX_OPT_INRAW = 45, - INDEX_OPT_OUTDER = 46, - INDEX_OPT_OUTRAW = 47, - INDEX_OPT_BITS = 48, - INDEX_OPT_SEC_PARAM = 49, - INDEX_OPT_DISABLE_QUICK_RANDOM = 50, - INDEX_OPT_TEMPLATE = 51, - INDEX_OPT_PKCS_CIPHER = 52, - INDEX_OPT_VERSION = 53, - INDEX_OPT_HELP = 54, - INDEX_OPT_MORE_HELP = 55 + INDEX_OPT_NULL_PASSWORD = 23, + INDEX_OPT_CERTIFICATE_INFO = 24, + INDEX_OPT_CERTIFICATE_PUBKEY = 25, + INDEX_OPT_PGP_CERTIFICATE_INFO = 26, + INDEX_OPT_PGP_RING_INFO = 27, + INDEX_OPT_CRL_INFO = 28, + INDEX_OPT_CRQ_INFO = 29, + INDEX_OPT_NO_CRQ_EXTENSIONS = 30, + INDEX_OPT_P12_INFO = 31, + INDEX_OPT_P7_INFO = 32, + INDEX_OPT_SMIME_TO_P7 = 33, + INDEX_OPT_KEY_INFO = 34, + INDEX_OPT_PGP_KEY_INFO = 35, + INDEX_OPT_PUBKEY_INFO = 36, + INDEX_OPT_V1 = 37, + INDEX_OPT_TO_P12 = 38, + INDEX_OPT_TO_P8 = 39, + INDEX_OPT_PKCS8 = 40, + INDEX_OPT_RSA = 41, + INDEX_OPT_DSA = 42, + INDEX_OPT_ECC = 43, + INDEX_OPT_HASH = 44, + INDEX_OPT_INDER = 45, + INDEX_OPT_INRAW = 46, + INDEX_OPT_OUTDER = 47, + INDEX_OPT_OUTRAW = 48, + INDEX_OPT_BITS = 49, + INDEX_OPT_SEC_PARAM = 50, + INDEX_OPT_DISABLE_QUICK_RANDOM = 51, + INDEX_OPT_TEMPLATE = 52, + INDEX_OPT_PKCS_CIPHER = 53, + INDEX_OPT_VERSION = 54, + INDEX_OPT_HELP = 55, + INDEX_OPT_MORE_HELP = 56 } teOptIndex; -#define OPTION_CT 56 +#define OPTION_CT 57 #define CERTTOOL_VERSION "@VERSION@" #define CERTTOOL_FULL_VERSION "certtool @VERSION@" @@ -188,38 +189,39 @@ typedef enum { #define VALUE_OPT_LOAD_CA_PRIVKEY 20 #define VALUE_OPT_LOAD_CA_CERTIFICATE 21 #define VALUE_OPT_PASSWORD 22 +#define VALUE_OPT_NULL_PASSWORD 23 #define VALUE_OPT_CERTIFICATE_INFO 'i' -#define VALUE_OPT_CERTIFICATE_PUBKEY 24 -#define VALUE_OPT_PGP_CERTIFICATE_INFO 25 -#define VALUE_OPT_PGP_RING_INFO 26 +#define VALUE_OPT_CERTIFICATE_PUBKEY 25 +#define VALUE_OPT_PGP_CERTIFICATE_INFO 26 +#define VALUE_OPT_PGP_RING_INFO 27 #define VALUE_OPT_CRL_INFO 'l' -#define VALUE_OPT_CRQ_INFO 28 -#define VALUE_OPT_NO_CRQ_EXTENSIONS 29 -#define VALUE_OPT_P12_INFO 30 -#define VALUE_OPT_P7_INFO 31 -#define VALUE_OPT_SMIME_TO_P7 32 +#define VALUE_OPT_CRQ_INFO 29 +#define VALUE_OPT_NO_CRQ_EXTENSIONS 30 +#define VALUE_OPT_P12_INFO 31 +#define VALUE_OPT_P7_INFO 32 +#define VALUE_OPT_SMIME_TO_P7 129 #define VALUE_OPT_KEY_INFO 'k' -#define VALUE_OPT_PGP_KEY_INFO 130 -#define VALUE_OPT_PUBKEY_INFO 131 -#define VALUE_OPT_V1 132 -#define VALUE_OPT_TO_P12 133 -#define VALUE_OPT_TO_P8 134 +#define VALUE_OPT_PGP_KEY_INFO 131 +#define VALUE_OPT_PUBKEY_INFO 132 +#define VALUE_OPT_V1 133 +#define VALUE_OPT_TO_P12 134 +#define VALUE_OPT_TO_P8 135 #define VALUE_OPT_PKCS8 '8' -#define VALUE_OPT_RSA 136 -#define VALUE_OPT_DSA 137 -#define VALUE_OPT_ECC 138 -#define VALUE_OPT_HASH 139 -#define VALUE_OPT_INDER 140 -#define VALUE_OPT_INRAW 141 -#define VALUE_OPT_OUTDER 142 -#define VALUE_OPT_OUTRAW 143 -#define VALUE_OPT_BITS 144 +#define VALUE_OPT_RSA 137 +#define VALUE_OPT_DSA 138 +#define VALUE_OPT_ECC 139 +#define VALUE_OPT_HASH 140 +#define VALUE_OPT_INDER 141 +#define VALUE_OPT_INRAW 142 +#define VALUE_OPT_OUTDER 143 +#define VALUE_OPT_OUTRAW 144 +#define VALUE_OPT_BITS 145 #define OPT_VALUE_BITS (DESC(BITS).optArg.argInt) -#define VALUE_OPT_SEC_PARAM 145 -#define VALUE_OPT_DISABLE_QUICK_RANDOM 146 -#define VALUE_OPT_TEMPLATE 147 -#define VALUE_OPT_PKCS_CIPHER 148 +#define VALUE_OPT_SEC_PARAM 146 +#define VALUE_OPT_DISABLE_QUICK_RANDOM 147 +#define VALUE_OPT_TEMPLATE 148 +#define VALUE_OPT_PKCS_CIPHER 149 #define VALUE_OPT_HELP 'h' #define VALUE_OPT_MORE_HELP '!' #define VALUE_OPT_VERSION 'v' diff --git a/src/certtool-common.h b/src/certtool-common.h index 8e1af6b23d..a68e47b922 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -48,6 +48,7 @@ typedef struct common_info const char* sec_param; const char* pkcs_cipher; const char* password; + int null_password; unsigned int crq_extensions; unsigned int v1_cert; } common_info_st; diff --git a/src/certtool.c b/src/certtool.c index f70eac0ba6..f494cca04c 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -172,6 +172,23 @@ cipher_to_flags (const char *cipher) return -1; } +static const char* get_password(common_info_st * cinfo, unsigned int *flags) +{ + if (cinfo->null_password) + { + if (flags) *flags |= GNUTLS_PKCS_NULL_PASSWORD; + return NULL; + } + else if (cinfo->password) + { + if (cinfo->password[0] == 0 && flags) + *flags |= GNUTLS_PKCS_PLAIN; + return cinfo->password; + } + else + return get_pass (); +} + static void print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key) @@ -195,13 +212,11 @@ print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key) } else { - unsigned int flags; + unsigned int flags = 0; const char *pass; - flags = cipher_to_flags (cinfo->pkcs_cipher); - - if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0') - flags = GNUTLS_PKCS_PLAIN; + pass = get_password(cinfo, &flags); + flags |= cipher_to_flags (cinfo->pkcs_cipher); size = buffer_size; ret = @@ -1009,6 +1024,12 @@ cmd_parser (int argc, char **argv) if (HAVE_OPT(PASSWORD)) cinfo.password = OPT_ARG(PASSWORD); + if (HAVE_OPT(NULL_PASSWORD)) + { + cinfo.null_password = 1; + cinfo.password = ""; + } + if (HAVE_OPT(GENERATE_SELF_SIGNED)) generate_self_signed (&cinfo); else if (HAVE_OPT(GENERATE_CERTIFICATE)) @@ -1675,6 +1696,7 @@ privkey_info (common_info_st* cinfo) int ret; gnutls_datum_t pem; const char *pass; + unsigned int flags = 0; size = fread (buffer, 1, buffer_size - 1, infile); buffer[size] = 0; @@ -1684,19 +1706,16 @@ privkey_info (common_info_st* cinfo) pem.data = buffer; pem.size = size; - ret = gnutls_x509_privkey_import2 (key, &pem, incert_format, NULL); + ret = gnutls_x509_privkey_import2 (key, &pem, incert_format, NULL, 0); /* If we failed to import the certificate previously try PKCS #8 */ if (ret == GNUTLS_E_DECRYPTION_FAILED) { fprintf(stderr, "Encrypted structure detected...\n"); - if (cinfo->password) - pass = cinfo->password; - else - pass = get_pass (); + pass = get_password(cinfo, &flags); ret = gnutls_x509_privkey_import2 (key, &pem, - incert_format, pass); + incert_format, pass, flags); } if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -2262,30 +2281,23 @@ verify_crl (common_info_st * cinfo) } + void generate_pkcs8 (common_info_st * cinfo) { gnutls_x509_privkey_t key; int result; size_t size; - int flags = 0; + unsigned int flags = 0; const char *password; fprintf (stderr, "Generating a PKCS #8 key structure...\n"); key = load_x509_private_key (1, cinfo); - if (cinfo->password) - password = cinfo->password; - else - password = get_pass (); + password = get_password(cinfo, &flags); - flags = cipher_to_flags (cinfo->pkcs_cipher); - - if (password == NULL || password[0] == 0) - { - flags = GNUTLS_PKCS_PLAIN; - } + flags |= cipher_to_flags (cinfo->pkcs_cipher); size = buffer_size; result = @@ -2314,7 +2326,7 @@ generate_pkcs12 (common_info_st * cinfo) gnutls_datum_t data; const char *pass; const char *name; - unsigned int flags, i; + unsigned int flags = 0, i; gnutls_datum_t key_id; unsigned char _key_id[32]; int indx; @@ -2332,18 +2344,9 @@ generate_pkcs12 (common_info_st * cinfo) if (result < 0) error (EXIT_FAILURE, 0, "pkcs12_init: %s", gnutls_strerror (result)); - if (cinfo->password) - pass = cinfo->password; - else - pass = get_pass (); + pass = get_password(cinfo, &flags); + flags |= cipher_to_flags (cinfo->pkcs_cipher); - if (pass == NULL) - { - fprintf(stderr, "No password given for PKCS #12. Assuming null password...\n"); - pass = ""; - } - - for (i = 0; i < ncrts; i++) { gnutls_pkcs12_bag_t bag; @@ -2381,8 +2384,6 @@ generate_pkcs12 (common_info_st * cinfo) error (EXIT_FAILURE, 0, "bag_set_key_id: %s", gnutls_strerror (result)); - flags = cipher_to_flags (cinfo->pkcs_cipher); - result = gnutls_pkcs12_bag_encrypt (bag, pass, flags); if (result < 0) error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result)); @@ -2400,8 +2401,6 @@ generate_pkcs12 (common_info_st * cinfo) if (result < 0) error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); - flags = cipher_to_flags (cinfo->pkcs_cipher); - size = buffer_size; result = gnutls_x509_privkey_export_pkcs8 (keys[i], GNUTLS_X509_FMT_DER, @@ -2576,10 +2575,7 @@ pkcs12_info (common_info_st* cinfo) if (result < 0) error (EXIT_FAILURE, 0, "p12_import: %s", gnutls_strerror (result)); - if (cinfo->password) - pass = cinfo->password; - else - pass = get_pass (); + pass = get_password(cinfo, NULL); result = gnutls_pkcs12_verify_mac (pkcs12, pass); if (result < 0) @@ -248,7 +248,7 @@ load_keys (void) exit (1); } - ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype, NULL); + ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12 index 3cbe4761db..a2ee20bdd4 100755 --- a/tests/pkcs12-decode/pkcs12 +++ b/tests/pkcs12-decode/pkcs12 @@ -48,5 +48,13 @@ for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do fi done +file=test-null.p12 +$CERTTOOL --p12-info --inder --null-password --infile $file >/dev/null 2>&1 +rc=$? +if test $rc != 0; then + echo "PKCS12 FATAL $file" + ret=1 +fi + #echo "NEON PKCS12 DONE (rc $ret)" exit $ret diff --git a/tests/pkcs12-decode/test-null.p12 b/tests/pkcs12-decode/test-null.p12 Binary files differnew file mode 100644 index 0000000000..4db0afb4d7 --- /dev/null +++ b/tests/pkcs12-decode/test-null.p12 |