[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-85-ge7e14d8
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-85-ge7e14d8 |
|
Date: |
Sat, 04 Aug 2012 11:27:21 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e7e14d850e418ad129769ebd908aa90caaff1a2a
The branch, master has been updated
via e7e14d850e418ad129769ebd908aa90caaff1a2a (commit)
via f149bd2aecaabc1723693f6aa60097bd5f9b63d6 (commit)
via ac9f8f44da045aaca5b4bd257fc99046596adc69 (commit)
via b0962b305de154fa3fce0b3c5a4b10958fd30ce7 (commit)
from 23f504a7d122bdd3a683ad6733d5843a5970a825 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e7e14d850e418ad129769ebd908aa90caaff1a2a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 4 13:15:28 2012 +0200
corrected example and added missing files.
commit f149bd2aecaabc1723693f6aa60097bd5f9b63d6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 4 13:14:18 2012 +0200
confirm password on key generation.
commit ac9f8f44da045aaca5b4bd257fc99046596adc69
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 4 13:09:57 2012 +0200
Restored ability to decrypt PKCS #8 and #12 keys with a NULL password.
Certtool now accepts the option --null-password.
commit b0962b305de154fa3fce0b3c5a4b10958fd30ce7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 4 12:05:29 2012 +0200
Exit with an error code if a PKCS #12 structure cannot be decrypted.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +
doc/examples/ex-cert-select.c | 2 +-
doc/invoke-certtool.texi | 9 +-
lib/gnutls_privkey.c | 5 +-
lib/gnutls_x509.c | 2 +-
lib/includes/gnutls/abstract.h | 2 +-
lib/includes/gnutls/x509.h | 19 +-
lib/x509/pkcs12_encr.c | 20 +-
lib/x509/privkey.c | 17 +-
lib/x509/privkey_pkcs8.c | 10 +-
src/certtool-args.c | 559 +++++++++++++++++++------------------
src/certtool-args.def | 6 +
src/certtool-args.h | 124 +++++----
src/certtool-common.h | 1 +
src/certtool.c | 96 ++++---
src/cli.c | 2 +-
tests/pkcs12-decode/Makefile.am | 2 +-
tests/pkcs12-decode/pkcs12 | 8 +
tests/pkcs12-decode/test-null.p12 | Bin 0 -> 1649 bytes
19 files changed, 480 insertions(+), 409 deletions(-)
create mode 100644 tests/pkcs12-decode/test-null.p12
diff --git a/NEWS b/NEWS
index 0387d0f..ac75e7d 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,10 @@ and --benchmark-tls-ciphers
** certtool: generated PKCS #12 structures may hold more than one
private key. Patch by Lucas Fisher.
+** certtool: Added option --null-password to generate/decrypt keys
+that use a NULL password (in schemas that distinguish between NULL
+an empty passwords).
+
** libgnutls: requires libnettle 2.5.
** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
@@ -42,6 +46,7 @@ by Alexandre Bique.
** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
GNUTLS_CAMELLIA_192_CBC: Added
+GNUTLS_PKCS_NULL_PASSWORD: Added
gnutls_url_is_supported: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_pkcs11_obj_set_pin_function: Added
diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c
index 49dfd8d..7b51734 100644
--- a/doc/examples/ex-cert-select.c
+++ b/doc/examples/ex-cert-select.c
@@ -75,7 +75,7 @@ load_keys (void)
gnutls_privkey_init (&key);
- ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL);
+ ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL,
0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi
index 34d618f..4bc812c 100644
--- a/doc/invoke-certtool.texi
+++ b/doc/invoke-certtool.texi
@@ -7,7 +7,7 @@
#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed June 28, 2012 at 09:25:29 PM by AutoGen 5.16
+# It has been AutoGen-ed August 4, 2012 at 01:15:27 PM by AutoGen 5.16
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -70,6 +70,7 @@ USAGE: certtool [ -<flag> [<val>] | --<name>address@hidden|
@}<val>] ]...
--load-ca-privkey=str Loads the certificate authority's private key
file
--load-ca-certificate=str Loads the certificate authority's certificate
file
--password=str Password to use
+ --null-password Enforce a NULL password
-i, --certificate-info Print information on the given certificate
--certificate-pubkey Print certificate's public key
--pgp-certificate-info Print information on the given OpenPGP
certificate
@@ -207,6 +208,12 @@ This can be either a file or a PKCS #11 URL
This is the ``loads the certificate authority's certificate file'' option.
This option takes an argument string.
This can be either a file or a PKCS #11 URL
address@hidden null-password}
address@hidden null-password option
address@hidden certtool-null-password
+
+This is the ``enforce a null password'' option.
+This option enforces a NULL password. This may be different than the empty
password in some schemas.
@anchor{certtool to-p12}
@subheading to-p12 option
@cindex certtool-to-p12
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 816e941..ae41faf 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -839,6 +839,7 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
* @data: The private key data to be imported
* @format: The format of the private key
* @password: A password (optional)
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
@@ -851,7 +852,7 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
- const char* password)
+ const char* password, unsigned int flags)
{
gnutls_x509_privkey_t xpriv;
int ret;
@@ -860,7 +861,7 @@ int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
if (ret < 0)
return gnutls_assert_val(ret);
- ret = gnutls_x509_privkey_import2(xpriv, data, format, password);
+ ret = gnutls_x509_privkey_import2(xpriv, data, format, password, flags);
if (ret < 0)
{
gnutls_assert();
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e4bb73c..a443cd1 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -505,7 +505,7 @@ read_key_mem (gnutls_certificate_credentials_t res,
if (res->pin.cb)
gnutls_privkey_set_pin_function(privkey, res->pin.cb, res->pin.data);
- ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, NULL);
+ ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 0f8255b..68e6fc3 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -220,7 +220,7 @@ int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t
pkey,
int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
- const char* password);
+ const char* password, unsigned int flags);
int
gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 0ec4f21..3c86c34 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -674,16 +674,18 @@ extern "C"
/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
*/
+#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
+#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
+#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
+#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
+
/**
* gnutls_pkcs_encrypt_flags_t:
* @GNUTLS_PKCS_PLAIN: Unencrypted private key.
- * @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN.
+ * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty and a
NULL password.
* @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
- * @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES.
* @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
- * @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR.
* @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
- * @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40.
* @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
* @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
* @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
@@ -694,17 +696,14 @@ extern "C"
typedef enum gnutls_pkcs_encrypt_flags_t
{
GNUTLS_PKCS_PLAIN = 1,
- GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN,
GNUTLS_PKCS_USE_PKCS12_3DES = 2,
- GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES,
GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
- GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR,
GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
- GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40,
GNUTLS_PKCS_USE_PBES2_3DES = 16,
GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
- GNUTLS_PKCS_USE_PBES2_AES_256 = 128
+ GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
+ GNUTLS_PKCS_NULL_PASSWORD = 256
} gnutls_pkcs_encrypt_flags_t;
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
@@ -728,7 +727,7 @@ extern "C"
int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
- const char* password);
+ const char* password, unsigned int flags);
int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
const gnutls_datum_t * m,
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index 68b5286..8c02b1e 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -47,6 +47,9 @@ _pkcs12_check_pass (const char *pass, size_t plen)
* 3 for MAC
* 2 for IV
* 1 for encryption key
+ *
+ * Note that this function produces different key for the
+ * NULL password, and for the password with zero length.
*/
int
_gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
@@ -64,12 +67,13 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const
uint8_t * salt,
size_t cur_keylen;
size_t n, m;
const uint8_t buf_512[] = /* 2^64 */
- { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00
};
cur_keylen = 0;
@@ -132,14 +136,12 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const
uint8_t * salt,
_gnutls_hash_deinit (&md, hash);
for (i = 1; i < iter; i++)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, hash, 20, hash);
if (rc < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hash (&md, hash, 20);
- _gnutls_hash_deinit (&md, hash);
}
for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
keybuf[cur_keylen++] = hash[i];
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 9d32025..98095aa 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -564,6 +564,7 @@ failover:
* @data: The DER or PEM encoded certificate.
* @format: One of DER or PEM
* @password: A password (optional)
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
*
* This function will import the given DER or PEM encoded key, to
* the native #gnutls_x509_privkey_t format, irrespective of the
@@ -582,11 +583,11 @@ int
gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
- const char* password)
+ const char* password, unsigned int flags)
{
int ret = 0;
- if (password == NULL)
+ if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
{
ret = gnutls_x509_privkey_import(key, data, format);
if (ret < 0)
@@ -595,12 +596,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
}
}
- if (password != NULL || ret < 0)
+ if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0)
{
- ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, 0);
+ ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password,
flags);
if (ret < 0)
{
- if (format == GNUTLS_X509_FMT_PEM)
+ if (format == GNUTLS_X509_FMT_PEM && password != NULL)
{
int err;
err = gnutls_x509_privkey_import_openssl(key, data, password);
@@ -611,8 +612,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
goto cleanup;
}
}
+ else
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
}
-
}
ret = 0;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 95711ce..d5b0243 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -626,7 +626,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
schema = _gnutls_pkcs_flags_to_schema (flags);
- if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags &
GNUTLS_PKCS_NULL_PASSWORD))
{
_gnutls_free_datum (&tmp);
@@ -640,7 +640,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
else
{
asn1_delete_structure (&pkey_info); /* we don't need it */
-
+
ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
_gnutls_free_datum (&tmp);
@@ -1239,7 +1239,11 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t
key,
need_free = 1;
}
- if (password == NULL || (flags & GNUTLS_PKCS_PLAIN))
+ /* Here we don't check for password == NULL to maintain a backwards
+ * compatibility behavior, with old versions that were encrypting using
+ * a NULL password.
+ */
+ if (flags & GNUTLS_PKCS_PLAIN)
{
result = decode_private_key_info (&_data, key);
if (result < 0)
diff --git a/src/certtool-args.c b/src/certtool-args.c
index 58e045f..269adc5 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed June 25, 2012 at 07:39:02 PM by AutoGen 5.16
+ * It has been AutoGen-ed August 4, 2012 at 12:13:08 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* certtool option static const strings
*/
-static char const certtool_opt_strs[4606] =
+static char const certtool_opt_strs[4658] =
/* 0 */ "certtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -153,112 +153,115 @@ static char const certtool_opt_strs[4606] =
/* 2257 */ "Password to use\0"
/* 2273 */ "PASSWORD\0"
/* 2282 */ "password\0"
-/* 2291 */ "Print information on the given certificate\0"
-/* 2334 */ "CERTIFICATE_INFO\0"
-/* 2351 */ "certificate-info\0"
-/* 2368 */ "Print certificate's public key\0"
-/* 2399 */ "CERTIFICATE_PUBKEY\0"
-/* 2418 */ "certificate-pubkey\0"
-/* 2437 */ "Print information on the given OpenPGP certificate\0"
-/* 2488 */ "PGP_CERTIFICATE_INFO\0"
-/* 2509 */ "pgp-certificate-info\0"
-/* 2530 */ "Print information on the given OpenPGP keyring structure\0"
-/* 2587 */ "PGP_RING_INFO\0"
-/* 2601 */ "pgp-ring-info\0"
-/* 2615 */ "Print information on the given CRL structure\0"
-/* 2660 */ "CRL_INFO\0"
-/* 2669 */ "crl-info\0"
-/* 2678 */ "Print information on the given certificate request\0"
-/* 2729 */ "CRQ_INFO\0"
-/* 2738 */ "crq-info\0"
-/* 2747 */ "Do not use extensions in certificate requests\0"
-/* 2793 */ "NO_CRQ_EXTENSIONS\0"
-/* 2811 */ "no-crq-extensions\0"
-/* 2829 */ "Print information on a PKCS #12 structure\0"
-/* 2871 */ "P12_INFO\0"
-/* 2880 */ "p12-info\0"
-/* 2889 */ "Print information on a PKCS #7 structure\0"
-/* 2930 */ "P7_INFO\0"
-/* 2938 */ "p7-info\0"
-/* 2946 */ "Convert S/MIME to PKCS #7 structure\0"
-/* 2982 */ "SMIME_TO_P7\0"
-/* 2994 */ "smime-to-p7\0"
-/* 3006 */ "Print information on a private key\0"
-/* 3041 */ "KEY_INFO\0"
-/* 3050 */ "key-info\0"
-/* 3059 */ "Print information on an OpenPGP private key\0"
-/* 3103 */ "PGP_KEY_INFO\0"
-/* 3116 */ "pgp-key-info\0"
-/* 3129 */ "Print information on a public key\0"
-/* 3163 */ "PUBKEY_INFO\0"
-/* 3175 */ "pubkey-info\0"
-/* 3187 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
-/* 3248 */ "V1\0"
-/* 3251 */ "v1\0"
-/* 3254 */ "Generate a PKCS #12 structure\0"
-/* 3284 */ "TO_P12\0"
-/* 3291 */ "to-p12\0"
-/* 3298 */ "Generate a PKCS #8 structure\0"
-/* 3327 */ "TO_P8\0"
-/* 3333 */ "to-p8\0"
-/* 3339 */ "Use PKCS #8 format for private keys\0"
-/* 3375 */ "PKCS8\0"
-/* 3381 */ "pkcs8\0"
-/* 3387 */ "Generate RSA key\0"
-/* 3404 */ "RSA\0"
-/* 3408 */ "rsa\0"
-/* 3412 */ "Generate DSA key\0"
-/* 3429 */ "DSA\0"
-/* 3433 */ "dsa\0"
-/* 3437 */ "Generate ECC (ECDSA) key\0"
-/* 3462 */ "ECC\0"
-/* 3466 */ "ecc\0"
-/* 3470 */ "Hash algorithm to use for signing.\0"
-/* 3505 */ "HASH\0"
-/* 3510 */ "hash\0"
-/* 3515 */ "Use DER format for input certificates and private keys.\0"
-/* 3571 */ "INDER\0"
-/* 3577 */ "no-inder\0"
-/* 3586 */ "no\0"
-/* 3589 */ "This is an alias for 'inder'\0"
-/* 3618 */ "inraw\0"
-/* 3624 */ "Use DER format for output certificates and private keys\0"
-/* 3680 */ "OUTDER\0"
-/* 3687 */ "no-outder\0"
-/* 3697 */ "This is an alias for 'outder'\0"
-/* 3727 */ "outraw\0"
-/* 3734 */ "Specify the number of bits for key generate\0"
-/* 3778 */ "BITS\0"
-/* 3783 */ "bits\0"
-/* 3788 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
-/* 3851 */ "SEC_PARAM\0"
-/* 3861 */ "sec-param\0"
-/* 3871 */ "No effect\0"
-/* 3881 */ "DISABLE_QUICK_RANDOM\0"
-/* 3902 */ "disable-quick-random\0"
-/* 3923 */ "Template file to use for non-interactive operation\0"
-/* 3974 */ "TEMPLATE\0"
-/* 3983 */ "template\0"
-/* 3992 */ "Cipher to use for PKCS #8 and #12 operations\0"
-/* 4037 */ "PKCS_CIPHER\0"
-/* 4049 */ "pkcs-cipher\0"
-/* 4061 */ "Display extended usage information and exit\0"
-/* 4105 */ "help\0"
-/* 4110 */ "Extended usage information passed thru pager\0"
-/* 4155 */ "more-help\0"
-/* 4165 */ "Output version information and exit\0"
-/* 4201 */ "version\0"
-/* 4209 */ "CERTTOOL\0"
-/* 4218 */ "certtool - GnuTLS PKCS #11 tool - Ver. @address@hidden"
+/* 2291 */ "Enforce a NULL password\0"
+/* 2315 */ "NULL_PASSWORD\0"
+/* 2329 */ "null-password\0"
+/* 2343 */ "Print information on the given certificate\0"
+/* 2386 */ "CERTIFICATE_INFO\0"
+/* 2403 */ "certificate-info\0"
+/* 2420 */ "Print certificate's public key\0"
+/* 2451 */ "CERTIFICATE_PUBKEY\0"
+/* 2470 */ "certificate-pubkey\0"
+/* 2489 */ "Print information on the given OpenPGP certificate\0"
+/* 2540 */ "PGP_CERTIFICATE_INFO\0"
+/* 2561 */ "pgp-certificate-info\0"
+/* 2582 */ "Print information on the given OpenPGP keyring structure\0"
+/* 2639 */ "PGP_RING_INFO\0"
+/* 2653 */ "pgp-ring-info\0"
+/* 2667 */ "Print information on the given CRL structure\0"
+/* 2712 */ "CRL_INFO\0"
+/* 2721 */ "crl-info\0"
+/* 2730 */ "Print information on the given certificate request\0"
+/* 2781 */ "CRQ_INFO\0"
+/* 2790 */ "crq-info\0"
+/* 2799 */ "Do not use extensions in certificate requests\0"
+/* 2845 */ "NO_CRQ_EXTENSIONS\0"
+/* 2863 */ "no-crq-extensions\0"
+/* 2881 */ "Print information on a PKCS #12 structure\0"
+/* 2923 */ "P12_INFO\0"
+/* 2932 */ "p12-info\0"
+/* 2941 */ "Print information on a PKCS #7 structure\0"
+/* 2982 */ "P7_INFO\0"
+/* 2990 */ "p7-info\0"
+/* 2998 */ "Convert S/MIME to PKCS #7 structure\0"
+/* 3034 */ "SMIME_TO_P7\0"
+/* 3046 */ "smime-to-p7\0"
+/* 3058 */ "Print information on a private key\0"
+/* 3093 */ "KEY_INFO\0"
+/* 3102 */ "key-info\0"
+/* 3111 */ "Print information on an OpenPGP private key\0"
+/* 3155 */ "PGP_KEY_INFO\0"
+/* 3168 */ "pgp-key-info\0"
+/* 3181 */ "Print information on a public key\0"
+/* 3215 */ "PUBKEY_INFO\0"
+/* 3227 */ "pubkey-info\0"
+/* 3239 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
+/* 3300 */ "V1\0"
+/* 3303 */ "v1\0"
+/* 3306 */ "Generate a PKCS #12 structure\0"
+/* 3336 */ "TO_P12\0"
+/* 3343 */ "to-p12\0"
+/* 3350 */ "Generate a PKCS #8 structure\0"
+/* 3379 */ "TO_P8\0"
+/* 3385 */ "to-p8\0"
+/* 3391 */ "Use PKCS #8 format for private keys\0"
+/* 3427 */ "PKCS8\0"
+/* 3433 */ "pkcs8\0"
+/* 3439 */ "Generate RSA key\0"
+/* 3456 */ "RSA\0"
+/* 3460 */ "rsa\0"
+/* 3464 */ "Generate DSA key\0"
+/* 3481 */ "DSA\0"
+/* 3485 */ "dsa\0"
+/* 3489 */ "Generate ECC (ECDSA) key\0"
+/* 3514 */ "ECC\0"
+/* 3518 */ "ecc\0"
+/* 3522 */ "Hash algorithm to use for signing.\0"
+/* 3557 */ "HASH\0"
+/* 3562 */ "hash\0"
+/* 3567 */ "Use DER format for input certificates and private keys.\0"
+/* 3623 */ "INDER\0"
+/* 3629 */ "no-inder\0"
+/* 3638 */ "no\0"
+/* 3641 */ "This is an alias for 'inder'\0"
+/* 3670 */ "inraw\0"
+/* 3676 */ "Use DER format for output certificates and private keys\0"
+/* 3732 */ "OUTDER\0"
+/* 3739 */ "no-outder\0"
+/* 3749 */ "This is an alias for 'outder'\0"
+/* 3779 */ "outraw\0"
+/* 3786 */ "Specify the number of bits for key generate\0"
+/* 3830 */ "BITS\0"
+/* 3835 */ "bits\0"
+/* 3840 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
+/* 3903 */ "SEC_PARAM\0"
+/* 3913 */ "sec-param\0"
+/* 3923 */ "No effect\0"
+/* 3933 */ "DISABLE_QUICK_RANDOM\0"
+/* 3954 */ "disable-quick-random\0"
+/* 3975 */ "Template file to use for non-interactive operation\0"
+/* 4026 */ "TEMPLATE\0"
+/* 4035 */ "template\0"
+/* 4044 */ "Cipher to use for PKCS #8 and #12 operations\0"
+/* 4089 */ "PKCS_CIPHER\0"
+/* 4101 */ "pkcs-cipher\0"
+/* 4113 */ "Display extended usage information and exit\0"
+/* 4157 */ "help\0"
+/* 4162 */ "Extended usage information passed thru pager\0"
+/* 4207 */ "more-help\0"
+/* 4217 */ "Output version information and exit\0"
+/* 4253 */ "version\0"
+/* 4261 */ "CERTTOOL\0"
+/* 4270 */ "certtool - GnuTLS PKCS #11 tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 4325 */ "address@hidden"
-/* 4344 */ "\n\n\0"
-/* 4347 */ "\n"
+/* 4377 */ "address@hidden"
+/* 4396 */ "\n\n\0"
+/* 4399 */ "\n"
"Tool to parse and generate X.509 certificates, requests and
private keys.\n"
"It can be used interactively or non interactively by specifying
the\n"
"template command line option.\n\0"
-/* 4521 */ "certtool @address@hidden"
-/* 4540 */ "certtool [options] [url]\n"
+/* 4573 */ "certtool @address@hidden"
+/* 4592 */ "certtool [options] [url]\n"
"certtool --help for usage instructions.\n";
/*
@@ -462,124 +465,132 @@ static int const aVerify_CrlMustList[] = {
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
+ * null-password option description:
+ */
+#define NULL_PASSWORD_DESC (certtool_opt_strs+2291)
+#define NULL_PASSWORD_NAME (certtool_opt_strs+2315)
+#define NULL_PASSWORD_name (certtool_opt_strs+2329)
+#define NULL_PASSWORD_FLAGS (OPTST_DISABLED)
+
+/*
* certificate-info option description:
*/
-#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2291)
-#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2334)
-#define CERTIFICATE_INFO_name (certtool_opt_strs+2351)
+#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2343)
+#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2386)
+#define CERTIFICATE_INFO_name (certtool_opt_strs+2403)
#define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* certificate-pubkey option description:
*/
-#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2368)
-#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2399)
-#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2418)
+#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2420)
+#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2451)
+#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2470)
#define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED)
/*
* pgp-certificate-info option description:
*/
-#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2437)
-#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2488)
-#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2509)
+#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2489)
+#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2540)
+#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2561)
#define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-ring-info option description:
*/
-#define PGP_RING_INFO_DESC (certtool_opt_strs+2530)
-#define PGP_RING_INFO_NAME (certtool_opt_strs+2587)
-#define PGP_RING_INFO_name (certtool_opt_strs+2601)
+#define PGP_RING_INFO_DESC (certtool_opt_strs+2582)
+#define PGP_RING_INFO_NAME (certtool_opt_strs+2639)
+#define PGP_RING_INFO_name (certtool_opt_strs+2653)
#define PGP_RING_INFO_FLAGS (OPTST_DISABLED)
/*
* crl-info option description:
*/
-#define CRL_INFO_DESC (certtool_opt_strs+2615)
-#define CRL_INFO_NAME (certtool_opt_strs+2660)
-#define CRL_INFO_name (certtool_opt_strs+2669)
+#define CRL_INFO_DESC (certtool_opt_strs+2667)
+#define CRL_INFO_NAME (certtool_opt_strs+2712)
+#define CRL_INFO_name (certtool_opt_strs+2721)
#define CRL_INFO_FLAGS (OPTST_DISABLED)
/*
* crq-info option description:
*/
-#define CRQ_INFO_DESC (certtool_opt_strs+2678)
-#define CRQ_INFO_NAME (certtool_opt_strs+2729)
-#define CRQ_INFO_name (certtool_opt_strs+2738)
+#define CRQ_INFO_DESC (certtool_opt_strs+2730)
+#define CRQ_INFO_NAME (certtool_opt_strs+2781)
+#define CRQ_INFO_name (certtool_opt_strs+2790)
#define CRQ_INFO_FLAGS (OPTST_DISABLED)
/*
* no-crq-extensions option description:
*/
-#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2747)
-#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2793)
-#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2811)
+#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2799)
+#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2845)
+#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2863)
#define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED)
/*
* p12-info option description:
*/
-#define P12_INFO_DESC (certtool_opt_strs+2829)
-#define P12_INFO_NAME (certtool_opt_strs+2871)
-#define P12_INFO_name (certtool_opt_strs+2880)
+#define P12_INFO_DESC (certtool_opt_strs+2881)
+#define P12_INFO_NAME (certtool_opt_strs+2923)
+#define P12_INFO_name (certtool_opt_strs+2932)
#define P12_INFO_FLAGS (OPTST_DISABLED)
/*
* p7-info option description:
*/
-#define P7_INFO_DESC (certtool_opt_strs+2889)
-#define P7_INFO_NAME (certtool_opt_strs+2930)
-#define P7_INFO_name (certtool_opt_strs+2938)
+#define P7_INFO_DESC (certtool_opt_strs+2941)
+#define P7_INFO_NAME (certtool_opt_strs+2982)
+#define P7_INFO_name (certtool_opt_strs+2990)
#define P7_INFO_FLAGS (OPTST_DISABLED)
/*
* smime-to-p7 option description:
*/
-#define SMIME_TO_P7_DESC (certtool_opt_strs+2946)
-#define SMIME_TO_P7_NAME (certtool_opt_strs+2982)
-#define SMIME_TO_P7_name (certtool_opt_strs+2994)
+#define SMIME_TO_P7_DESC (certtool_opt_strs+2998)
+#define SMIME_TO_P7_NAME (certtool_opt_strs+3034)
+#define SMIME_TO_P7_name (certtool_opt_strs+3046)
#define SMIME_TO_P7_FLAGS (OPTST_DISABLED)
/*
* key-info option description:
*/
-#define KEY_INFO_DESC (certtool_opt_strs+3006)
-#define KEY_INFO_NAME (certtool_opt_strs+3041)
-#define KEY_INFO_name (certtool_opt_strs+3050)
+#define KEY_INFO_DESC (certtool_opt_strs+3058)
+#define KEY_INFO_NAME (certtool_opt_strs+3093)
+#define KEY_INFO_name (certtool_opt_strs+3102)
#define KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-key-info option description:
*/
-#define PGP_KEY_INFO_DESC (certtool_opt_strs+3059)
-#define PGP_KEY_INFO_NAME (certtool_opt_strs+3103)
-#define PGP_KEY_INFO_name (certtool_opt_strs+3116)
+#define PGP_KEY_INFO_DESC (certtool_opt_strs+3111)
+#define PGP_KEY_INFO_NAME (certtool_opt_strs+3155)
+#define PGP_KEY_INFO_name (certtool_opt_strs+3168)
#define PGP_KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pubkey-info option description:
*/
-#define PUBKEY_INFO_DESC (certtool_opt_strs+3129)
-#define PUBKEY_INFO_NAME (certtool_opt_strs+3163)
-#define PUBKEY_INFO_name (certtool_opt_strs+3175)
+#define PUBKEY_INFO_DESC (certtool_opt_strs+3181)
+#define PUBKEY_INFO_NAME (certtool_opt_strs+3215)
+#define PUBKEY_INFO_name (certtool_opt_strs+3227)
#define PUBKEY_INFO_FLAGS (OPTST_DISABLED)
/*
* v1 option description:
*/
-#define V1_DESC (certtool_opt_strs+3187)
-#define V1_NAME (certtool_opt_strs+3248)
-#define V1_name (certtool_opt_strs+3251)
+#define V1_DESC (certtool_opt_strs+3239)
+#define V1_NAME (certtool_opt_strs+3300)
+#define V1_name (certtool_opt_strs+3303)
#define V1_FLAGS (OPTST_DISABLED)
/*
* to-p12 option description with
* "Must also have options" and "Incompatible options":
*/
-#define TO_P12_DESC (certtool_opt_strs+3254)
-#define TO_P12_NAME (certtool_opt_strs+3284)
-#define TO_P12_name (certtool_opt_strs+3291)
+#define TO_P12_DESC (certtool_opt_strs+3306)
+#define TO_P12_NAME (certtool_opt_strs+3336)
+#define TO_P12_name (certtool_opt_strs+3343)
static int const aTo_P12MustList[] = {
INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT };
#define TO_P12_FLAGS (OPTST_DISABLED)
@@ -587,140 +598,140 @@ static int const aTo_P12MustList[] = {
/*
* to-p8 option description:
*/
-#define TO_P8_DESC (certtool_opt_strs+3298)
-#define TO_P8_NAME (certtool_opt_strs+3327)
-#define TO_P8_name (certtool_opt_strs+3333)
+#define TO_P8_DESC (certtool_opt_strs+3350)
+#define TO_P8_NAME (certtool_opt_strs+3379)
+#define TO_P8_name (certtool_opt_strs+3385)
#define TO_P8_FLAGS (OPTST_DISABLED)
/*
* pkcs8 option description:
*/
-#define PKCS8_DESC (certtool_opt_strs+3339)
-#define PKCS8_NAME (certtool_opt_strs+3375)
-#define PKCS8_name (certtool_opt_strs+3381)
+#define PKCS8_DESC (certtool_opt_strs+3391)
+#define PKCS8_NAME (certtool_opt_strs+3427)
+#define PKCS8_name (certtool_opt_strs+3433)
#define PKCS8_FLAGS (OPTST_DISABLED)
/*
* rsa option description:
*/
-#define RSA_DESC (certtool_opt_strs+3387)
-#define RSA_NAME (certtool_opt_strs+3404)
-#define RSA_name (certtool_opt_strs+3408)
+#define RSA_DESC (certtool_opt_strs+3439)
+#define RSA_NAME (certtool_opt_strs+3456)
+#define RSA_name (certtool_opt_strs+3460)
#define RSA_FLAGS (OPTST_DISABLED)
/*
* dsa option description:
*/
-#define DSA_DESC (certtool_opt_strs+3412)
-#define DSA_NAME (certtool_opt_strs+3429)
-#define DSA_name (certtool_opt_strs+3433)
+#define DSA_DESC (certtool_opt_strs+3464)
+#define DSA_NAME (certtool_opt_strs+3481)
+#define DSA_name (certtool_opt_strs+3485)
#define DSA_FLAGS (OPTST_DISABLED)
/*
* ecc option description:
*/
-#define ECC_DESC (certtool_opt_strs+3437)
-#define ECC_NAME (certtool_opt_strs+3462)
-#define ECC_name (certtool_opt_strs+3466)
+#define ECC_DESC (certtool_opt_strs+3489)
+#define ECC_NAME (certtool_opt_strs+3514)
+#define ECC_name (certtool_opt_strs+3518)
#define ECC_FLAGS (OPTST_DISABLED)
/*
* hash option description:
*/
-#define HASH_DESC (certtool_opt_strs+3470)
-#define HASH_NAME (certtool_opt_strs+3505)
-#define HASH_name (certtool_opt_strs+3510)
+#define HASH_DESC (certtool_opt_strs+3522)
+#define HASH_NAME (certtool_opt_strs+3557)
+#define HASH_name (certtool_opt_strs+3562)
#define HASH_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* inder option description:
*/
-#define INDER_DESC (certtool_opt_strs+3515)
-#define INDER_NAME (certtool_opt_strs+3571)
-#define NOT_INDER_name (certtool_opt_strs+3577)
-#define NOT_INDER_PFX (certtool_opt_strs+3586)
+#define INDER_DESC (certtool_opt_strs+3567)
+#define INDER_NAME (certtool_opt_strs+3623)
+#define NOT_INDER_name (certtool_opt_strs+3629)
+#define NOT_INDER_PFX (certtool_opt_strs+3638)
#define INDER_name (NOT_INDER_name + 3)
#define INDER_FLAGS (OPTST_DISABLED)
/*
* inraw option description:
*/
-#define INRAW_DESC (certtool_opt_strs+3589)
+#define INRAW_DESC (certtool_opt_strs+3641)
#define INRAW_NAME NULL
-#define INRAW_name (certtool_opt_strs+3618)
+#define INRAW_name (certtool_opt_strs+3670)
#define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS)
/*
* outder option description:
*/
-#define OUTDER_DESC (certtool_opt_strs+3624)
-#define OUTDER_NAME (certtool_opt_strs+3680)
-#define NOT_OUTDER_name (certtool_opt_strs+3687)
-#define NOT_OUTDER_PFX (certtool_opt_strs+3586)
+#define OUTDER_DESC (certtool_opt_strs+3676)
+#define OUTDER_NAME (certtool_opt_strs+3732)
+#define NOT_OUTDER_name (certtool_opt_strs+3739)
+#define NOT_OUTDER_PFX (certtool_opt_strs+3638)
#define OUTDER_name (NOT_OUTDER_name + 3)
#define OUTDER_FLAGS (OPTST_DISABLED)
/*
* outraw option description:
*/
-#define OUTRAW_DESC (certtool_opt_strs+3697)
+#define OUTRAW_DESC (certtool_opt_strs+3749)
#define OUTRAW_NAME NULL
-#define OUTRAW_name (certtool_opt_strs+3727)
+#define OUTRAW_name (certtool_opt_strs+3779)
#define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS)
/*
* bits option description:
*/
-#define BITS_DESC (certtool_opt_strs+3734)
-#define BITS_NAME (certtool_opt_strs+3778)
-#define BITS_name (certtool_opt_strs+3783)
+#define BITS_DESC (certtool_opt_strs+3786)
+#define BITS_NAME (certtool_opt_strs+3830)
+#define BITS_name (certtool_opt_strs+3835)
#define BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* sec-param option description:
*/
-#define SEC_PARAM_DESC (certtool_opt_strs+3788)
-#define SEC_PARAM_NAME (certtool_opt_strs+3851)
-#define SEC_PARAM_name (certtool_opt_strs+3861)
+#define SEC_PARAM_DESC (certtool_opt_strs+3840)
+#define SEC_PARAM_NAME (certtool_opt_strs+3903)
+#define SEC_PARAM_name (certtool_opt_strs+3913)
#define SEC_PARAM_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* disable-quick-random option description:
*/
-#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3871)
-#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3881)
-#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3902)
+#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3923)
+#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3933)
+#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3954)
#define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED)
/*
* template option description:
*/
-#define TEMPLATE_DESC (certtool_opt_strs+3923)
-#define TEMPLATE_NAME (certtool_opt_strs+3974)
-#define TEMPLATE_name (certtool_opt_strs+3983)
+#define TEMPLATE_DESC (certtool_opt_strs+3975)
+#define TEMPLATE_NAME (certtool_opt_strs+4026)
+#define TEMPLATE_name (certtool_opt_strs+4035)
#define TEMPLATE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pkcs-cipher option description:
*/
-#define PKCS_CIPHER_DESC (certtool_opt_strs+3992)
-#define PKCS_CIPHER_NAME (certtool_opt_strs+4037)
-#define PKCS_CIPHER_name (certtool_opt_strs+4049)
+#define PKCS_CIPHER_DESC (certtool_opt_strs+4044)
+#define PKCS_CIPHER_NAME (certtool_opt_strs+4089)
+#define PKCS_CIPHER_name (certtool_opt_strs+4101)
#define PKCS_CIPHER_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (certtool_opt_strs+4061)
-#define HELP_name (certtool_opt_strs+4105)
+#define HELP_DESC (certtool_opt_strs+4113)
+#define HELP_name (certtool_opt_strs+4157)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (certtool_opt_strs+4110)
-#define MORE_HELP_name (certtool_opt_strs+4155)
+#define MORE_HELP_DESC (certtool_opt_strs+4162)
+#define MORE_HELP_name (certtool_opt_strs+4207)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -733,8 +744,8 @@ static int const aTo_P12MustList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (certtool_opt_strs+4165)
-#define VER_name (certtool_opt_strs+4201)
+#define VER_DESC (certtool_opt_strs+4217)
+#define VER_name (certtool_opt_strs+4253)
/*
* Declare option callback procedures
*/
@@ -1032,8 +1043,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 23, VALUE_OPT_CERTIFICATE_INFO,
- /* equiv idx, value */ 23, VALUE_OPT_CERTIFICATE_INFO,
+ { /* entry idx, value */ 23, VALUE_OPT_NULL_PASSWORD,
+ /* equiv idx, value */ 23, VALUE_OPT_NULL_PASSWORD,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ NULL_PASSWORD_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --null-password */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME,
NULL_PASSWORD_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO,
+ /* equiv idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_INFO_FLAGS, 0,
@@ -1044,8 +1067,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_INFO_DESC, CERTIFICATE_INFO_NAME,
CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 24, VALUE_OPT_CERTIFICATE_PUBKEY,
- /* equiv idx, value */ 24, VALUE_OPT_CERTIFICATE_PUBKEY,
+ { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY,
+ /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_PUBKEY_FLAGS, 0,
@@ -1056,8 +1079,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_PUBKEY_DESC, CERTIFICATE_PUBKEY_NAME,
CERTIFICATE_PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 25, VALUE_OPT_PGP_CERTIFICATE_INFO,
- /* equiv idx, value */ 25, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ { /* entry idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ /* equiv idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_CERTIFICATE_INFO_FLAGS, 0,
@@ -1068,8 +1091,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_CERTIFICATE_INFO_DESC,
PGP_CERTIFICATE_INFO_NAME, PGP_CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 26, VALUE_OPT_PGP_RING_INFO,
- /* equiv idx, value */ 26, VALUE_OPT_PGP_RING_INFO,
+ { /* entry idx, value */ 27, VALUE_OPT_PGP_RING_INFO,
+ /* equiv idx, value */ 27, VALUE_OPT_PGP_RING_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_RING_INFO_FLAGS, 0,
@@ -1080,8 +1103,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_RING_INFO_DESC, PGP_RING_INFO_NAME,
PGP_RING_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 27, VALUE_OPT_CRL_INFO,
- /* equiv idx, value */ 27, VALUE_OPT_CRL_INFO,
+ { /* entry idx, value */ 28, VALUE_OPT_CRL_INFO,
+ /* equiv idx, value */ 28, VALUE_OPT_CRL_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRL_INFO_FLAGS, 0,
@@ -1092,8 +1115,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 28, VALUE_OPT_CRQ_INFO,
- /* equiv idx, value */ 28, VALUE_OPT_CRQ_INFO,
+ { /* entry idx, value */ 29, VALUE_OPT_CRQ_INFO,
+ /* equiv idx, value */ 29, VALUE_OPT_CRQ_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRQ_INFO_FLAGS, 0,
@@ -1104,8 +1127,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRQ_INFO_DESC, CRQ_INFO_NAME, CRQ_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 29, VALUE_OPT_NO_CRQ_EXTENSIONS,
- /* equiv idx, value */ 29, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ { /* entry idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ /* equiv idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NO_CRQ_EXTENSIONS_FLAGS, 0,
@@ -1116,8 +1139,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NO_CRQ_EXTENSIONS_DESC, NO_CRQ_EXTENSIONS_NAME,
NO_CRQ_EXTENSIONS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 30, VALUE_OPT_P12_INFO,
- /* equiv idx, value */ 30, VALUE_OPT_P12_INFO,
+ { /* entry idx, value */ 31, VALUE_OPT_P12_INFO,
+ /* equiv idx, value */ 31, VALUE_OPT_P12_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P12_INFO_FLAGS, 0,
@@ -1128,8 +1151,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P12_INFO_DESC, P12_INFO_NAME, P12_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 31, VALUE_OPT_P7_INFO,
- /* equiv idx, value */ 31, VALUE_OPT_P7_INFO,
+ { /* entry idx, value */ 32, VALUE_OPT_P7_INFO,
+ /* equiv idx, value */ 32, VALUE_OPT_P7_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P7_INFO_FLAGS, 0,
@@ -1140,8 +1163,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 32, VALUE_OPT_SMIME_TO_P7,
- /* equiv idx, value */ 32, VALUE_OPT_SMIME_TO_P7,
+ { /* entry idx, value */ 33, VALUE_OPT_SMIME_TO_P7,
+ /* equiv idx, value */ 33, VALUE_OPT_SMIME_TO_P7,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SMIME_TO_P7_FLAGS, 0,
@@ -1152,8 +1175,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SMIME_TO_P7_DESC, SMIME_TO_P7_NAME,
SMIME_TO_P7_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 33, VALUE_OPT_KEY_INFO,
- /* equiv idx, value */ 33, VALUE_OPT_KEY_INFO,
+ { /* entry idx, value */ 34, VALUE_OPT_KEY_INFO,
+ /* equiv idx, value */ 34, VALUE_OPT_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ KEY_INFO_FLAGS, 0,
@@ -1164,8 +1187,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ KEY_INFO_DESC, KEY_INFO_NAME, KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 34, VALUE_OPT_PGP_KEY_INFO,
- /* equiv idx, value */ 34, VALUE_OPT_PGP_KEY_INFO,
+ { /* entry idx, value */ 35, VALUE_OPT_PGP_KEY_INFO,
+ /* equiv idx, value */ 35, VALUE_OPT_PGP_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_KEY_INFO_FLAGS, 0,
@@ -1176,8 +1199,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_KEY_INFO_DESC, PGP_KEY_INFO_NAME,
PGP_KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 35, VALUE_OPT_PUBKEY_INFO,
- /* equiv idx, value */ 35, VALUE_OPT_PUBKEY_INFO,
+ { /* entry idx, value */ 36, VALUE_OPT_PUBKEY_INFO,
+ /* equiv idx, value */ 36, VALUE_OPT_PUBKEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PUBKEY_INFO_FLAGS, 0,
@@ -1188,8 +1211,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PUBKEY_INFO_DESC, PUBKEY_INFO_NAME,
PUBKEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 36, VALUE_OPT_V1,
- /* equiv idx, value */ 36, VALUE_OPT_V1,
+ { /* entry idx, value */ 37, VALUE_OPT_V1,
+ /* equiv idx, value */ 37, VALUE_OPT_V1,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ V1_FLAGS, 0,
@@ -1200,8 +1223,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ V1_DESC, V1_NAME, V1_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 37, VALUE_OPT_TO_P12,
- /* equiv idx, value */ 37, VALUE_OPT_TO_P12,
+ { /* entry idx, value */ 38, VALUE_OPT_TO_P12,
+ /* equiv idx, value */ 38, VALUE_OPT_TO_P12,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P12_FLAGS, 0,
@@ -1212,8 +1235,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P12_DESC, TO_P12_NAME, TO_P12_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 38, VALUE_OPT_TO_P8,
- /* equiv idx, value */ 38, VALUE_OPT_TO_P8,
+ { /* entry idx, value */ 39, VALUE_OPT_TO_P8,
+ /* equiv idx, value */ 39, VALUE_OPT_TO_P8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P8_FLAGS, 0,
@@ -1224,8 +1247,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 39, VALUE_OPT_PKCS8,
- /* equiv idx, value */ 39, VALUE_OPT_PKCS8,
+ { /* entry idx, value */ 40, VALUE_OPT_PKCS8,
+ /* equiv idx, value */ 40, VALUE_OPT_PKCS8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS8_FLAGS, 0,
@@ -1236,8 +1259,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 40, VALUE_OPT_RSA,
- /* equiv idx, value */ 40, VALUE_OPT_RSA,
+ { /* entry idx, value */ 41, VALUE_OPT_RSA,
+ /* equiv idx, value */ 41, VALUE_OPT_RSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ RSA_FLAGS, 0,
@@ -1248,8 +1271,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 41, VALUE_OPT_DSA,
- /* equiv idx, value */ 41, VALUE_OPT_DSA,
+ { /* entry idx, value */ 42, VALUE_OPT_DSA,
+ /* equiv idx, value */ 42, VALUE_OPT_DSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DSA_FLAGS, 0,
@@ -1260,8 +1283,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 42, VALUE_OPT_ECC,
- /* equiv idx, value */ 42, VALUE_OPT_ECC,
+ { /* entry idx, value */ 43, VALUE_OPT_ECC,
+ /* equiv idx, value */ 43, VALUE_OPT_ECC,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ ECC_FLAGS, 0,
@@ -1272,8 +1295,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 43, VALUE_OPT_HASH,
- /* equiv idx, value */ 43, VALUE_OPT_HASH,
+ { /* entry idx, value */ 44, VALUE_OPT_HASH,
+ /* equiv idx, value */ 44, VALUE_OPT_HASH,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ HASH_FLAGS, 0,
@@ -1284,8 +1307,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 44, VALUE_OPT_INDER,
- /* equiv idx, value */ 44, VALUE_OPT_INDER,
+ { /* entry idx, value */ 45, VALUE_OPT_INDER,
+ /* equiv idx, value */ 45, VALUE_OPT_INDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INDER_FLAGS, 0,
@@ -1296,8 +1319,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
/* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
- { /* entry idx, value */ 45, VALUE_OPT_INRAW,
- /* equiv idx, value */ 45, VALUE_OPT_INRAW,
+ { /* entry idx, value */ 46, VALUE_OPT_INRAW,
+ /* equiv idx, value */ 46, VALUE_OPT_INRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INRAW_FLAGS, 0,
@@ -1308,8 +1331,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 46, VALUE_OPT_OUTDER,
- /* equiv idx, value */ 46, VALUE_OPT_OUTDER,
+ { /* entry idx, value */ 47, VALUE_OPT_OUTDER,
+ /* equiv idx, value */ 47, VALUE_OPT_OUTDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTDER_FLAGS, 0,
@@ -1320,8 +1343,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
/* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
- { /* entry idx, value */ 47, VALUE_OPT_OUTRAW,
- /* equiv idx, value */ 47, VALUE_OPT_OUTRAW,
+ { /* entry idx, value */ 48, VALUE_OPT_OUTRAW,
+ /* equiv idx, value */ 48, VALUE_OPT_OUTRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTRAW_FLAGS, 0,
@@ -1332,8 +1355,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 48, VALUE_OPT_BITS,
- /* equiv idx, value */ 48, VALUE_OPT_BITS,
+ { /* entry idx, value */ 49, VALUE_OPT_BITS,
+ /* equiv idx, value */ 49, VALUE_OPT_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BITS_FLAGS, 0,
@@ -1344,8 +1367,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 49, VALUE_OPT_SEC_PARAM,
- /* equiv idx, value */ 49, VALUE_OPT_SEC_PARAM,
+ { /* entry idx, value */ 50, VALUE_OPT_SEC_PARAM,
+ /* equiv idx, value */ 50, VALUE_OPT_SEC_PARAM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SEC_PARAM_FLAGS, 0,
@@ -1356,8 +1379,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 50, VALUE_OPT_DISABLE_QUICK_RANDOM,
- /* equiv idx, value */ 50, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ { /* entry idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ /* equiv idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0,
@@ -1368,8 +1391,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC,
DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 51, VALUE_OPT_TEMPLATE,
- /* equiv idx, value */ 51, VALUE_OPT_TEMPLATE,
+ { /* entry idx, value */ 52, VALUE_OPT_TEMPLATE,
+ /* equiv idx, value */ 52, VALUE_OPT_TEMPLATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TEMPLATE_FLAGS, 0,
@@ -1380,8 +1403,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 52, VALUE_OPT_PKCS_CIPHER,
- /* equiv idx, value */ 52, VALUE_OPT_PKCS_CIPHER,
+ { /* entry idx, value */ 53, VALUE_OPT_PKCS_CIPHER,
+ /* equiv idx, value */ 53, VALUE_OPT_PKCS_CIPHER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS_CIPHER_FLAGS, 0,
@@ -1436,14 +1459,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the certtool Option Environment
*/
-#define zPROGNAME (certtool_opt_strs+4209)
-#define zUsageTitle (certtool_opt_strs+4218)
+#define zPROGNAME (certtool_opt_strs+4261)
+#define zUsageTitle (certtool_opt_strs+4270)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (certtool_opt_strs+4325)
-#define zExplain (certtool_opt_strs+4344)
-#define zDetail (certtool_opt_strs+4347)
-#define zFullVersion (certtool_opt_strs+4521)
+#define zBugsAddr (certtool_opt_strs+4377)
+#define zExplain (certtool_opt_strs+4396)
+#define zDetail (certtool_opt_strs+4399)
+#define zFullVersion (certtool_opt_strs+4573)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -1457,7 +1480,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define certtool_full_usage (NULL)
-#define certtool_short_usage (certtool_opt_strs+4540)
+#define certtool_short_usage (certtool_opt_strs+4592)
#endif /* not defined __doxygen__ */
@@ -1674,7 +1697,7 @@ tOptions certtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 56 /* full option count */, 53 /* user option count */,
+ 57 /* full option count */, 54 /* user option count */,
certtool_full_usage, certtool_short_usage,
NULL, NULL,
PKGDATADIR, certtool_packager_info
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 57cac19..f802dcc 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -150,6 +150,12 @@ flag = {
};
flag = {
+ name = null-password;
+ descrip = "Enforce a NULL password";
+ doc = "This option enforces a NULL password. This may be different than
the empty password in some schemas.";
+};
+
+flag = {
name = certificate-info;
value = i;
descrip = "Print information on the given certificate";
diff --git a/src/certtool-args.h b/src/certtool-args.h
index 2e8d3d6..b7d9f6e 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed June 25, 2012 at 07:39:01 PM by AutoGen 5.16
+ * It has been AutoGen-ed August 4, 2012 at 12:13:08 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -90,42 +90,43 @@ typedef enum {
INDEX_OPT_LOAD_CA_PRIVKEY = 20,
INDEX_OPT_LOAD_CA_CERTIFICATE = 21,
INDEX_OPT_PASSWORD = 22,
- INDEX_OPT_CERTIFICATE_INFO = 23,
- INDEX_OPT_CERTIFICATE_PUBKEY = 24,
- INDEX_OPT_PGP_CERTIFICATE_INFO = 25,
- INDEX_OPT_PGP_RING_INFO = 26,
- INDEX_OPT_CRL_INFO = 27,
- INDEX_OPT_CRQ_INFO = 28,
- INDEX_OPT_NO_CRQ_EXTENSIONS = 29,
- INDEX_OPT_P12_INFO = 30,
- INDEX_OPT_P7_INFO = 31,
- INDEX_OPT_SMIME_TO_P7 = 32,
- INDEX_OPT_KEY_INFO = 33,
- INDEX_OPT_PGP_KEY_INFO = 34,
- INDEX_OPT_PUBKEY_INFO = 35,
- INDEX_OPT_V1 = 36,
- INDEX_OPT_TO_P12 = 37,
- INDEX_OPT_TO_P8 = 38,
- INDEX_OPT_PKCS8 = 39,
- INDEX_OPT_RSA = 40,
- INDEX_OPT_DSA = 41,
- INDEX_OPT_ECC = 42,
- INDEX_OPT_HASH = 43,
- INDEX_OPT_INDER = 44,
- INDEX_OPT_INRAW = 45,
- INDEX_OPT_OUTDER = 46,
- INDEX_OPT_OUTRAW = 47,
- INDEX_OPT_BITS = 48,
- INDEX_OPT_SEC_PARAM = 49,
- INDEX_OPT_DISABLE_QUICK_RANDOM = 50,
- INDEX_OPT_TEMPLATE = 51,
- INDEX_OPT_PKCS_CIPHER = 52,
- INDEX_OPT_VERSION = 53,
- INDEX_OPT_HELP = 54,
- INDEX_OPT_MORE_HELP = 55
+ INDEX_OPT_NULL_PASSWORD = 23,
+ INDEX_OPT_CERTIFICATE_INFO = 24,
+ INDEX_OPT_CERTIFICATE_PUBKEY = 25,
+ INDEX_OPT_PGP_CERTIFICATE_INFO = 26,
+ INDEX_OPT_PGP_RING_INFO = 27,
+ INDEX_OPT_CRL_INFO = 28,
+ INDEX_OPT_CRQ_INFO = 29,
+ INDEX_OPT_NO_CRQ_EXTENSIONS = 30,
+ INDEX_OPT_P12_INFO = 31,
+ INDEX_OPT_P7_INFO = 32,
+ INDEX_OPT_SMIME_TO_P7 = 33,
+ INDEX_OPT_KEY_INFO = 34,
+ INDEX_OPT_PGP_KEY_INFO = 35,
+ INDEX_OPT_PUBKEY_INFO = 36,
+ INDEX_OPT_V1 = 37,
+ INDEX_OPT_TO_P12 = 38,
+ INDEX_OPT_TO_P8 = 39,
+ INDEX_OPT_PKCS8 = 40,
+ INDEX_OPT_RSA = 41,
+ INDEX_OPT_DSA = 42,
+ INDEX_OPT_ECC = 43,
+ INDEX_OPT_HASH = 44,
+ INDEX_OPT_INDER = 45,
+ INDEX_OPT_INRAW = 46,
+ INDEX_OPT_OUTDER = 47,
+ INDEX_OPT_OUTRAW = 48,
+ INDEX_OPT_BITS = 49,
+ INDEX_OPT_SEC_PARAM = 50,
+ INDEX_OPT_DISABLE_QUICK_RANDOM = 51,
+ INDEX_OPT_TEMPLATE = 52,
+ INDEX_OPT_PKCS_CIPHER = 53,
+ INDEX_OPT_VERSION = 54,
+ INDEX_OPT_HELP = 55,
+ INDEX_OPT_MORE_HELP = 56
} teOptIndex;
-#define OPTION_CT 56
+#define OPTION_CT 57
#define CERTTOOL_VERSION "@VERSION@"
#define CERTTOOL_FULL_VERSION "certtool @VERSION@"
@@ -188,38 +189,39 @@ typedef enum {
#define VALUE_OPT_LOAD_CA_PRIVKEY 20
#define VALUE_OPT_LOAD_CA_CERTIFICATE 21
#define VALUE_OPT_PASSWORD 22
+#define VALUE_OPT_NULL_PASSWORD 23
#define VALUE_OPT_CERTIFICATE_INFO 'i'
-#define VALUE_OPT_CERTIFICATE_PUBKEY 24
-#define VALUE_OPT_PGP_CERTIFICATE_INFO 25
-#define VALUE_OPT_PGP_RING_INFO 26
+#define VALUE_OPT_CERTIFICATE_PUBKEY 25
+#define VALUE_OPT_PGP_CERTIFICATE_INFO 26
+#define VALUE_OPT_PGP_RING_INFO 27
#define VALUE_OPT_CRL_INFO 'l'
-#define VALUE_OPT_CRQ_INFO 28
-#define VALUE_OPT_NO_CRQ_EXTENSIONS 29
-#define VALUE_OPT_P12_INFO 30
-#define VALUE_OPT_P7_INFO 31
-#define VALUE_OPT_SMIME_TO_P7 32
+#define VALUE_OPT_CRQ_INFO 29
+#define VALUE_OPT_NO_CRQ_EXTENSIONS 30
+#define VALUE_OPT_P12_INFO 31
+#define VALUE_OPT_P7_INFO 32
+#define VALUE_OPT_SMIME_TO_P7 129
#define VALUE_OPT_KEY_INFO 'k'
-#define VALUE_OPT_PGP_KEY_INFO 130
-#define VALUE_OPT_PUBKEY_INFO 131
-#define VALUE_OPT_V1 132
-#define VALUE_OPT_TO_P12 133
-#define VALUE_OPT_TO_P8 134
+#define VALUE_OPT_PGP_KEY_INFO 131
+#define VALUE_OPT_PUBKEY_INFO 132
+#define VALUE_OPT_V1 133
+#define VALUE_OPT_TO_P12 134
+#define VALUE_OPT_TO_P8 135
#define VALUE_OPT_PKCS8 '8'
-#define VALUE_OPT_RSA 136
-#define VALUE_OPT_DSA 137
-#define VALUE_OPT_ECC 138
-#define VALUE_OPT_HASH 139
-#define VALUE_OPT_INDER 140
-#define VALUE_OPT_INRAW 141
-#define VALUE_OPT_OUTDER 142
-#define VALUE_OPT_OUTRAW 143
-#define VALUE_OPT_BITS 144
+#define VALUE_OPT_RSA 137
+#define VALUE_OPT_DSA 138
+#define VALUE_OPT_ECC 139
+#define VALUE_OPT_HASH 140
+#define VALUE_OPT_INDER 141
+#define VALUE_OPT_INRAW 142
+#define VALUE_OPT_OUTDER 143
+#define VALUE_OPT_OUTRAW 144
+#define VALUE_OPT_BITS 145
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
-#define VALUE_OPT_SEC_PARAM 145
-#define VALUE_OPT_DISABLE_QUICK_RANDOM 146
-#define VALUE_OPT_TEMPLATE 147
-#define VALUE_OPT_PKCS_CIPHER 148
+#define VALUE_OPT_SEC_PARAM 146
+#define VALUE_OPT_DISABLE_QUICK_RANDOM 147
+#define VALUE_OPT_TEMPLATE 148
+#define VALUE_OPT_PKCS_CIPHER 149
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 8e1af6b..a68e47b 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -48,6 +48,7 @@ typedef struct common_info
const char* sec_param;
const char* pkcs_cipher;
const char* password;
+ int null_password;
unsigned int crq_extensions;
unsigned int v1_cert;
} common_info_st;
diff --git a/src/certtool.c b/src/certtool.c
index 70d6357..4f664fa 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -172,6 +172,28 @@ cipher_to_flags (const char *cipher)
return -1;
}
+static const char* get_password(common_info_st * cinfo, unsigned int *flags,
int confirm)
+{
+ if (cinfo->null_password)
+ {
+ if (flags) *flags |= GNUTLS_PKCS_NULL_PASSWORD;
+ return NULL;
+ }
+ else if (cinfo->password)
+ {
+ if (cinfo->password[0] == 0 && flags)
+ *flags |= GNUTLS_PKCS_PLAIN;
+ return cinfo->password;
+ }
+ else
+ {
+ if (confirm)
+ return get_confirmed_pass (true);
+ else
+ return get_pass ();
+ }
+}
+
static void
print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
@@ -195,13 +217,11 @@ print_private_key (common_info_st* cinfo,
gnutls_x509_privkey_t key)
}
else
{
- unsigned int flags;
+ unsigned int flags = 0;
const char *pass;
- flags = cipher_to_flags (cinfo->pkcs_cipher);
-
- if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
- flags = GNUTLS_PKCS_PLAIN;
+ pass = get_password(cinfo, &flags, 0);
+ flags |= cipher_to_flags (cinfo->pkcs_cipher);
size = buffer_size;
ret =
@@ -1009,6 +1029,12 @@ cmd_parser (int argc, char **argv)
if (HAVE_OPT(PASSWORD))
cinfo.password = OPT_ARG(PASSWORD);
+ if (HAVE_OPT(NULL_PASSWORD))
+ {
+ cinfo.null_password = 1;
+ cinfo.password = "";
+ }
+
if (HAVE_OPT(GENERATE_SELF_SIGNED))
generate_self_signed (&cinfo);
else if (HAVE_OPT(GENERATE_CERTIFICATE))
@@ -1675,6 +1701,7 @@ privkey_info (common_info_st* cinfo)
int ret;
gnutls_datum_t pem;
const char *pass;
+ unsigned int flags = 0;
size = fread (buffer, 1, buffer_size - 1, infile);
buffer[size] = 0;
@@ -1684,19 +1711,16 @@ privkey_info (common_info_st* cinfo)
pem.data = buffer;
pem.size = size;
- ret = gnutls_x509_privkey_import2 (key, &pem, incert_format, NULL);
+ ret = gnutls_x509_privkey_import2 (key, &pem, incert_format, NULL, 0);
/* If we failed to import the certificate previously try PKCS #8 */
if (ret == GNUTLS_E_DECRYPTION_FAILED)
{
fprintf(stderr, "Encrypted structure detected...\n");
- if (cinfo->password)
- pass = cinfo->password;
- else
- pass = get_pass ();
+ pass = get_password(cinfo, &flags, 0);
ret = gnutls_x509_privkey_import2 (key, &pem,
- incert_format, pass);
+ incert_format, pass, flags);
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
@@ -2262,30 +2286,23 @@ verify_crl (common_info_st * cinfo)
}
+
void
generate_pkcs8 (common_info_st * cinfo)
{
gnutls_x509_privkey_t key;
int result;
size_t size;
- int flags = 0;
+ unsigned int flags = 0;
const char *password;
fprintf (stderr, "Generating a PKCS #8 key structure...\n");
key = load_x509_private_key (1, cinfo);
- if (cinfo->password)
- password = cinfo->password;
- else
- password = get_pass ();
-
- flags = cipher_to_flags (cinfo->pkcs_cipher);
+ password = get_password(cinfo, &flags, 1);
- if (password == NULL || password[0] == 0)
- {
- flags = GNUTLS_PKCS_PLAIN;
- }
+ flags |= cipher_to_flags (cinfo->pkcs_cipher);
size = buffer_size;
result =
@@ -2314,7 +2331,7 @@ generate_pkcs12 (common_info_st * cinfo)
gnutls_datum_t data;
const char *pass;
const char *name;
- unsigned int flags, i;
+ unsigned int flags = 0, i;
gnutls_datum_t key_id;
unsigned char _key_id[32];
int indx;
@@ -2332,18 +2349,9 @@ generate_pkcs12 (common_info_st * cinfo)
if (result < 0)
error (EXIT_FAILURE, 0, "pkcs12_init: %s", gnutls_strerror (result));
- if (cinfo->password)
- pass = cinfo->password;
- else
- pass = get_pass ();
-
- if (pass == NULL)
- {
- fprintf(stderr, "No password given for PKCS #12. Assuming null
password...\n");
- pass = "";
- }
+ pass = get_password(cinfo, &flags, 1);
+ flags |= cipher_to_flags (cinfo->pkcs_cipher);
-
for (i = 0; i < ncrts; i++)
{
gnutls_pkcs12_bag_t bag;
@@ -2381,8 +2389,6 @@ generate_pkcs12 (common_info_st * cinfo)
error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
gnutls_strerror (result));
- flags = cipher_to_flags (cinfo->pkcs_cipher);
-
result = gnutls_pkcs12_bag_encrypt (bag, pass, flags);
if (result < 0)
error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result));
@@ -2400,8 +2406,6 @@ generate_pkcs12 (common_info_st * cinfo)
if (result < 0)
error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
- flags = cipher_to_flags (cinfo->pkcs_cipher);
-
size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (keys[i], GNUTLS_X509_FMT_DER,
@@ -2562,7 +2566,7 @@ pkcs12_info (common_info_st* cinfo)
size_t size;
gnutls_datum_t data;
const char *pass;
- int indx;
+ int indx, fail = 0;
result = gnutls_pkcs12_init (&pkcs12);
if (result < 0)
@@ -2576,14 +2580,14 @@ pkcs12_info (common_info_st* cinfo)
if (result < 0)
error (EXIT_FAILURE, 0, "p12_import: %s", gnutls_strerror (result));
- if (cinfo->password)
- pass = cinfo->password;
- else
- pass = get_pass ();
+ pass = get_password(cinfo, NULL, 0);
result = gnutls_pkcs12_verify_mac (pkcs12, pass);
if (result < 0)
- error (0, 0, "verify_mac: %s", gnutls_strerror (result));
+ {
+ fail = 1;
+ error (0, 0, "verify_mac: %s", gnutls_strerror (result));
+ }
for (indx = 0;; indx++)
{
@@ -2614,6 +2618,7 @@ pkcs12_info (common_info_st* cinfo)
if (result < 0)
{
+ fail = 1;
error (0, 0, "bag_decrypt: %s", gnutls_strerror (result));
continue;
}
@@ -2628,6 +2633,9 @@ pkcs12_info (common_info_st* cinfo)
gnutls_pkcs12_bag_deinit (bag);
}
+
+ if (fail)
+ error (EXIT_FAILURE, 0, "There were errors parsing the structure\n");
}
void
diff --git a/src/cli.c b/src/cli.c
index 3ef9974..106c617 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -248,7 +248,7 @@ load_keys (void)
exit (1);
}
- ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype,
NULL);
+ ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype,
NULL, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
diff --git a/tests/pkcs12-decode/Makefile.am b/tests/pkcs12-decode/Makefile.am
index e7fabcd..a702adf 100644
--- a/tests/pkcs12-decode/Makefile.am
+++ b/tests/pkcs12-decode/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12 \
- pkcs12_5certs.p12
+ pkcs12_5certs.p12 test-null.p12
dist_check_SCRIPTS = pkcs12
diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12
index 3cbe476..a2ee20b 100755
--- a/tests/pkcs12-decode/pkcs12
+++ b/tests/pkcs12-decode/pkcs12
@@ -48,5 +48,13 @@ for p12 in 'client.p12 foobar' noclient.p12 unclient.p12
pkcs12_2certs.p12; do
fi
done
+file=test-null.p12
+$CERTTOOL --p12-info --inder --null-password --infile $file >/dev/null 2>&1
+rc=$?
+if test $rc != 0; then
+ echo "PKCS12 FATAL $file"
+ ret=1
+fi
+
#echo "NEON PKCS12 DONE (rc $ret)"
exit $ret
diff --git a/tests/pkcs12-decode/test-null.p12
b/tests/pkcs12-decode/test-null.p12
new file mode 100644
index 0000000..4db0afb
Binary files /dev/null and b/tests/pkcs12-decode/test-null.p12 differ
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-85-ge7e14d8,
Nikos Mavrogiannopoulos <=