Add password command line options to some utils. Fix and update man
authorDr. Stephen Henson <steve@openssl.org>
Thu, 11 Nov 1999 18:41:31 +0000 (18:41 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 11 Nov 1999 18:41:31 +0000 (18:41 +0000)
pages.

CHANGES
apps/apps.c
apps/apps.h
apps/ca.c
apps/dsa.c
apps/rsa.c
doc/man/asn1parse.pod
doc/man/dsa.pod
doc/man/req.pod
doc/man/rsa.pod
doc/man/version.pod

diff --git a/CHANGES b/CHANGES
index 1289d8491df4efda6357e2eaf5b2b39f12f65f9d..b7d6be415dc5f826eec8e485892ea23fb4f096f8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
   *) Add a few manpages for some of the openssl commands.
      [Steve Henson]
 
index 3a27f2c6f140b4ae7131e315ebe8c03d7796a410..629b297917d80aa73f202fc92dd3dffd2d057f53 100644 (file)
@@ -325,7 +325,7 @@ int app_init(long mesgwin)
        }
 #endif
 
-int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
        {
        int i;
 
index 0bdf469f0b1e0908bc49fac56a9cdaec995dfd80..7128d0df02fe6ba35c58e3fda0286f535e89c1a5 100644 (file)
@@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
+int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
index d724d0940776dee0037a3bcf891192116832050f..b5c6f92b870d9d08ea5c54707a4cd853deb4a3e5 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -534,7 +534,7 @@ bad:
                pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
        else
                {
-               pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
+               pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
                memset(key,0,strlen(key));
                }
        if (pkey == NULL)
index 229f2ea24664661c4196420fff73ef396743185b..85c62b92755318824765d8b692bf01531f9b1af7 100644 (file)
@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
        int informat,outformat,text=0,noout=0;
        int pubin = 0, pubout = 0;
        char *infile,*outfile,*prog;
+       char *passin = NULL, *passout = NULL;
        int modulus=0;
 
        apps_startup();
@@ -131,6 +132,39 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-passin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passin= *(++argv);
+                       }
+               else if (strcmp(*argv,"-envpassin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passin= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       }
+               else if (strcmp(*argv,"-envpassout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passout= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       argv++;
+                       }
+               else if (strcmp(*argv,"-passout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passout= *(++argv);
+                       }
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                else if (strcmp(*argv,"-text") == 0)
@@ -156,18 +190,22 @@ int MAIN(int argc, char **argv)
 bad:
                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
                BIO_printf(bio_err,"where options are\n");
-               BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-               BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
-               BIO_printf(bio_err," -in arg       input file\n");
-               BIO_printf(bio_err," -out arg      output file\n");
-               BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-               BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+               BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
+               BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
+               BIO_printf(bio_err," -in arg         input file\n");
+               BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+               BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
+               BIO_printf(bio_err," -out arg        output file\n");
+               BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+               BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+               BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+               BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
-               BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+               BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
-               BIO_printf(bio_err," -text         print the key in text\n");
-               BIO_printf(bio_err," -noout        don't print key out\n");
-               BIO_printf(bio_err," -modulus      print the DSA public value\n");
+               BIO_printf(bio_err," -text           print the key in text\n");
+               BIO_printf(bio_err," -noout          don't print key out\n");
+               BIO_printf(bio_err," -modulus        print the DSA public value\n");
                goto end;
                }
 
@@ -198,7 +236,11 @@ bad:
                else dsa=d2i_DSAPrivateKey_bio(in,NULL);
        } else if (informat == FORMAT_PEM) {
                if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
-               else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+               else {
+                       if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
+                                                               key_cb,passin);
+                       else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+               }
        } else
                {
                BIO_printf(bio_err,"bad input format specified for key\n");
@@ -245,8 +287,13 @@ bad:
        } else if (outformat == FORMAT_PEM) {
                if(pubin || pubout)
                        i=PEM_write_bio_DSAPublicKey(out,dsa);
-               else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
-       } else  {
+               else {
+                       if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+                                                       NULL,0,key_cb, passout);
+                       i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
+                                                                    NULL,NULL);
+               }
+       } else {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
                }
index 0351cb7d229a80a6d5b8d993436534deb59f402a..ee1365a929f23ef2156c711c0c52e7c75295843d 100644 (file)
@@ -96,6 +96,7 @@ int MAIN(int argc, char **argv)
        int informat,outformat,text=0,check=0,noout=0;
        int pubin = 0, pubout = 0;
        char *infile,*outfile,*prog;
+       char *passin = NULL, *passout = NULL;
        int modulus=0;
 
        apps_startup();
@@ -134,6 +135,39 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-passin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passin= *(++argv);
+                       }
+               else if (strcmp(*argv,"-envpassin") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passin= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       }
+               else if (strcmp(*argv,"-envpassout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                               if(!(passout= getenv(*(++argv))))
+                               {
+                               BIO_printf(bio_err,
+                                "Can't read environment variable %s\n",
+                                                               *argv);
+                               badops = 1;
+                               }
+                       argv++;
+                       }
+               else if (strcmp(*argv,"-passout") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       passout= *(++argv);
+                       }
                else if (strcmp(*argv,"-pubin") == 0)
                        pubin=1;
                else if (strcmp(*argv,"-pubout") == 0)
@@ -161,21 +195,26 @@ int MAIN(int argc, char **argv)
 bad:
                BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
                BIO_printf(bio_err,"where options are\n");
-               BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
-               BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-               BIO_printf(bio_err," -in arg       input file\n");
-               BIO_printf(bio_err," -out arg      output file\n");
-               BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-               BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+               BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
+               BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
+               BIO_printf(bio_err," -in arg         input file\n");
+               BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+               BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
+               BIO_printf(bio_err," -in arg         input file\n");
+               BIO_printf(bio_err," -out arg        output file\n");
+               BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+               BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+               BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+               BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
-               BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+               BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
-               BIO_printf(bio_err," -text         print the key in text\n");
-               BIO_printf(bio_err," -noout        don't print key out\n");
-               BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
-               BIO_printf(bio_err," -check        verify key consistency\n");
-               BIO_printf(bio_err," -pubin        expect a public key in input file\n");
-               BIO_printf(bio_err," -pubout       output a public key\n");
+               BIO_printf(bio_err," -text           print the key in text\n");
+               BIO_printf(bio_err," -noout          don't print key out\n");
+               BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
+               BIO_printf(bio_err," -check          verify key consistency\n");
+               BIO_printf(bio_err," -pubin          expect a public key in input file\n");
+               BIO_printf(bio_err," -pubout         output a public key\n");
                goto end;
                }
 
@@ -234,7 +273,11 @@ bad:
 #endif
        else if (informat == FORMAT_PEM) {
                if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
-               else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+               else {
+                       if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+                                                               key_cb,passin);
+                       else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+               }
        }
        else
                {
@@ -333,8 +376,12 @@ bad:
        else if (outformat == FORMAT_PEM) {
                if(pubout || pubin)
                    i=PEM_write_bio_RSAPublicKey(out,rsa);
-               else
-                   i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
+               else {
+                       if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
+                                               enc,NULL,0,key_cb,passout);
+                       else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
+                                                               0,NULL,NULL);
+               }
        } else  {
                BIO_printf(bio_err,"bad output format specified for outfile\n");
                goto end;
index 4e3ecf4fc242bcf965cb78d90e1d7ff6c402bfd5..ef1c61419b1d32848a28a58a7c31771e3bb8fa29 100644 (file)
@@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool
 
 =head1 SYNOPSIS
 
-=item B<openssl> B<asn1parse>
+B<openssl> B<asn1parse>
 [B<-inform PEM|DER>]
 [B<-in filename>]
 [B<-out filename>]
index eab5f8c4bce90dd189045d3a7128cea3a6664a6f..576731f92ca11c5613c93ad08b2275f2e7d5b34e 100644 (file)
@@ -10,7 +10,11 @@ B<openssl> B<dsa>
 [B<-inform PEM|DER>]
 [B<-outform PEM|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.
 
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>
 
 This specifies the output filename to write a key to or standard output by
@@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.
 
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>
 
 These options encrypt the private key with the DES, triple DES, or the 
index 8e4a4511e74e199a574b8508ab304a4a405426c4..c9e7111aaf8cfa41989e9aea63c091385a8ca087 100644 (file)
@@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or
 B<oid_section> options in the configuration file. Any additional fields
 will be treated as though they were a DirectoryString.
 
+=back
+
 =head1 EXAMPLES
 
 Examine and verify certificate request:
index d96e57953c28e6caa581e0857f30c80d5f8a5fde..eea8539b61ac058f91154b19a80c70f128024438 100644 (file)
@@ -11,7 +11,11 @@ B<openssl> B<rsa>
 [B<-inform PEM|NET|DER>]
 [B<-outform PEM|NET|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.
 
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>
 
 This specifies the output filename to write a key to or standard output by
@@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.
 
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>
 
 These options encrypt the private key with the DES, triple DES, or the 
index 453d6c175f281f75604e4dade9de6e8c873b600f..69421d52cb7d5d9f2e4d7bb0d24a108fe9fa8d48 100644 (file)
@@ -1,12 +1,12 @@
 =pod
 
-=head 1 NAME
+=head1 NAME
 
 version - print version information
 
 =head1 SYNOPSIS
 
-=item B<openssl version>
+B<openssl version>
 [B<-a>]
 [B<-v>]
 [B<-b>]