Add password command line options to some utils. Fix and update man

pages.

Add password command line options to some utils. Fix and update man
pages.
af29811e · Dr. Stephen Henson · 53b1899e · af29811e · af29811e · af29811e
11 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
  *) Add a few manpages for some of the openssl commands.
     [Steve Henson]


--- a/apps/apps.c
+++ b/apps/apps.c
@@ -325,7 +325,7 @@ int app_init(long mesgwin)
 	}
 #endif

-int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
 	{
 	int i;


--- a/apps/apps.h
+++ b/apps/apps.h
@@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
+int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -534,7 +534,7 @@ bad:
 		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 	else
 		{
-		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
 		memset(key,0,strlen(key));
 		}
 	if (pkey == NULL)

--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
+	char *passin = NULL, *passout = NULL;
 	int modulus=0;

 	apps_startup();
@@ -131,6 +132,39 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passin= *(++argv);
+			}
+		else if (strcmp(*argv,"-envpassin") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passin= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			}
+		else if (strcmp(*argv,"-envpassout") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passout= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			argv++;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passout= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -156,18 +190,22 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+		BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
+		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+		BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
-		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
-		BIO_printf(bio_err," -text         print the key in text\n");
-		BIO_printf(bio_err," -noout        don't print key out\n");
-		BIO_printf(bio_err," -modulus      print the DSA public value\n");
+		BIO_printf(bio_err," -text           print the key in text\n");
+		BIO_printf(bio_err," -noout          don't print key out\n");
+		BIO_printf(bio_err," -modulus        print the DSA public value\n");
 		goto end;
 		}

@@ -198,7 +236,11 @@ bad:
 		else dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	} else if (informat == FORMAT_PEM) {
 		if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
-		else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+		else {
+			if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
+								key_cb,passin);
+			else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+		}
 	} else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -245,8 +287,13 @@ bad:
 	} else if (outformat == FORMAT_PEM) {
 		if(pubin || pubout)
 			i=PEM_write_bio_DSAPublicKey(out,dsa);
-		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
-	} else	{
+		else {
+			if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+							NULL,0,key_cb, passout);
+			i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
+								     NULL,NULL);
+		}
+	} else {
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}

--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -96,6 +96,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,text=0,check=0,noout=0;
 	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
+	char *passin = NULL, *passout = NULL;
 	int modulus=0;

 	apps_startup();
@@ -134,6 +135,39 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passin= *(++argv);
+			}
+		else if (strcmp(*argv,"-envpassin") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passin= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			}
+		else if (strcmp(*argv,"-envpassout") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passout= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			argv++;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passout= *(++argv);
+			}
 		else if (strcmp(*argv,"-pubin") == 0)
 			pubin=1;
 		else if (strcmp(*argv,"-pubout") == 0)
@@ -161,21 +195,26 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+		BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
+		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+		BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
-		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
-		BIO_printf(bio_err," -text         print the key in text\n");
-		BIO_printf(bio_err," -noout        don't print key out\n");
-		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
-		BIO_printf(bio_err," -check        verify key consistency\n");
-		BIO_printf(bio_err," -pubin        expect a public key in input file\n");
-		BIO_printf(bio_err," -pubout       output a public key\n");
+		BIO_printf(bio_err," -text           print the key in text\n");
+		BIO_printf(bio_err," -noout          don't print key out\n");
+		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
+		BIO_printf(bio_err," -check          verify key consistency\n");
+		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
+		BIO_printf(bio_err," -pubout         output a public key\n");
 		goto end;
 		}

@@ -234,7 +273,11 @@ bad:
 #endif
 	else if (informat == FORMAT_PEM) {
 		if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
-		else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+		else {
+			if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+								key_cb,passin);
+			else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+		}
 	}
 	else
 		{
@@ -333,8 +376,12 @@ bad:
 	else if (outformat == FORMAT_PEM) {
 		if(pubout || pubin)
 		    i=PEM_write_bio_RSAPublicKey(out,rsa);
-		else
-		    i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
+		else {
+			if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
+						enc,NULL,0,key_cb,passout);
+			else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
+								0,NULL,NULL);
+		}
 	} else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;

--- a/doc/man/asn1parse.pod
+++ b/doc/man/asn1parse.pod
@@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool

 =head1 SYNOPSIS

-=item B<openssl> B<asn1parse>
+B<openssl> B<asn1parse>
 [B<-inform PEM|DER>]
 [B<-in filename>]
 [B<-out filename>]

--- a/doc/man/dsa.pod
+++ b/doc/man/dsa.pod
@@ -10,7 +10,11 @@ B<openssl> B<dsa>
 [B<-inform PEM|DER>]
 [B<-outform PEM|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.

+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>

 This specifies the output filename to write a key to or standard output by
@@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.

+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>

 These options encrypt the private key with the DES, triple DES, or the 

--- a/doc/man/req.pod
+++ b/doc/man/req.pod
@@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or
 B<oid_section> options in the configuration file. Any additional fields
 will be treated as though they were a DirectoryString.

+=back
+
 =head1 EXAMPLES

 Examine and verify certificate request:

--- a/doc/man/rsa.pod
+++ b/doc/man/rsa.pod
@@ -11,7 +11,11 @@ B<openssl> B<rsa>
 [B<-inform PEM|NET|DER>]
 [B<-outform PEM|NET|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.

+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>

 This specifies the output filename to write a key to or standard output by
@@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.

+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>

 These options encrypt the private key with the DES, triple DES, or the 

--- a/doc/man/version.pod
+++ b/doc/man/version.pod
 =pod

-=head 1 NAME
+=head1 NAME

 version - print version information

 =head1 SYNOPSIS

-=item B<openssl version>
+B<openssl version>
 [B<-a>]
 [B<-v>]
 [B<-b>]