Add password command line options to some utils. Fix and update man

pages.

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
   *) Add a few manpages for some of the openssl commands.
      [Steve Henson]
 

apps/apps.c

@@ -325,7 +325,7 @@ int app_init(long mesgwin)
 	}
 #endif
 
-int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
 	{
 	int i;
 

apps/apps.h

@@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
+int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

apps/ca.c

@@ -534,7 +534,7 @@ bad:
 		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 	else
 		{
-		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
 		memset(key,0,strlen(key));
 		}
 	if (pkey == NULL)

apps/dsa.c

@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
+	char *passin = NULL, *passout = NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -131,6 +132,39 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passin= *(++argv);
+			}
+		else if (strcmp(*argv,"-envpassin") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passin= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			}
+		else if (strcmp(*argv,"-envpassout") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passout= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			argv++;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passout= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -159,7 +193,11 @@ bad:
 		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
 		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+		BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
 		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+		BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -198,7 +236,11 @@ bad:
 		else dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	} else if (informat == FORMAT_PEM) {
 		if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
+		else {
+			if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
+								key_cb,passin);
 			else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+		}
 	} else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -245,7 +287,12 @@ bad:
 	} else if (outformat == FORMAT_PEM) {
 		if(pubin || pubout)
 			i=PEM_write_bio_DSAPublicKey(out,dsa);
-		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
+		else {
+			if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+							NULL,0,key_cb, passout);
+			i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
+								     NULL,NULL);
+		}
 	} else {
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;

apps/rsa.c

@@ -96,6 +96,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,text=0,check=0,noout=0;
 	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
+	char *passin = NULL, *passout = NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -134,6 +135,39 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passin= *(++argv);
+			}
+		else if (strcmp(*argv,"-envpassin") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passin= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			}
+		else if (strcmp(*argv,"-envpassout") == 0)
+			{
+			if (--argc < 1) goto bad;
+				if(!(passout= getenv(*(++argv))))
+				{
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n",
+								*argv);
+				badops = 1;
+				}
+			argv++;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passout= *(++argv);
+			}
 		else if (strcmp(*argv,"-pubin") == 0)
 			pubin=1;
 		else if (strcmp(*argv,"-pubout") == 0)
@@ -164,7 +198,12 @@ bad:
 		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase\n");
+		BIO_printf(bio_err," -envpassin arg  environment variable containing input file pass phrase\n");
+		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    input file pass phrase\n");
+		BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -234,8 +273,12 @@ bad:
 #endif
 	else if (informat == FORMAT_PEM) {
 		if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
+		else {
+			if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+								key_cb,passin);
 			else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
 		}
+	}
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -333,8 +376,12 @@ bad:
 	else if (outformat == FORMAT_PEM) {
 		if(pubout || pubin)
 		    i=PEM_write_bio_RSAPublicKey(out,rsa);
-		else
-		    i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
+		else {
+			if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
+						enc,NULL,0,key_cb,passout);
+			else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
+								0,NULL,NULL);
+		}
 	} else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;

doc/man/asn1parse.pod

@@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool
 
 =head1 SYNOPSIS
 
-=item B<openssl> B<asn1parse>
+B<openssl> B<asn1parse>
 [B<-inform PEM|DER>]
 [B<-in filename>]
 [B<-out filename>]

doc/man/dsa.pod

@@ -10,7 +10,11 @@ B<openssl> B<dsa>
 [B<-inform PEM|DER>]
 [B<-outform PEM|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.
 
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>
 
 This specifies the output filename to write a key to or standard output by
@@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.
 
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>
 
 These options encrypt the private key with the DES, triple DES, or the 

doc/man/req.pod

@@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or
 B<oid_section> options in the configuration file. Any additional fields
 will be treated as though they were a DirectoryString.
 
+=back
+
 =head1 EXAMPLES
 
 Examine and verify certificate request:

doc/man/rsa.pod

@@ -11,7 +11,11 @@ B<openssl> B<rsa>
 [B<-inform PEM|NET|DER>]
 [B<-outform PEM|NET|DER>]
 [B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
 [B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
 [B<-des>]
 [B<-des3>]
 [B<-idea>]
@@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this
 option is not specified. If the key is encrypted a pass phrase will be
 prompted for.
 
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
 =item B<-out filename>
 
 This specifies the output filename to write a key to or standard output by
@@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be
 prompted for. The output filename should B<not> be the same as the input
 filename.
 
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
 =item B<-des|-des3|-idea>
 
 These options encrypt the private key with the DES, triple DES, or the 

doc/man/version.pod

 =pod
 
-=head 1 NAME
+=head1 NAME
 
 version - print version information
 
 =head1 SYNOPSIS
 
-=item B<openssl version>
+B<openssl version>
 [B<-a>]
 [B<-v>]
 [B<-b>]