diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | apps/apps.c | 2 | ||||
| -rw-r--r-- | apps/apps.h | 2 | ||||
| -rw-r--r-- | apps/ca.c | 2 | ||||
| -rw-r--r-- | apps/dsa.c | 73 | ||||
| -rw-r--r-- | apps/rsa.c | 79 | ||||
| -rw-r--r-- | doc/man/asn1parse.pod | 2 | ||||
| -rw-r--r-- | doc/man/dsa.pod | 22 | ||||
| -rw-r--r-- | doc/man/req.pod | 2 | ||||
| -rw-r--r-- | doc/man/rsa.pod | 22 | ||||
| -rw-r--r-- | doc/man/version.pod | 4 |
11 files changed, 181 insertions, 35 deletions
@@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Add options to some of the utilities to allow the pass phrase + to be included on either the command line (not recommended on + OSes like Unix) or read from the environment. Update the + manpages and fix a few bugs. + [Steve Henson] + *) Add a few manpages for some of the openssl commands. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index 3a27f2c6f1..629b297917 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -325,7 +325,7 @@ int app_init(long mesgwin) } #endif -int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key) +int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key) { int i; diff --git a/apps/apps.h b/apps/apps.h index 0bdf469f0b..7128d0df02 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]); int str2fmt(char *s); void program_name(char *in,char *out,int size); int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); -int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u); +int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 #define FORMAT_TEXT 2 @@ -534,7 +534,7 @@ bad: pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); else { - pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key); + pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key); memset(key,0,strlen(key)); } if (pkey == NULL) diff --git a/apps/dsa.c b/apps/dsa.c index 229f2ea246..85c62b9275 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -93,6 +93,7 @@ int MAIN(int argc, char **argv) int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; + char *passin = NULL, *passout = NULL; int modulus=0; apps_startup(); @@ -131,6 +132,39 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passin= *(++argv); + } + else if (strcmp(*argv,"-envpassin") == 0) + { + if (--argc < 1) goto bad; + if(!(passin= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + } + else if (strcmp(*argv,"-envpassout") == 0) + { + if (--argc < 1) goto bad; + if(!(passout= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + argv++; + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passout= *(++argv); + } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -156,18 +190,22 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); - BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); + BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); + BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -passin arg input file pass phrase\n"); + BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -passout arg input file pass phrase\n"); + BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA - BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif - BIO_printf(bio_err," -text print the key in text\n"); - BIO_printf(bio_err," -noout don't print key out\n"); - BIO_printf(bio_err," -modulus print the DSA public value\n"); + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the DSA public value\n"); goto end; } @@ -198,7 +236,11 @@ bad: else dsa=d2i_DSAPrivateKey_bio(in,NULL); } else if (informat == FORMAT_PEM) { if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL); - else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); + else { + if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL, + key_cb,passin); + else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); + } } else { BIO_printf(bio_err,"bad input format specified for key\n"); @@ -245,8 +287,13 @@ bad: } else if (outformat == FORMAT_PEM) { if(pubin || pubout) i=PEM_write_bio_DSAPublicKey(out,dsa); - else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL); - } else { + else { + if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, + NULL,0,key_cb, passout); + i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0, + NULL,NULL); + } + } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } diff --git a/apps/rsa.c b/apps/rsa.c index 0351cb7d22..ee1365a929 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -96,6 +96,7 @@ int MAIN(int argc, char **argv) int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; + char *passin = NULL, *passout = NULL; int modulus=0; apps_startup(); @@ -134,6 +135,39 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passin= *(++argv); + } + else if (strcmp(*argv,"-envpassin") == 0) + { + if (--argc < 1) goto bad; + if(!(passin= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + } + else if (strcmp(*argv,"-envpassout") == 0) + { + if (--argc < 1) goto bad; + if(!(passout= getenv(*(++argv)))) + { + BIO_printf(bio_err, + "Can't read environment variable %s\n", + *argv); + badops = 1; + } + argv++; + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passout= *(++argv); + } else if (strcmp(*argv,"-pubin") == 0) pubin=1; else if (strcmp(*argv,"-pubout") == 0) @@ -161,21 +195,26 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); - BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); - BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); + BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); + BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -passin arg input file pass phrase\n"); + BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -passout arg input file pass phrase\n"); + BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n"); + BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); + BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA - BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); + BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif - BIO_printf(bio_err," -text print the key in text\n"); - BIO_printf(bio_err," -noout don't print key out\n"); - BIO_printf(bio_err," -modulus print the RSA key modulus\n"); - BIO_printf(bio_err," -check verify key consistency\n"); - BIO_printf(bio_err," -pubin expect a public key in input file\n"); - BIO_printf(bio_err," -pubout output a public key\n"); + BIO_printf(bio_err," -text print the key in text\n"); + BIO_printf(bio_err," -noout don't print key out\n"); + BIO_printf(bio_err," -modulus print the RSA key modulus\n"); + BIO_printf(bio_err," -check verify key consistency\n"); + BIO_printf(bio_err," -pubin expect a public key in input file\n"); + BIO_printf(bio_err," -pubout output a public key\n"); goto end; } @@ -234,7 +273,11 @@ bad: #endif else if (informat == FORMAT_PEM) { if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL); - else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); + else { + if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL, + key_cb,passin); + else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); + } } else { @@ -333,8 +376,12 @@ bad: else if (outformat == FORMAT_PEM) { if(pubout || pubin) i=PEM_write_bio_RSAPublicKey(out,rsa); - else - i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL); + else { + if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa, + enc,NULL,0,key_cb,passout); + else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL, + 0,NULL,NULL); + } } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; diff --git a/doc/man/asn1parse.pod b/doc/man/asn1parse.pod index 4e3ecf4fc2..ef1c61419b 100644 --- a/doc/man/asn1parse.pod +++ b/doc/man/asn1parse.pod @@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool =head1 SYNOPSIS -=item B<openssl> B<asn1parse> +B<openssl> B<asn1parse> [B<-inform PEM|DER>] [B<-in filename>] [B<-out filename>] diff --git a/doc/man/dsa.pod b/doc/man/dsa.pod index eab5f8c4bc..576731f92c 100644 --- a/doc/man/dsa.pod +++ b/doc/man/dsa.pod @@ -10,7 +10,11 @@ B<openssl> B<dsa> [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] +[B<-passin password>] +[B<-envpassin var>] [B<-out filename>] +[B<-passout password>] +[B<-envpassout var>] [B<-des>] [B<-des3>] [B<-idea>] @@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. +=item B<-passin password> + +the input file password. Since certain utilities like "ps" make the command line +visible this option should be used with caution. + +=item B<-envpassin var> + +read the input file password from the environment variable B<var>. + =item B<-out filename> This specifies the output filename to write a key to or standard output by @@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should B<not> be the same as the input filename. +=item B<-passout password> + +the output file password. Since certain utilities like "ps" make the command line +visible this option should be used with caution. + +=item B<-envpassout var> + +read the output file password from the environment variable B<var>. + =item B<-des|-des3|-idea> These options encrypt the private key with the DES, triple DES, or the diff --git a/doc/man/req.pod b/doc/man/req.pod index 8e4a4511e7..c9e7111aaf 100644 --- a/doc/man/req.pod +++ b/doc/man/req.pod @@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or B<oid_section> options in the configuration file. Any additional fields will be treated as though they were a DirectoryString. +=back + =head1 EXAMPLES Examine and verify certificate request: diff --git a/doc/man/rsa.pod b/doc/man/rsa.pod index d96e57953c..eea8539b61 100644 --- a/doc/man/rsa.pod +++ b/doc/man/rsa.pod @@ -11,7 +11,11 @@ B<openssl> B<rsa> [B<-inform PEM|NET|DER>] [B<-outform PEM|NET|DER>] [B<-in filename>] +[B<-passin password>] +[B<-envpassin var>] [B<-out filename>] +[B<-passout password>] +[B<-envpassout var>] [B<-des>] [B<-des3>] [B<-idea>] @@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. +=item B<-passin password> + +the input file password. Since certain utilities like "ps" make the command line +visible this option should be used with caution. + +=item B<-envpassin var> + +read the input file password from the environment variable B<var>. + =item B<-out filename> This specifies the output filename to write a key to or standard output by @@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should B<not> be the same as the input filename. +=item B<-passout password> + +the output file password. Since certain utilities like "ps" make the command line +visible this option should be used with caution. + +=item B<-envpassout var> + +read the output file password from the environment variable B<var>. + =item B<-des|-des3|-idea> These options encrypt the private key with the DES, triple DES, or the diff --git a/doc/man/version.pod b/doc/man/version.pod index 453d6c175f..69421d52cb 100644 --- a/doc/man/version.pod +++ b/doc/man/version.pod @@ -1,12 +1,12 @@ =pod -=head 1 NAME +=head1 NAME version - print version information =head1 SYNOPSIS -=item B<openssl version> +B<openssl version> [B<-a>] [B<-v>] [B<-b>] |