generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add password command line options to some utils. Fix and update man

Browse Source 
pages.
This commit is contained in:
Dr. Stephen Henson 1999-11-11 18:41:31 +00:00
parent 53b1899e3c
commit af29811edd
11 changed files with 181 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -4,6 +4,12 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999] Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Add options to some of the utilities to allow the pass phrase
to be included on either the command line (not recommended on
OSes like Unix) or read from the environment. Update the
manpages and fix a few bugs.
[Steve Henson]
*) Add a few manpages for some of the openssl commands. *) Add a few manpages for some of the openssl commands.
[Steve Henson] [Steve Henson]

2
apps/apps.c
View File

@ -325,7 +325,7 @@ int app_init(long mesgwin)
} }
#endif #endif
int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key) int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
{ {
int i; int i;

2
apps/apps.h
View File

@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s); int str2fmt(char *s);
void program_name(char *in,char *out,int size); void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u); int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
#define FORMAT_UNDEF 0 #define FORMAT_UNDEF 0
#define FORMAT_ASN1 1 #define FORMAT_ASN1 1
#define FORMAT_TEXT 2 #define FORMAT_TEXT 2

2
apps/ca.c
View File

@ -534,7 +534,7 @@ bad:
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
else else
{ {
pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key); pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
memset(key,0,strlen(key)); memset(key,0,strlen(key));
} }
if (pkey == NULL) if (pkey == NULL)

73
apps/dsa.c
View File

@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,text=0,noout=0; int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0; int pubin = 0, pubout = 0;
char *infile,*outfile,*prog; char *infile,*outfile,*prog;
char *passin = NULL, *passout = NULL;
int modulus=0; int modulus=0;
apps_startup(); apps_startup();
@ -131,6 +132,39 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile= *(++argv); outfile= *(++argv);
} }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passin= *(++argv);
}
else if (strcmp(*argv,"-envpassin") == 0)
{
if (--argc < 1) goto bad;
if(!(passin= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
}
else if (strcmp(*argv,"-envpassout") == 0)
{
if (--argc < 1) goto bad;
if(!(passout= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
argv++;
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passout= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv,"-noout") == 0)
noout=1; noout=1;
else if (strcmp(*argv,"-text") == 0) else if (strcmp(*argv,"-text") == 0)
@ -156,18 +190,22 @@ int MAIN(int argc, char **argv)
bad: bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passin arg input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg input file pass phrase\n");
BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA #ifndef NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif #endif
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n"); BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end; goto end;
} }
@ -198,7 +236,11 @@ bad:
else dsa=d2i_DSAPrivateKey_bio(in,NULL); else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) { } else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL); if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); else {
if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
key_cb,passin);
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
}
} else } else
{ {
BIO_printf(bio_err,"bad input format specified for key\n"); BIO_printf(bio_err,"bad input format specified for key\n");
@ -245,8 +287,13 @@ bad:
} else if (outformat == FORMAT_PEM) { } else if (outformat == FORMAT_PEM) {
if(pubin || pubout) if(pubin || pubout)
i=PEM_write_bio_DSAPublicKey(out,dsa); i=PEM_write_bio_DSAPublicKey(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL); else {
} else { if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,key_cb, passout);
i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
NULL,NULL);
}
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end; goto end;
} }

79
apps/rsa.c
View File

@ -96,6 +96,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,text=0,check=0,noout=0; int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0; int pubin = 0, pubout = 0;
char *infile,*outfile,*prog; char *infile,*outfile,*prog;
char *passin = NULL, *passout = NULL;
int modulus=0; int modulus=0;
apps_startup(); apps_startup();
@ -134,6 +135,39 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile= *(++argv); outfile= *(++argv);
} }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passin= *(++argv);
}
else if (strcmp(*argv,"-envpassin") == 0)
{
if (--argc < 1) goto bad;
if(!(passin= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
}
else if (strcmp(*argv,"-envpassout") == 0)
{
if (--argc < 1) goto bad;
if(!(passout= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
argv++;
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passout= *(++argv);
}
else if (strcmp(*argv,"-pubin") == 0) else if (strcmp(*argv,"-pubin") == 0)
pubin=1; pubin=1;
else if (strcmp(*argv,"-pubout") == 0) else if (strcmp(*argv,"-pubout") == 0)
@ -161,21 +195,26 @@ int MAIN(int argc, char **argv)
bad: bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passin arg input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg input file pass phrase\n");
BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA #ifndef NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif #endif
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the RSA key modulus\n"); BIO_printf(bio_err," -modulus print the RSA key modulus\n");
BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n"); BIO_printf(bio_err," -pubout output a public key\n");
goto end; goto end;
} }
@ -234,7 +273,11 @@ bad:
#endif #endif
else if (informat == FORMAT_PEM) { else if (informat == FORMAT_PEM) {
if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL); if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL); else {
if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
key_cb,passin);
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
}
} }
else else
{ {
@ -333,8 +376,12 @@ bad:
else if (outformat == FORMAT_PEM) { else if (outformat == FORMAT_PEM) {
if(pubout || pubin) if(pubout || pubin)
i=PEM_write_bio_RSAPublicKey(out,rsa); i=PEM_write_bio_RSAPublicKey(out,rsa);
else else {
i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL); if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,key_cb,passout);
else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
0,NULL,NULL);
}
} else { } else {
BIO_printf(bio_err,"bad output format specified for outfile\n"); BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end; goto end;

2
doc/man/asn1parse.pod
View File

@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS =head1 SYNOPSIS
=item B<openssl> B<asn1parse> B<openssl> B<asn1parse>
[B<-inform PEM|DER>] [B<-inform PEM|DER>]
[B<-in filename>] [B<-in filename>]
[B<-out filename>] [B<-out filename>]

22
doc/man/dsa.pod
View File

@ -10,7 +10,11 @@ B<openssl> B<dsa>
[B<-inform PEM|DER>] [B<-inform PEM|DER>]
[B<-outform PEM|DER>] [B<-outform PEM|DER>]
[B<-in filename>] [B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-out filename>] [B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-des>] [B<-des>]
[B<-des3>] [B<-des3>]
[B<-idea>] [B<-idea>]
@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be option is not specified. If the key is encrypted a pass phrase will be
prompted for. prompted for.
=item B<-passin password>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
=item B<-out filename> =item B<-out filename>
This specifies the output filename to write a key to or standard output by This specifies the output filename to write a key to or standard output by
@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input prompted for. The output filename should B<not> be the same as the input
filename. filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
=item B<-des|-des3|-idea> =item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the These options encrypt the private key with the DES, triple DES, or the

2
doc/man/req.pod
View File

@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or
B<oid_section> options in the configuration file. Any additional fields B<oid_section> options in the configuration file. Any additional fields
will be treated as though they were a DirectoryString. will be treated as though they were a DirectoryString.
=back
=head1 EXAMPLES =head1 EXAMPLES
Examine and verify certificate request: Examine and verify certificate request:

22
doc/man/rsa.pod
View File

@ -11,7 +11,11 @@ B<openssl> B<rsa>
[B<-inform PEM|NET|DER>] [B<-inform PEM|NET|DER>]
[B<-outform PEM|NET|DER>] [B<-outform PEM|NET|DER>]
[B<-in filename>] [B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-out filename>] [B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-des>] [B<-des>]
[B<-des3>] [B<-des3>]
[B<-idea>] [B<-idea>]
@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be option is not specified. If the key is encrypted a pass phrase will be
prompted for. prompted for.
=item B<-passin password>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
=item B<-out filename> =item B<-out filename>
This specifies the output filename to write a key to or standard output by This specifies the output filename to write a key to or standard output by
@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input prompted for. The output filename should B<not> be the same as the input
filename. filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
=item B<-des|-des3|-idea> =item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the These options encrypt the private key with the DES, triple DES, or the

4
doc/man/version.pod
View File

@ -1,12 +1,12 @@
=pod =pod
=head 1 NAME =head1 NAME
version - print version information version - print version information
=head1 SYNOPSIS =head1 SYNOPSIS
=item B<openssl version> B<openssl version>
[B<-a>] [B<-a>]
[B<-v>] [B<-v>]
[B<-b>] [B<-b>]