src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2019-02-03 14:20:08 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2019-02-03 14:20:08 +0000
commit	7dd0a9c99308f1e1addecc364c4c6e243eb70a63 (patch)
tree	c9829e200c32748e916f62aa945889e56f884159 /usr.bin/openssl/rsautl.c
parent	95a5d32fc2aa819a184eb3d7180470a54f32df0a (diff)

Convert openssl(1) rsautl to the newer style of option handling.

ok beck@ inoguchi@ tb@

Diffstat (limited to 'usr.bin/openssl/rsautl.c')

-rw-r--r--

usr.bin/openssl/rsautl.c

317

1 files changed, 196 insertions, 121 deletions

diff --git a/usr.bin/openssl/rsautl.c b/usr.bin/openssl/rsautl.c
index 65b10858b8f..c3c3a82f8f7 100644
--- a/usr.bin/openssl/rsautl.c
+++ b/usr.bin/openssl/rsautl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: rsautl.c,v 1.14 2019/01/29 10:17:56 tb Exp $ */

+/* $OpenBSD: rsautl.c,v 1.15 2019/02/03 14:20:07 jsing Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2000.

@@ -58,7 +58,6 @@

#include <openssl/opensslconf.h>

#include <string.h>

#include "apps.h"

@@ -76,26 +75,173 @@

#define KEY_PUBKEY 2

#define KEY_CERT 3

-static void usage(void);

+struct {

+ int asn1parse;

+ int hexdump;

+ char *infile;

+ char *keyfile;

+ int keyform;

+ int key_type;

+ char *outfile;

+ int pad;

+ char *passargin;

+ int rev;

+ int rsa_mode;

+} rsautl_config;

+struct option rsautl_options[] = {

+ {

+ .name = "asn1parse",

+ .desc = "ASN.1 parse the output data",

+ .type = OPTION_FLAG,

+ .opt.flag = &rsautl_config.asn1parse,

+ },

+ {

+ .name = "certin",

+ .desc = "Input is a certificate containing an RSA public key",

+ .type = OPTION_VALUE,

+ .value = KEY_CERT,

+ .opt.value = &rsautl_config.key_type,

+ },

+ {

+ .name = "decrypt",

+ .desc = "Decrypt the input data using RSA private key",

+ .type = OPTION_VALUE,

+ .value = RSA_DECRYPT,

+ .opt.value = &rsautl_config.rsa_mode,

+ },

+ {

+ .name = "encrypt",

+ .desc = "Encrypt the input data using RSA public key",

+ .type = OPTION_VALUE,

+ .value = RSA_ENCRYPT,

+ .opt.value = &rsautl_config.rsa_mode,

+ },

+ {

+ .name = "hexdump",

+ .desc = "Hex dump the output data",

+ .type = OPTION_FLAG,

+ .opt.flag = &rsautl_config.hexdump,

+ },

+ {

+ .name = "in",

+ .argname = "file",

+ .desc = "Input file (default stdin)",

+ .type = OPTION_ARG,

+ .opt.arg = &rsautl_config.infile,

+ },

+ {

+ .name = "inkey",

+ .argname = "file",

+ .desc = "Input key file",

+ .type = OPTION_ARG,

+ .opt.arg = &rsautl_config.keyfile,

+ },

+ {

+ .name = "keyform",

+ .argname = "fmt",

+ .desc = "Input key format (DER, TXT or PEM (default))",

+ .type = OPTION_ARG_FORMAT,

+ .opt.value = &rsautl_config.keyform,

+ },

+ {

+ .name = "oaep",

+ .desc = "Use PKCS#1 OAEP padding",

+ .type = OPTION_VALUE,

+ .value = RSA_PKCS1_OAEP_PADDING,

+ .opt.value = &rsautl_config.pad,

+ },

+ {

+ .name = "out",

+ .argname = "file",

+ .desc = "Output file (default stdout)",

+ .type = OPTION_ARG,

+ .opt.arg = &rsautl_config.outfile,

+ },

+ {

+ .name = "passin",

+ .argname = "arg",

+ .desc = "Key password source",

+ .type = OPTION_ARG,

+ .opt.arg = &rsautl_config.passargin,

+ },

+ {

+ .name = "pkcs",

+ .desc = "Use PKCS#1 v1.5 padding (default)",

+ .type = OPTION_VALUE,

+ .value = RSA_PKCS1_PADDING,

+ .opt.value = &rsautl_config.pad,

+ },

+ {

+ .name = "pubin",

+ .desc = "Input is an RSA public key",

+ .type = OPTION_VALUE,

+ .value = KEY_PUBKEY,

+ .opt.value = &rsautl_config.key_type,

+ },

+ {

+ .name = "raw",

+ .desc = "Use no padding",

+ .type = OPTION_VALUE,

+ .value = RSA_NO_PADDING,

+ .opt.value = &rsautl_config.pad,

+ },

+ {

+ .name = "rev",

+ .desc = "Reverse the input data",

+ .type = OPTION_FLAG,

+ .opt.flag = &rsautl_config.rev,

+ },

+ {

+ .name = "sign",

+ .desc = "Sign the input data using RSA private key",

+ .type = OPTION_VALUE,

+ .value = RSA_SIGN,

+ .opt.value = &rsautl_config.rsa_mode,

+ },

+ {

+ .name = "verify",

+ .desc = "Verify the input data using RSA public key",

+ .type = OPTION_VALUE,

+ .value = RSA_VERIFY,

+ .opt.value = &rsautl_config.rsa_mode,

+ },

+ {

+ .name = "x931",

+ .desc = "Use X931 padding",

+ .type = OPTION_VALUE,

+ .value = RSA_X931_PADDING,

+ .opt.value = &rsautl_config.pad,

+ },

+ {NULL},

+};

+static void

+rsautl_usage()

+ fprintf(stderr,

+ "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] "

+ "[-hexdump]\n"

+ " [-in file] [-inkey file] [-keyform der | pem]\n"

+ " [-oaep | -pkcs | -raw] [-out file] [-pubin] [-sign]\n"

+ " [-verify]\n\n");

+ options_usage(rsautl_options);

int

rsautl_main(int argc, char **argv)

{

BIO *in = NULL, *out = NULL;

- char *infile = NULL, *outfile = NULL;

- char *keyfile = NULL;

- char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;

- int keyform = FORMAT_PEM;

- char need_priv = 0, badarg = 0, rev = 0;

- char hexdump = 0, asn1parse = 0;

X509 *x;

EVP_PKEY *pkey = NULL;

RSA *rsa = NULL;

- unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;

- char *passargin = NULL, *passin = NULL;

+ unsigned char *rsa_in = NULL, *rsa_out = NULL;

+ char *passin = NULL;

int rsa_inlen, rsa_outlen = 0;

+ int need_priv = 0;

int keysize;

int ret = 1;

if (single_execution) {

@@ -105,98 +251,44 @@ rsautl_main(int argc, char **argv)

}

- argc--;

- argv++;

- pad = RSA_PKCS1_PADDING;

- while (argc >= 1) {

- if (!strcmp(*argv, "-in")) {

- if (--argc < 1)

- badarg = 1;

- else

- infile = *(++argv);

- } else if (!strcmp(*argv, "-out")) {

- if (--argc < 1)

- badarg = 1;

- else

- outfile = *(++argv);

- } else if (!strcmp(*argv, "-inkey")) {

- if (--argc < 1)

- badarg = 1;

- else

- keyfile = *(++argv);

- } else if (!strcmp(*argv, "-passin")) {

- if (--argc < 1)

- badarg = 1;

- else

- passargin = *(++argv);

- } else if (strcmp(*argv, "-keyform") == 0) {

- if (--argc < 1)

- badarg = 1;

- else

- keyform = str2fmt(*(++argv));

- } else if (!strcmp(*argv, "-pubin")) {

- key_type = KEY_PUBKEY;

- } else if (!strcmp(*argv, "-certin")) {

- key_type = KEY_CERT;

- } else if (!strcmp(*argv, "-asn1parse"))

- asn1parse = 1;

- else if (!strcmp(*argv, "-hexdump"))

- hexdump = 1;

- else if (!strcmp(*argv, "-raw"))

- pad = RSA_NO_PADDING;

- else if (!strcmp(*argv, "-oaep"))

- pad = RSA_PKCS1_OAEP_PADDING;

- else if (!strcmp(*argv, "-pkcs"))

- pad = RSA_PKCS1_PADDING;

- else if (!strcmp(*argv, "-x931"))

- pad = RSA_X931_PADDING;

- else if (!strcmp(*argv, "-sign")) {

- rsa_mode = RSA_SIGN;

- need_priv = 1;

- } else if (!strcmp(*argv, "-verify"))

- rsa_mode = RSA_VERIFY;

- else if (!strcmp(*argv, "-rev"))

- rev = 1;

- else if (!strcmp(*argv, "-encrypt"))

- rsa_mode = RSA_ENCRYPT;

- else if (!strcmp(*argv, "-decrypt")) {

- rsa_mode = RSA_DECRYPT;

- need_priv = 1;

- } else

- badarg = 1;

- if (badarg) {

- usage();

- goto end;

- }

- argc--;

- argv++;

+ memset(&rsautl_config, 0, sizeof(rsautl_config));

+ rsautl_config.keyform = FORMAT_PEM;

+ rsautl_config.key_type = KEY_PRIVKEY;

+ rsautl_config.pad = RSA_PKCS1_PADDING;

+ rsautl_config.rsa_mode = RSA_VERIFY;

+ if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {

+ rsautl_usage();

+ return (1);

}

- if (need_priv && (key_type != KEY_PRIVKEY)) {

+ if (rsautl_config.rsa_mode == RSA_SIGN ||

+ rsautl_config.rsa_mode == RSA_DECRYPT)

+ need_priv = 1;

+ if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) {

BIO_printf(bio_err, "A private key is needed for this operation\n");

goto end;

}

- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {

+ if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) {

BIO_printf(bio_err, "Error getting password\n");

goto end;

}

- switch (key_type) {

+ switch (rsautl_config.key_type) {

case KEY_PRIVKEY:

- pkey = load_key(bio_err, keyfile, keyform, 0,

- passin, "Private Key");

+ pkey = load_key(bio_err, rsautl_config.keyfile,

+ rsautl_config.keyform, 0, passin, "Private Key");

break;

case KEY_PUBKEY:

- pkey = load_pubkey(bio_err, keyfile, keyform, 0,

- NULL, "Public Key");

+ pkey = load_pubkey(bio_err, rsautl_config.keyfile,

+ rsautl_config.keyform, 0, NULL, "Public Key");

break;

case KEY_CERT:

- x = load_cert(bio_err, keyfile, keyform,

- NULL, "Certificate");

+ x = load_cert(bio_err, rsautl_config.keyfile,

+ rsautl_config.keyform, NULL, "Certificate");

if (x) {

pkey = X509_get_pubkey(x);

X509_free(x);

@@ -215,8 +307,8 @@ rsautl_main(int argc, char **argv)

ERR_print_errors(bio_err);

goto end;

}

- if (infile) {

- if (!(in = BIO_new_file(infile, "rb"))) {

+ if (rsautl_config.infile) {

+ if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) {

BIO_printf(bio_err, "Error Reading Input File\n");

ERR_print_errors(bio_err);

goto end;

@@ -224,8 +316,8 @@ rsautl_main(int argc, char **argv)

} else

in = BIO_new_fp(stdin, BIO_NOCLOSE);

- if (outfile) {

- if (!(out = BIO_new_file(outfile, "wb"))) {

+ if (rsautl_config.outfile) {

+ if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) {

BIO_printf(bio_err, "Error Reading Output File\n");

ERR_print_errors(bio_err);

goto end;

@@ -253,7 +345,7 @@ rsautl_main(int argc, char **argv)

BIO_printf(bio_err, "Error reading input Data\n");

exit(1);

}

- if (rev) {

+ if (rsautl_config.rev) {

int i;

unsigned char ctmp;

for (i = 0; i < rsa_inlen / 2; i++) {

@@ -262,24 +354,27 @@ rsautl_main(int argc, char **argv)

rsa_in[rsa_inlen - 1 - i] = ctmp;

}

- switch (rsa_mode) {

+ switch (rsautl_config.rsa_mode) {

case RSA_VERIFY:

- rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

+ rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,

+ rsa, rsautl_config.pad);

break;

case RSA_SIGN:

- rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

+ rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,

+ rsa, rsautl_config.pad);

break;

case RSA_ENCRYPT:

- rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

+ rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,

+ rsa, rsautl_config.pad);

break;

case RSA_DECRYPT:

- rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);

+ rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,

+ rsa, rsautl_config.pad);

break;

}

if (rsa_outlen <= 0) {

@@ -288,11 +383,11 @@ rsautl_main(int argc, char **argv)

goto end;

}

ret = 0;

- if (asn1parse) {

+ if (rsautl_config.asn1parse) {

if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {

ERR_print_errors(bio_err);

}

- } else if (hexdump)

+ } else if (rsautl_config.hexdump)

BIO_dump(out, (char *) rsa_out, rsa_outlen);

else

BIO_write(out, rsa_out, rsa_outlen);

@@ -307,23 +402,3 @@ rsautl_main(int argc, char **argv)

return ret;

}

-static void

-usage()

- BIO_printf(bio_err, "Usage: rsautl [options]\n");

- BIO_printf(bio_err, "-in file input file\n");

- BIO_printf(bio_err, "-out file output file\n");

- BIO_printf(bio_err, "-inkey file input key\n");

- BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");

- BIO_printf(bio_err, "-pubin input is an RSA public\n");

- BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");

- BIO_printf(bio_err, "-raw use no padding\n");

- BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");

- BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");

- BIO_printf(bio_err, "-sign sign with private key\n");

- BIO_printf(bio_err, "-verify verify with public key\n");

- BIO_printf(bio_err, "-encrypt encrypt with public key\n");

- BIO_printf(bio_err, "-decrypt decrypt with private key\n");

- BIO_printf(bio_err, "-hexdump hex dump output\n");