diff options
Diffstat (limited to 'usr.bin/openssl')
-rw-r--r-- | usr.bin/openssl/pkey.c | 267 |
1 files changed, 171 insertions, 96 deletions
diff --git a/usr.bin/openssl/pkey.c b/usr.bin/openssl/pkey.c index 49782317ee0..aab0b87032e 100644 --- a/usr.bin/openssl/pkey.c +++ b/usr.bin/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */ +/* $OpenBSD: pkey.c,v 1.11 2019/02/05 11:26:21 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -65,18 +65,152 @@ #include <openssl/evp.h> #include <openssl/pem.h> +static struct { + const EVP_CIPHER *cipher; + char *infile; + int informat; + int noout; + char *outfile; + int outformat; + char *passargin; + char *passargout; + int pubin; + int pubout; + int pubtext; + int text; +} pkey_config; + +static int +pkey_opt_cipher(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) { + BIO_printf(bio_err, "Unknown cipher %s\n", name); + return (1); + } + + *argsused = 1; + return (0); +} + +static struct option pkey_options[] = { + { + .name = "in", + .argname = "file", + .desc = "Input file (default stdin)", + .type = OPTION_ARG, + .opt.arg = &pkey_config.infile, + }, + { + .name = "inform", + .argname = "format", + .desc = "Input format (DER or PEM (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &pkey_config.informat, + }, + { + .name = "noout", + .desc = "Do not print encoded version of the key", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.noout, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file (default stdout)", + .type = OPTION_ARG, + .opt.arg = &pkey_config.outfile, + }, + { + .name = "outform", + .argname = "format", + .desc = "Output format (DER or PEM (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &pkey_config.outformat, + }, + { + .name = "passin", + .argname = "src", + .desc = "Input file passphrase source", + .type = OPTION_ARG, + .opt.arg = &pkey_config.passargin, + }, + { + .name = "passout", + .argname = "src", + .desc = "Output file passphrase source", + .type = OPTION_ARG, + .opt.arg = &pkey_config.passargout, + }, + { + .name = "pubin", + .desc = "Expect a public key (default private key)", + .type = OPTION_VALUE, + .value = 1, + .opt.value = &pkey_config.pubin, + }, + { + .name = "pubout", + .desc = "Output a public key (default private key)", + .type = OPTION_VALUE, + .value = 1, + .opt.value = &pkey_config.pubout, + }, + { + .name = "text", + .desc = "Print the public/private key in plain text", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.text, + }, + { + .name = "text_pub", + .desc = "Print out only public key in plain text", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.pubtext, + }, + { + .name = NULL, + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = pkey_opt_cipher, + }, + { NULL } +}; + +static void +show_ciphers(const OBJ_NAME *name, void *arg) +{ + static int n; + + fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n")); +} + +static void +pkey_usage() +{ + fprintf(stderr, + "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] " + "[-out file]\n" + " [-outform fmt] [-passin src] [-passout src] [-pubin] " + "[-pubout] [-text]\n" + " [-text_pub]\n\n"); + options_usage(pkey_options); + fprintf(stderr, "\n"); + + fprintf(stderr, "Valid ciphername values:\n\n"); + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL); + fprintf(stderr, "\n"); +} + int pkey_main(int argc, char **argv) { - char **args, *infile = NULL, *outfile = NULL; - char *passargin = NULL, *passargout = NULL; BIO *in = NULL, *out = NULL; - const EVP_CIPHER *cipher = NULL; - int informat, outformat; - int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0; EVP_PKEY *pkey = NULL; char *passin = NULL, *passout = NULL; - int badarg = 0; int ret = 1; if (single_execution) { @@ -86,112 +220,53 @@ pkey_main(int argc, char **argv) } } - informat = FORMAT_PEM; - outformat = FORMAT_PEM; - - args = argv + 1; - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-inform")) { - if (args[1]) { - args++; - informat = str2fmt(*args); - } else - badarg = 1; - } else if (!strcmp(*args, "-outform")) { - if (args[1]) { - args++; - outformat = str2fmt(*args); - } else - badarg = 1; - } else if (!strcmp(*args, "-passin")) { - if (!args[1]) - goto bad; - passargin = *(++args); - } else if (!strcmp(*args, "-passout")) { - if (!args[1]) - goto bad; - passargout = *(++args); - } - else if (!strcmp(*args, "-in")) { - if (args[1]) { - args++; - infile = *args; - } else - badarg = 1; - } else if (!strcmp(*args, "-out")) { - if (args[1]) { - args++; - outfile = *args; - } else - badarg = 1; - } else if (strcmp(*args, "-pubin") == 0) { - pubin = 1; - pubout = 1; - pubtext = 1; - } else if (strcmp(*args, "-pubout") == 0) - pubout = 1; - else if (strcmp(*args, "-text_pub") == 0) { - pubtext = 1; - text = 1; - } else if (strcmp(*args, "-text") == 0) - text = 1; - else if (strcmp(*args, "-noout") == 0) - noout = 1; - else { - cipher = EVP_get_cipherbyname(*args + 1); - if (!cipher) { - BIO_printf(bio_err, "Unknown cipher %s\n", - *args + 1); - badarg = 1; - } - } - args++; - } + memset(&pkey_config, 0, sizeof(pkey_config)); + pkey_config.informat = FORMAT_PEM; + pkey_config.outformat = FORMAT_PEM; - if (badarg) { - bad: - BIO_printf(bio_err, "Usage pkey [options]\n"); - BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-in file input file\n"); - BIO_printf(bio_err, "-inform X input format (DER or PEM)\n"); - BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); - BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); - return 1; + if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) { + pkey_usage(); + goto end; } - if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + if (pkey_config.pubtext) + pkey_config.text = 1; + if (pkey_config.pubin) + pkey_config.pubout = pkey_config.pubtext = 1; + + if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout, + &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if (outfile) { - if (!(out = BIO_new_file(outfile, "wb"))) { + if (pkey_config.outfile) { + if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) { BIO_printf(bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", pkey_config.outfile); goto end; } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } - if (pubin) - pkey = load_pubkey(bio_err, infile, informat, 1, - passin, "Public Key"); + if (pkey_config.pubin) + pkey = load_pubkey(bio_err, pkey_config.infile, + pkey_config.informat, 1, passin, "Public Key"); else - pkey = load_key(bio_err, infile, informat, 1, passin, "key"); + pkey = load_key(bio_err, pkey_config.infile, + pkey_config.informat, 1, passin, "key"); if (!pkey) goto end; - if (!noout) { - if (outformat == FORMAT_PEM) { - if (pubout) + if (!pkey_config.noout) { + if (pkey_config.outformat == FORMAT_PEM) { + if (pkey_config.pubout) PEM_write_bio_PUBKEY(out, pkey); else - PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout); - } else if (outformat == FORMAT_ASN1) { - if (pubout) + PEM_write_bio_PrivateKey(out, pkey, + pkey_config.cipher, NULL, 0, NULL, passout); + } else if (pkey_config.outformat == FORMAT_ASN1) { + if (pkey_config.pubout) i2d_PUBKEY_bio(out, pkey); else i2d_PrivateKey_bio(out, pkey); @@ -201,8 +276,8 @@ pkey_main(int argc, char **argv) } } - if (text) { - if (pubtext) + if (pkey_config.text) { + if (pkey_config.pubtext) EVP_PKEY_print_public(out, pkey, 0, NULL); else EVP_PKEY_print_private(out, pkey, 0, NULL); |