summaryrefslogtreecommitdiff
path: root/usr.bin/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/openssl')
-rw-r--r--usr.bin/openssl/pkey.c267
1 files changed, 171 insertions, 96 deletions
diff --git a/usr.bin/openssl/pkey.c b/usr.bin/openssl/pkey.c
index 49782317ee0..aab0b87032e 100644
--- a/usr.bin/openssl/pkey.c
+++ b/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkey.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */
+/* $OpenBSD: pkey.c,v 1.11 2019/02/05 11:26:21 inoguchi Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
@@ -65,18 +65,152 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
+static struct {
+ const EVP_CIPHER *cipher;
+ char *infile;
+ int informat;
+ int noout;
+ char *outfile;
+ int outformat;
+ char *passargin;
+ char *passargout;
+ int pubin;
+ int pubout;
+ int pubtext;
+ int text;
+} pkey_config;
+
+static int
+pkey_opt_cipher(int argc, char **argv, int *argsused)
+{
+ char *name = argv[0];
+
+ if (*name++ != '-')
+ return (1);
+
+ if ((pkey_config.cipher = EVP_get_cipherbyname(name)) == NULL) {
+ BIO_printf(bio_err, "Unknown cipher %s\n", name);
+ return (1);
+ }
+
+ *argsused = 1;
+ return (0);
+}
+
+static struct option pkey_options[] = {
+ {
+ .name = "in",
+ .argname = "file",
+ .desc = "Input file (default stdin)",
+ .type = OPTION_ARG,
+ .opt.arg = &pkey_config.infile,
+ },
+ {
+ .name = "inform",
+ .argname = "format",
+ .desc = "Input format (DER or PEM (default))",
+ .type = OPTION_ARG_FORMAT,
+ .opt.value = &pkey_config.informat,
+ },
+ {
+ .name = "noout",
+ .desc = "Do not print encoded version of the key",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkey_config.noout,
+ },
+ {
+ .name = "out",
+ .argname = "file",
+ .desc = "Output file (default stdout)",
+ .type = OPTION_ARG,
+ .opt.arg = &pkey_config.outfile,
+ },
+ {
+ .name = "outform",
+ .argname = "format",
+ .desc = "Output format (DER or PEM (default))",
+ .type = OPTION_ARG_FORMAT,
+ .opt.value = &pkey_config.outformat,
+ },
+ {
+ .name = "passin",
+ .argname = "src",
+ .desc = "Input file passphrase source",
+ .type = OPTION_ARG,
+ .opt.arg = &pkey_config.passargin,
+ },
+ {
+ .name = "passout",
+ .argname = "src",
+ .desc = "Output file passphrase source",
+ .type = OPTION_ARG,
+ .opt.arg = &pkey_config.passargout,
+ },
+ {
+ .name = "pubin",
+ .desc = "Expect a public key (default private key)",
+ .type = OPTION_VALUE,
+ .value = 1,
+ .opt.value = &pkey_config.pubin,
+ },
+ {
+ .name = "pubout",
+ .desc = "Output a public key (default private key)",
+ .type = OPTION_VALUE,
+ .value = 1,
+ .opt.value = &pkey_config.pubout,
+ },
+ {
+ .name = "text",
+ .desc = "Print the public/private key in plain text",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkey_config.text,
+ },
+ {
+ .name = "text_pub",
+ .desc = "Print out only public key in plain text",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkey_config.pubtext,
+ },
+ {
+ .name = NULL,
+ .type = OPTION_ARGV_FUNC,
+ .opt.argvfunc = pkey_opt_cipher,
+ },
+ { NULL }
+};
+
+static void
+show_ciphers(const OBJ_NAME *name, void *arg)
+{
+ static int n;
+
+ fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n"));
+}
+
+static void
+pkey_usage()
+{
+ fprintf(stderr,
+ "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] "
+ "[-out file]\n"
+ " [-outform fmt] [-passin src] [-passout src] [-pubin] "
+ "[-pubout] [-text]\n"
+ " [-text_pub]\n\n");
+ options_usage(pkey_options);
+ fprintf(stderr, "\n");
+
+ fprintf(stderr, "Valid ciphername values:\n\n");
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL);
+ fprintf(stderr, "\n");
+}
+
int
pkey_main(int argc, char **argv)
{
- char **args, *infile = NULL, *outfile = NULL;
- char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
- const EVP_CIPHER *cipher = NULL;
- int informat, outformat;
- int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL;
- int badarg = 0;
int ret = 1;
if (single_execution) {
@@ -86,112 +220,53 @@ pkey_main(int argc, char **argv)
}
}
- informat = FORMAT_PEM;
- outformat = FORMAT_PEM;
-
- args = argv + 1;
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp(*args, "-inform")) {
- if (args[1]) {
- args++;
- informat = str2fmt(*args);
- } else
- badarg = 1;
- } else if (!strcmp(*args, "-outform")) {
- if (args[1]) {
- args++;
- outformat = str2fmt(*args);
- } else
- badarg = 1;
- } else if (!strcmp(*args, "-passin")) {
- if (!args[1])
- goto bad;
- passargin = *(++args);
- } else if (!strcmp(*args, "-passout")) {
- if (!args[1])
- goto bad;
- passargout = *(++args);
- }
- else if (!strcmp(*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else
- badarg = 1;
- } else if (!strcmp(*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else
- badarg = 1;
- } else if (strcmp(*args, "-pubin") == 0) {
- pubin = 1;
- pubout = 1;
- pubtext = 1;
- } else if (strcmp(*args, "-pubout") == 0)
- pubout = 1;
- else if (strcmp(*args, "-text_pub") == 0) {
- pubtext = 1;
- text = 1;
- } else if (strcmp(*args, "-text") == 0)
- text = 1;
- else if (strcmp(*args, "-noout") == 0)
- noout = 1;
- else {
- cipher = EVP_get_cipherbyname(*args + 1);
- if (!cipher) {
- BIO_printf(bio_err, "Unknown cipher %s\n",
- *args + 1);
- badarg = 1;
- }
- }
- args++;
- }
+ memset(&pkey_config, 0, sizeof(pkey_config));
+ pkey_config.informat = FORMAT_PEM;
+ pkey_config.outformat = FORMAT_PEM;
- if (badarg) {
- bad:
- BIO_printf(bio_err, "Usage pkey [options]\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
- BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
- return 1;
+ if (options_parse(argc, argv, pkey_options, NULL, NULL) != 0) {
+ pkey_usage();
+ goto end;
}
- if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ if (pkey_config.pubtext)
+ pkey_config.text = 1;
+ if (pkey_config.pubin)
+ pkey_config.pubout = pkey_config.pubtext = 1;
+
+ if (!app_passwd(bio_err, pkey_config.passargin, pkey_config.passargout,
+ &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
- if (outfile) {
- if (!(out = BIO_new_file(outfile, "wb"))) {
+ if (pkey_config.outfile) {
+ if (!(out = BIO_new_file(pkey_config.outfile, "wb"))) {
BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
+ "Can't open output file %s\n", pkey_config.outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
- if (pubin)
- pkey = load_pubkey(bio_err, infile, informat, 1,
- passin, "Public Key");
+ if (pkey_config.pubin)
+ pkey = load_pubkey(bio_err, pkey_config.infile,
+ pkey_config.informat, 1, passin, "Public Key");
else
- pkey = load_key(bio_err, infile, informat, 1, passin, "key");
+ pkey = load_key(bio_err, pkey_config.infile,
+ pkey_config.informat, 1, passin, "key");
if (!pkey)
goto end;
- if (!noout) {
- if (outformat == FORMAT_PEM) {
- if (pubout)
+ if (!pkey_config.noout) {
+ if (pkey_config.outformat == FORMAT_PEM) {
+ if (pkey_config.pubout)
PEM_write_bio_PUBKEY(out, pkey);
else
- PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout);
- } else if (outformat == FORMAT_ASN1) {
- if (pubout)
+ PEM_write_bio_PrivateKey(out, pkey,
+ pkey_config.cipher, NULL, 0, NULL, passout);
+ } else if (pkey_config.outformat == FORMAT_ASN1) {
+ if (pkey_config.pubout)
i2d_PUBKEY_bio(out, pkey);
else
i2d_PrivateKey_bio(out, pkey);
@@ -201,8 +276,8 @@ pkey_main(int argc, char **argv)
}
}
- if (text) {
- if (pubtext)
+ if (pkey_config.text) {
+ if (pkey_config.pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else
EVP_PKEY_print_private(out, pkey, 0, NULL);