=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/dsa.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- src/usr.bin/openssl/dsa.c 2014/08/28 14:23:52 1.2 +++ src/usr.bin/openssl/dsa.c 2015/07/12 22:21:38 1.3 @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.c,v 1.2 2014/08/28 14:23:52 jsing Exp $ */ +/* $OpenBSD: dsa.c,v 1.3 2015/07/12 22:21:38 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,7 +58,7 @@ #include /* for OPENSSL_NO_DSA */ - +#include #include #include #include @@ -74,24 +74,175 @@ #include #include -/* -inform arg - input format - default PEM (one of DER, NET or PEM) - * -outform arg - output format - default PEM - * -in arg - input file - default stdin - * -out arg - output file - default stdout - * -des - encrypt output if PEM format with DES in cbc mode - * -des3 - encrypt output if PEM format - * -idea - encrypt output if PEM format - * -aes128 - encrypt output if PEM format - * -aes192 - encrypt output if PEM format - * -aes256 - encrypt output if PEM format - * -camellia128 - encrypt output if PEM format - * -camellia192 - encrypt output if PEM format - * -camellia256 - encrypt output if PEM format - * -seed - encrypt output if PEM format - * -text - print a text version - * -modulus - print the DSA public key - */ +static struct { + const EVP_CIPHER *enc; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif + char *infile; + int informat; + int modulus; + int noout; + char *outfile; + int outformat; + char *passargin; + char *passargout; + int pubin; + int pubout; + int pvk_encr; + int text; +} dsa_config; +static int +dsa_opt_enc(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((dsa_config.enc = EVP_get_cipherbyname(name)) != NULL) { + *argsused = 1; + return (0); + } + + return (1); +} + +static struct option dsa_options[] = { +#ifndef OPENSSL_NO_ENGINE + { + .name = "engine", + .argname = "id", + .desc = "Use the engine specified by the given identifier", + .type = OPTION_ARG, + .opt.arg = &dsa_config.engine, + }, +#endif + { + .name = "in", + .argname = "file", + .desc = "Input file (default stdin)", + .type = OPTION_ARG, + .opt.arg = &dsa_config.infile, + }, + { + .name = "inform", + .argname = "format", + .desc = "Input format (PEM (default) or any other supported" + " format)", + .type = OPTION_ARG_FORMAT, + .opt.value = &dsa_config.informat, + }, + { + .name = "noout", + .desc = "No output", + .type = OPTION_FLAG, + .opt.flag = &dsa_config.noout, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file (default stdout)", + .type = OPTION_ARG, + .opt.arg = &dsa_config.outfile, + }, + { + .name = "outform", + .argname = "format", + .desc = "Output format (DER, MSBLOB, PEM (default) or PVK)", + .type = OPTION_ARG_FORMAT, + .opt.value = &dsa_config.outformat, + }, + { + .name = "passin", + .argname = "source", + .desc = "Input file passphrase source", + .type = OPTION_ARG, + .opt.arg = &dsa_config.passargin, + }, + { + .name = "passout", + .argname = "source", + .desc = "Output file passphrase source", + .type = OPTION_ARG, + .opt.arg = &dsa_config.passargout, + }, + { + .name = "pubin", + .desc = "Read a public key from the input file instead of" + " private key", + .type = OPTION_FLAG, + .opt.flag = &dsa_config.pubin, + }, + { + .name = "pubout", + .desc = "Output a public key instead of private key", + .type = OPTION_FLAG, + .opt.flag = &dsa_config.pubout, + }, + { + .name = "pvk-none", + .desc = "PVK encryption level", + .type = OPTION_VALUE, + .value = 0, + .opt.value = &dsa_config.pvk_encr, + }, + { + .name = "pvk-strong", + .desc = "PVK encryption level (default)", + .type = OPTION_VALUE, + .value = 2, + .opt.value = &dsa_config.pvk_encr, + }, + { + .name = "pvk-weak", + .desc = "PVK encryption level", + .type = OPTION_VALUE, + .value = 1, + .opt.value = &dsa_config.pvk_encr, + }, + { + .name = "text", + .desc = "Print the key in text form", + .type = OPTION_FLAG, + .opt.flag = &dsa_config.text, + }, + { + .name = NULL, + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = dsa_opt_enc, + }, + { NULL }, +}; + +static void +show_ciphers(const OBJ_NAME *name, void *arg) +{ + static int n; + + if (!islower((unsigned char)*name->name)) + return; + + fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n")); +} + +static void +dsa_usage(void) +{ + fprintf(stderr, + "usage: dsa [-engine id] [-in file] [-inform format] [-noout]\n" + " [-out file] [-outform format] [-passin src] [-passout src]\n" + " [-pubin] [-pubout] [-pvk-none | -pvk-strong | -pvk-weak]\n" + " [-text] [-ciphername]\n\n"); + options_usage(dsa_options); + fprintf(stderr, "\n"); + + fprintf(stderr, "Valid ciphername values:\n\n"); + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL); + fprintf(stderr, "\n"); +} + int dsa_main(int, char **); int @@ -100,141 +251,42 @@ ENGINE *e = NULL; int ret = 1; DSA *dsa = NULL; - int i, badops = 0; - const EVP_CIPHER *enc = NULL; + int i; BIO *in = NULL, *out = NULL; - int informat, outformat, text = 0, noout = 0; - int pubin = 0, pubout = 0; - char *infile, *outfile, *prog; -#ifndef OPENSSL_NO_ENGINE - char *engine; -#endif - char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; - int modulus = 0; - int pvk_encr = 2; + memset(&dsa_config, 0, sizeof(dsa_config)); -#ifndef OPENSSL_NO_ENGINE - engine = NULL; -#endif - infile = NULL; - outfile = NULL; - informat = FORMAT_PEM; - outformat = FORMAT_PEM; + dsa_config.pvk_encr = 2; + dsa_config.informat = FORMAT_PEM; + dsa_config.outformat = FORMAT_PEM; - prog = argv[0]; - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-inform") == 0) { - if (--argc < 1) - goto bad; - informat = str2fmt(*(++argv)); - } else if (strcmp(*argv, "-outform") == 0) { - if (--argc < 1) - goto bad; - outformat = str2fmt(*(++argv)); - } else if (strcmp(*argv, "-in") == 0) { - if (--argc < 1) - goto bad; - infile = *(++argv); - } else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - goto bad; - outfile = *(++argv); - } else if (strcmp(*argv, "-passin") == 0) { - if (--argc < 1) - goto bad; - passargin = *(++argv); - } else if (strcmp(*argv, "-passout") == 0) { - if (--argc < 1) - goto bad; - passargout = *(++argv); - } -#ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv, "-engine") == 0) { - if (--argc < 1) - goto bad; - engine = *(++argv); - } -#endif - else if (strcmp(*argv, "-pvk-strong") == 0) - pvk_encr = 2; - else if (strcmp(*argv, "-pvk-weak") == 0) - pvk_encr = 1; - else if (strcmp(*argv, "-pvk-none") == 0) - pvk_encr = 0; - else if (strcmp(*argv, "-noout") == 0) - noout = 1; - else if (strcmp(*argv, "-text") == 0) - text = 1; - else if (strcmp(*argv, "-modulus") == 0) - modulus = 1; - else if (strcmp(*argv, "-pubin") == 0) - pubin = 1; - else if (strcmp(*argv, "-pubout") == 0) - pubout = 1; - else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { - BIO_printf(bio_err, "unknown option %s\n", *argv); - badops = 1; - break; - } - argc--; - argv++; - } - - if (badops) { -bad: - BIO_printf(bio_err, "%s [options] outfile\n", prog); - BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); - BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); - BIO_printf(bio_err, " -in arg input file\n"); - BIO_printf(bio_err, " -passin arg input file pass phrase source\n"); - BIO_printf(bio_err, " -out arg output file\n"); - BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); -#ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); -#endif - BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n"); - BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); -#ifndef OPENSSL_NO_IDEA - BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n"); -#endif -#ifndef OPENSSL_NO_AES - BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); -#endif -#ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf(bio_err, " -text print the key in text\n"); - BIO_printf(bio_err, " -noout don't print key out\n"); - BIO_printf(bio_err, " -modulus print the DSA public value\n"); + if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { + dsa_usage(); goto end; } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, dsa_config.engine, 0); #endif - if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, + &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } + in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) { + if (in == NULL || out == NULL) { ERR_print_errors(bio_err); goto end; } - if (infile == NULL) + if (dsa_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, infile) <= 0) { - perror(infile); + if (BIO_read_filename(in, dsa_config.infile) <= 0) { + perror(dsa_config.infile); goto end; } } @@ -244,12 +296,12 @@ { EVP_PKEY *pkey; - if (pubin) - pkey = load_pubkey(bio_err, infile, informat, 1, - passin, e, "Public Key"); + if (dsa_config.pubin) + pkey = load_pubkey(bio_err, dsa_config.infile, + dsa_config.informat, 1, passin, e, "Public Key"); else - pkey = load_key(bio_err, infile, informat, 1, - passin, e, "Private Key"); + pkey = load_key(bio_err, dsa_config.infile, + dsa_config.informat, 1, passin, e, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); @@ -261,49 +313,51 @@ ERR_print_errors(bio_err); goto end; } - if (outfile == NULL) { + if (dsa_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { - if (BIO_write_filename(out, outfile) <= 0) { - perror(outfile); + if (BIO_write_filename(out, dsa_config.outfile) <= 0) { + perror(dsa_config.outfile); goto end; } } - if (text) { + if (dsa_config.text) { if (!DSA_print(out, dsa, 0)) { - perror(outfile); + perror(dsa_config.outfile); ERR_print_errors(bio_err); goto end; } } - if (modulus) { + if (dsa_config.modulus) { fprintf(stdout, "Public Key="); BN_print(out, dsa->pub_key); fprintf(stdout, "\n"); } - if (noout) + if (dsa_config.noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); - if (outformat == FORMAT_ASN1) { - if (pubin || pubout) + if (dsa_config.outformat == FORMAT_ASN1) { + if (dsa_config.pubin || dsa_config.pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); - } else if (outformat == FORMAT_PEM) { - if (pubin || pubout) + } else if (dsa_config.outformat == FORMAT_PEM) { + if (dsa_config.pubin || dsa_config.pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else - i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, + i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) - } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { + } else if (dsa_config.outformat == FORMAT_MSBLOB || + dsa_config.outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); - if (outformat == FORMAT_PVK) - i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); - else if (pubin || pubout) + if (dsa_config.outformat == FORMAT_PVK) + i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0, + passout); + else if (dsa_config.pubin || dsa_config.pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk);