===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/gendsa.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -c -r1.10 -r1.11
*** src/usr.bin/openssl/gendsa.c	2018/02/07 05:47:55	1.10
--- src/usr.bin/openssl/gendsa.c	2019/06/07 02:32:22	1.11
***************
*** 1,4 ****
! /* $OpenBSD: gendsa.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
--- 1,4 ----
! /* $OpenBSD: gendsa.c,v 1.11 2019/06/07 02:32:22 inoguchi Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
***************
*** 74,89 ****
  #include <openssl/pem.h>
  #include <openssl/x509.h>
  
  int
  gendsa_main(int argc, char **argv)
  {
  	DSA *dsa = NULL;
  	int ret = 1;
- 	char *outfile = NULL;
  	char *dsaparams = NULL;
! 	char *passargout = NULL, *passout = NULL;
  	BIO *out = NULL, *in = NULL;
- 	const EVP_CIPHER *enc = NULL;
  
  	if (single_execution) {
  		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
--- 74,187 ----
  #include <openssl/pem.h>
  #include <openssl/x509.h>
  
+ static int set_enc(int argc, char **argv, int *argsused);
+ static const EVP_CIPHER *get_cipher_by_name(char *name);
+ 
+ static struct {
+ 	const EVP_CIPHER *enc;
+ 	char *outfile;
+ 	char *passargout;
+ } gendsa_config;
+ 
+ static struct option gendsa_options[] = {
+ #ifndef OPENSSL_NO_AES
+ 	{
+ 		.name = "aes128",
+ 		.desc = "Encrypt PEM output with cbc aes",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ 	{
+ 		.name = "aes192",
+ 		.desc = "Encrypt PEM output with cbc aes",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ 	{
+ 		.name = "aes256",
+ 		.desc = "Encrypt PEM output with cbc aes",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ #endif
+ #ifndef OPENSSL_NO_CAMELLIA
+ 	{
+ 		.name = "camellia128",
+ 		.desc = "Encrypt PEM output with cbc camellia",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ 	{
+ 		.name = "camellia192",
+ 		.desc = "Encrypt PEM output with cbc camellia",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ 	{
+ 		.name = "camellia256",
+ 		.desc = "Encrypt PEM output with cbc camellia",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ #endif
+ #ifndef OPENSSL_NO_DES
+ 	{
+ 		.name = "des",
+ 		.desc = "Encrypt the generated key with DES in cbc mode",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ 	{
+ 		.name = "des3",
+ 		.desc = "Encrypt the generated key with DES in ede cbc mode (168 bit key)",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ #endif
+ #ifndef OPENSSL_NO_IDEA
+ 	{
+ 		.name = "idea",
+ 		.desc = "Encrypt the generated key with IDEA in cbc mode",
+ 		.type = OPTION_ARGV_FUNC,
+ 		.opt.argvfunc = set_enc,
+ 	},
+ #endif
+ 	{
+ 		.name = "out",
+ 		.argname = "file",
+ 		.desc = "Output the key to 'file'",
+ 		.type = OPTION_ARG,
+ 		.opt.arg = &gendsa_config.outfile,
+ 	},
+ 	{
+ 		.name = "passout",
+ 		.argname = "src",
+ 		.desc = "Output file passphrase source",
+ 		.type = OPTION_ARG,
+ 		.opt.arg = &gendsa_config.passargout,
+ 	},
+ 	{ NULL },
+ };
+ 
+ static void
+ gendsa_usage(void)
+ {
+ 	fprintf(stderr, "usage: gendsa [-aes128 | -aes192 | -aes256 |\n");
+ 	fprintf(stderr, "    -camellia128 | -camellia192 | -camellia256 |\n");
+ 	fprintf(stderr, "    -des | -des3 | -idea] [-out file] [-passout src]");
+ 	fprintf(stderr, " paramfile\n\n");
+ 	options_usage(gendsa_options);
+ 	fprintf(stderr, "\n");
+ }
+ 
  int
  gendsa_main(int argc, char **argv)
  {
  	DSA *dsa = NULL;
  	int ret = 1;
  	char *dsaparams = NULL;
! 	char *passout = NULL;
  	BIO *out = NULL, *in = NULL;
  
  	if (single_execution) {
  		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
***************
*** 92,171 ****
  		}
  	}
  
! 	argv++;
! 	argc--;
! 	for (;;) {
! 		if (argc <= 0)
! 			break;
! 		if (strcmp(*argv, "-out") == 0) {
! 			if (--argc < 1)
! 				goto bad;
! 			outfile = *(++argv);
! 		} else if (strcmp(*argv, "-passout") == 0) {
! 			if (--argc < 1)
! 				goto bad;
! 			passargout = *(++argv);
! 		}
! 		else if (strcmp(*argv, "-") == 0)
! 			goto bad;
! #ifndef OPENSSL_NO_DES
! 		else if (strcmp(*argv, "-des") == 0)
! 			enc = EVP_des_cbc();
! 		else if (strcmp(*argv, "-des3") == 0)
! 			enc = EVP_des_ede3_cbc();
! #endif
! #ifndef OPENSSL_NO_IDEA
! 		else if (strcmp(*argv, "-idea") == 0)
! 			enc = EVP_idea_cbc();
! #endif
! #ifndef OPENSSL_NO_AES
! 		else if (strcmp(*argv, "-aes128") == 0)
! 			enc = EVP_aes_128_cbc();
! 		else if (strcmp(*argv, "-aes192") == 0)
! 			enc = EVP_aes_192_cbc();
! 		else if (strcmp(*argv, "-aes256") == 0)
! 			enc = EVP_aes_256_cbc();
! #endif
! #ifndef OPENSSL_NO_CAMELLIA
! 		else if (strcmp(*argv, "-camellia128") == 0)
! 			enc = EVP_camellia_128_cbc();
! 		else if (strcmp(*argv, "-camellia192") == 0)
! 			enc = EVP_camellia_192_cbc();
! 		else if (strcmp(*argv, "-camellia256") == 0)
! 			enc = EVP_camellia_256_cbc();
! #endif
! 		else if (**argv != '-' && dsaparams == NULL) {
! 			dsaparams = *argv;
! 		} else
! 			goto bad;
! 		argv++;
! 		argc--;
  	}
  
  	if (dsaparams == NULL) {
!  bad:
! 		BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
! 		BIO_printf(bio_err, " -out file - output the key to 'file'\n");
! #ifndef OPENSSL_NO_DES
! 		BIO_printf(bio_err, " -des      - encrypt the generated key with DES in cbc mode\n");
! 		BIO_printf(bio_err, " -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
! #endif
! #ifndef OPENSSL_NO_IDEA
! 		BIO_printf(bio_err, " -idea     - encrypt the generated key with IDEA in cbc mode\n");
! #endif
! #ifndef OPENSSL_NO_AES
! 		BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
! 		BIO_printf(bio_err, "                 encrypt PEM output with cbc aes\n");
! #endif
! #ifndef OPENSSL_NO_CAMELLIA
! 		BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
! 		BIO_printf(bio_err, "                 encrypt PEM output with cbc camellia\n");
! #endif
! 		BIO_printf(bio_err, " dsaparam-file\n");
! 		BIO_printf(bio_err, "           - a DSA parameter file as generated by the dsaparam command\n");
  		goto end;
  	}
! 	if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
  		BIO_printf(bio_err, "Error getting password\n");
  		goto end;
  	}
--- 190,208 ----
  		}
  	}
  
! 	memset(&gendsa_config, 0, sizeof(gendsa_config));
! 
! 	if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) {
! 		gendsa_usage();
! 		goto end;
  	}
  
  	if (dsaparams == NULL) {
! 		gendsa_usage();
  		goto end;
  	}
! 	if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL,
! 	    &passout)) {
  		BIO_printf(bio_err, "Error getting password\n");
  		goto end;
  	}
***************
*** 185,195 ****
  	if (out == NULL)
  		goto end;
  
! 	if (outfile == NULL) {
  		BIO_set_fp(out, stdout, BIO_NOCLOSE);
  	} else {
! 		if (BIO_write_filename(out, outfile) <= 0) {
! 			perror(outfile);
  			goto end;
  		}
  	}
--- 222,232 ----
  	if (out == NULL)
  		goto end;
  
! 	if (gendsa_config.outfile == NULL) {
  		BIO_set_fp(out, stdout, BIO_NOCLOSE);
  	} else {
! 		if (BIO_write_filename(out, gendsa_config.outfile) <= 0) {
! 			perror(gendsa_config.outfile);
  			goto end;
  		}
  	}
***************
*** 199,205 ****
  	if (!DSA_generate_key(dsa))
  		goto end;
  
! 	if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
  		goto end;
  	ret = 0;
   end:
--- 236,243 ----
  	if (!DSA_generate_key(dsa))
  		goto end;
  
! 	if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0,
! 	    NULL, passout))
  		goto end;
  	ret = 0;
   end:
***************
*** 211,214 ****
--- 249,301 ----
  	free(passout);
  
  	return (ret);
+ }
+ 
+ static int
+ set_enc(int argc, char **argv, int *argsused)
+ {
+ 	char *name = argv[0];
+ 
+ 	if (*name++ != '-')
+ 		return (1);
+ 
+ 	if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL)
+ 		return (1);
+ 
+ 	*argsused = 1;
+ 	return (0);
+ }
+ 
+ static const EVP_CIPHER *get_cipher_by_name(char *name)
+ {
+ 	if (name == NULL || strcmp(name, "") == 0)
+ 		return (NULL);
+ #ifndef OPENSSL_NO_AES
+ 	else if (strcmp(name, "aes128") == 0)
+ 		return EVP_aes_128_cbc();
+ 	else if (strcmp(name, "aes192") == 0)
+ 		return EVP_aes_192_cbc();
+ 	else if (strcmp(name, "aes256") == 0)
+ 		return EVP_aes_256_cbc();
+ #endif
+ #ifndef OPENSSL_NO_CAMELLIA
+ 	else if (strcmp(name, "camellia128") == 0)
+ 		return EVP_camellia_128_cbc();
+ 	else if (strcmp(name, "camellia192") == 0)
+ 		return EVP_camellia_192_cbc();
+ 	else if (strcmp(name, "camellia256") == 0)
+ 		return EVP_camellia_256_cbc();
+ #endif
+ #ifndef OPENSSL_NO_DES
+ 	else if (strcmp(name, "des") == 0)
+ 		return EVP_des_cbc();
+ 	else if (strcmp(name, "des3") == 0)
+ 		return EVP_des_ede3_cbc();
+ #endif
+ #ifndef OPENSSL_NO_IDEA
+ 	else if (strcmp(name, "idea") == 0)
+ 		return EVP_idea_cbc();
+ #endif
+ 	else
+ 		return (NULL);
  }