=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/genrsa.c,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/usr.bin/openssl/genrsa.c 2019/06/19 01:51:14 1.13 --- src/usr.bin/openssl/genrsa.c 2019/07/09 11:02:52 1.14 *************** *** 1,4 **** ! /* $OpenBSD: genrsa.c,v 1.13 2019/06/19 01:51:14 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: genrsa.c,v 1.14 2019/07/09 11:02:52 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 92,103 **** --- 92,279 ---- char *passargout; } genrsa_config; + static int + set_public_exponent(int argc, char **argv, int *argsused) + { + char *option = argv[0]; + + if (strcmp(option, "-3") == 0) + genrsa_config.f4 = 3; + else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) + genrsa_config.f4 = RSA_F4; + else + return (1); + + *argsused = 1; + return (0); + } + + static const EVP_CIPHER *get_cipher_by_name(char *name) + { + if (name == NULL || strcmp(name, "") == 0) + return (NULL); + #ifndef OPENSSL_NO_AES + else if (strcmp(name, "aes128") == 0) + return EVP_aes_128_cbc(); + else if (strcmp(name, "aes192") == 0) + return EVP_aes_192_cbc(); + else if (strcmp(name, "aes256") == 0) + return EVP_aes_256_cbc(); + #endif + #ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(name, "camellia128") == 0) + return EVP_camellia_128_cbc(); + else if (strcmp(name, "camellia192") == 0) + return EVP_camellia_192_cbc(); + else if (strcmp(name, "camellia256") == 0) + return EVP_camellia_256_cbc(); + #endif + #ifndef OPENSSL_NO_DES + else if (strcmp(name, "des") == 0) + return EVP_des_cbc(); + else if (strcmp(name, "des3") == 0) + return EVP_des_ede3_cbc(); + #endif + #ifndef OPENSSL_NO_IDEA + else if (strcmp(name, "idea") == 0) + return EVP_idea_cbc(); + #endif + else + return (NULL); + } + + static int + set_enc(int argc, char **argv, int *argsused) + { + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL) + return (1); + + *argsused = 1; + return (0); + } + + static struct option genrsa_options[] = { + { + .name = "3", + .desc = "Use 3 for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, + { + .name = "f4", + .desc = "Use F4 (0x10001) for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, + { + .name = "F4", + .desc = "Use F4 (0x10001) for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, + #ifndef OPENSSL_NO_AES + { + .name = "aes128", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "aes192", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "aes256", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + #endif + #ifndef OPENSSL_NO_CAMELLIA + { + .name = "camellia128", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "camellia192", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "camellia256", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + #endif + #ifndef OPENSSL_NO_DES + { + .name = "des", + .desc = "Encrypt the generated key with DES in cbc mode", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "des3", + .desc = "Encrypt the generated key with DES in ede cbc mode (168 bit key)", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + #endif + #ifndef OPENSSL_NO_IDEA + { + .name = "idea", + .desc = "Encrypt the generated key with IDEA in cbc mode", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + #endif + { + .name = "out", + .argname = "file", + .desc = "Output the key to 'file'", + .type = OPTION_ARG, + .opt.arg = &genrsa_config.outfile, + }, + { + .name = "passout", + .argname = "arg", + .desc = "Output file passphrase source", + .type = OPTION_ARG, + .opt.arg = &genrsa_config.passargout, + }, + { NULL }, + }; + + static void + genrsa_usage(void) + { + fprintf(stderr, "usage: genrsa [-3 | -f4] [-aes128 | -aes192 |"); + fprintf(stderr, " -aes256 |\n"); + fprintf(stderr, " -camellia128 | -camellia192 | -camellia256 |"); + fprintf(stderr, " -des | -des3 | -idea]\n"); + fprintf(stderr, " [-out file] [-passout arg] [numbits]\n\n"); + options_usage(genrsa_options); + fprintf(stderr, "\n"); + } + int genrsa_main(int argc, char **argv) { BN_GENCB cb; int ret = 1; int i, num = DEFBITS; + char *numbits= NULL; long l; char *passout = NULL; BIO *out = NULL; *************** *** 124,199 **** memset(&genrsa_config, 0, sizeof(genrsa_config)); genrsa_config.f4 = RSA_F4; ! argv++; ! argc--; ! for (;;) { ! if (argc <= 0) ! break; ! if (strcmp(*argv, "-out") == 0) { ! if (--argc < 1) ! goto bad; ! genrsa_config.outfile = *(++argv); ! } else if (strcmp(*argv, "-3") == 0) ! genrsa_config.f4 = 3; ! else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) ! genrsa_config.f4 = RSA_F4; ! #ifndef OPENSSL_NO_DES ! else if (strcmp(*argv, "-des") == 0) ! genrsa_config.enc = EVP_des_cbc(); ! else if (strcmp(*argv, "-des3") == 0) ! genrsa_config.enc = EVP_des_ede3_cbc(); ! #endif ! #ifndef OPENSSL_NO_IDEA ! else if (strcmp(*argv, "-idea") == 0) ! genrsa_config.enc = EVP_idea_cbc(); ! #endif ! #ifndef OPENSSL_NO_AES ! else if (strcmp(*argv, "-aes128") == 0) ! genrsa_config.enc = EVP_aes_128_cbc(); ! else if (strcmp(*argv, "-aes192") == 0) ! genrsa_config.enc = EVP_aes_192_cbc(); ! else if (strcmp(*argv, "-aes256") == 0) ! genrsa_config.enc = EVP_aes_256_cbc(); ! #endif ! #ifndef OPENSSL_NO_CAMELLIA ! else if (strcmp(*argv, "-camellia128") == 0) ! genrsa_config.enc = EVP_camellia_128_cbc(); ! else if (strcmp(*argv, "-camellia192") == 0) ! genrsa_config.enc = EVP_camellia_192_cbc(); ! else if (strcmp(*argv, "-camellia256") == 0) ! genrsa_config.enc = EVP_camellia_256_cbc(); ! #endif ! else if (strcmp(*argv, "-passout") == 0) { ! if (--argc < 1) ! goto bad; ! genrsa_config.passargout = *(++argv); ! } else ! break; ! argv++; ! argc--; } ! if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { ! bad: ! BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); ! #ifndef OPENSSL_NO_DES ! BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); ! BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); ! #endif ! #ifndef OPENSSL_NO_IDEA ! BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n"); ! #endif ! #ifndef OPENSSL_NO_AES ! BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); ! BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); ! #endif ! #ifndef OPENSSL_NO_CAMELLIA ! BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); ! BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); ! #endif ! BIO_printf(bio_err, " -out file output the key to 'file\n"); ! BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); ! BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); ! BIO_printf(bio_err, " -3 use 3 for the E value\n"); goto err; } --- 300,312 ---- memset(&genrsa_config, 0, sizeof(genrsa_config)); genrsa_config.f4 = RSA_F4; ! if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { ! genrsa_usage(); ! goto err; } ! ! if ((numbits != NULL) && ((sscanf(numbits, "%d", &num) == 0) || (num < 0))) { ! genrsa_usage(); goto err; }