=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/genrsa.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- src/usr.bin/openssl/genrsa.c 2019/06/19 01:51:14 1.13 +++ src/usr.bin/openssl/genrsa.c 2019/07/09 11:02:52 1.14 @@ -1,4 +1,4 @@ -/* $OpenBSD: genrsa.c,v 1.13 2019/06/19 01:51:14 inoguchi Exp $ */ +/* $OpenBSD: genrsa.c,v 1.14 2019/07/09 11:02:52 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,12 +92,188 @@ char *passargout; } genrsa_config; +static int +set_public_exponent(int argc, char **argv, int *argsused) +{ + char *option = argv[0]; + + if (strcmp(option, "-3") == 0) + genrsa_config.f4 = 3; + else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0) + genrsa_config.f4 = RSA_F4; + else + return (1); + + *argsused = 1; + return (0); +} + +static const EVP_CIPHER *get_cipher_by_name(char *name) +{ + if (name == NULL || strcmp(name, "") == 0) + return (NULL); +#ifndef OPENSSL_NO_AES + else if (strcmp(name, "aes128") == 0) + return EVP_aes_128_cbc(); + else if (strcmp(name, "aes192") == 0) + return EVP_aes_192_cbc(); + else if (strcmp(name, "aes256") == 0) + return EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(name, "camellia128") == 0) + return EVP_camellia_128_cbc(); + else if (strcmp(name, "camellia192") == 0) + return EVP_camellia_192_cbc(); + else if (strcmp(name, "camellia256") == 0) + return EVP_camellia_256_cbc(); +#endif +#ifndef OPENSSL_NO_DES + else if (strcmp(name, "des") == 0) + return EVP_des_cbc(); + else if (strcmp(name, "des3") == 0) + return EVP_des_ede3_cbc(); +#endif +#ifndef OPENSSL_NO_IDEA + else if (strcmp(name, "idea") == 0) + return EVP_idea_cbc(); +#endif + else + return (NULL); +} + +static int +set_enc(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL) + return (1); + + *argsused = 1; + return (0); +} + +static struct option genrsa_options[] = { + { + .name = "3", + .desc = "Use 3 for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, + { + .name = "f4", + .desc = "Use F4 (0x10001) for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, + { + .name = "F4", + .desc = "Use F4 (0x10001) for the E value", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_public_exponent, + }, +#ifndef OPENSSL_NO_AES + { + .name = "aes128", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "aes192", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "aes256", + .desc = "Encrypt PEM output with cbc aes", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, +#endif +#ifndef OPENSSL_NO_CAMELLIA + { + .name = "camellia128", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "camellia192", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "camellia256", + .desc = "Encrypt PEM output with cbc camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, +#endif +#ifndef OPENSSL_NO_DES + { + .name = "des", + .desc = "Encrypt the generated key with DES in cbc mode", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, + { + .name = "des3", + .desc = "Encrypt the generated key with DES in ede cbc mode (168 bit key)", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, +#endif +#ifndef OPENSSL_NO_IDEA + { + .name = "idea", + .desc = "Encrypt the generated key with IDEA in cbc mode", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = set_enc, + }, +#endif + { + .name = "out", + .argname = "file", + .desc = "Output the key to 'file'", + .type = OPTION_ARG, + .opt.arg = &genrsa_config.outfile, + }, + { + .name = "passout", + .argname = "arg", + .desc = "Output file passphrase source", + .type = OPTION_ARG, + .opt.arg = &genrsa_config.passargout, + }, + { NULL }, +}; + +static void +genrsa_usage(void) +{ + fprintf(stderr, "usage: genrsa [-3 | -f4] [-aes128 | -aes192 |"); + fprintf(stderr, " -aes256 |\n"); + fprintf(stderr, " -camellia128 | -camellia192 | -camellia256 |"); + fprintf(stderr, " -des | -des3 | -idea]\n"); + fprintf(stderr, " [-out file] [-passout arg] [numbits]\n\n"); + options_usage(genrsa_options); + fprintf(stderr, "\n"); +} + int genrsa_main(int argc, char **argv) { BN_GENCB cb; int ret = 1; int i, num = DEFBITS; + char *numbits= NULL; long l; char *passout = NULL; BIO *out = NULL; @@ -124,76 +300,13 @@ memset(&genrsa_config, 0, sizeof(genrsa_config)); genrsa_config.f4 = RSA_F4; - argv++; - argc--; - for (;;) { - if (argc <= 0) - break; - if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - goto bad; - genrsa_config.outfile = *(++argv); - } else if (strcmp(*argv, "-3") == 0) - genrsa_config.f4 = 3; - else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) - genrsa_config.f4 = RSA_F4; -#ifndef OPENSSL_NO_DES - else if (strcmp(*argv, "-des") == 0) - genrsa_config.enc = EVP_des_cbc(); - else if (strcmp(*argv, "-des3") == 0) - genrsa_config.enc = EVP_des_ede3_cbc(); -#endif -#ifndef OPENSSL_NO_IDEA - else if (strcmp(*argv, "-idea") == 0) - genrsa_config.enc = EVP_idea_cbc(); -#endif -#ifndef OPENSSL_NO_AES - else if (strcmp(*argv, "-aes128") == 0) - genrsa_config.enc = EVP_aes_128_cbc(); - else if (strcmp(*argv, "-aes192") == 0) - genrsa_config.enc = EVP_aes_192_cbc(); - else if (strcmp(*argv, "-aes256") == 0) - genrsa_config.enc = EVP_aes_256_cbc(); -#endif -#ifndef OPENSSL_NO_CAMELLIA - else if (strcmp(*argv, "-camellia128") == 0) - genrsa_config.enc = EVP_camellia_128_cbc(); - else if (strcmp(*argv, "-camellia192") == 0) - genrsa_config.enc = EVP_camellia_192_cbc(); - else if (strcmp(*argv, "-camellia256") == 0) - genrsa_config.enc = EVP_camellia_256_cbc(); -#endif - else if (strcmp(*argv, "-passout") == 0) { - if (--argc < 1) - goto bad; - genrsa_config.passargout = *(++argv); - } else - break; - argv++; - argc--; + if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) { + genrsa_usage(); + goto err; } - if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { - bad: - BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); -#ifndef OPENSSL_NO_DES - BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); - BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); -#endif -#ifndef OPENSSL_NO_IDEA - BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n"); -#endif -#ifndef OPENSSL_NO_AES - BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); -#endif -#ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf(bio_err, " -out file output the key to 'file\n"); - BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); - BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); - BIO_printf(bio_err, " -3 use 3 for the E value\n"); + + if ((numbits != NULL) && ((sscanf(numbits, "%d", &num) == 0) || (num < 0))) { + genrsa_usage(); goto err; }