===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/pkeyutl.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- src/usr.bin/openssl/pkeyutl.c	2023/03/05 13:12:53	1.18
+++ src/usr.bin/openssl/pkeyutl.c	2023/03/06 14:32:06	1.19
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkeyutl.c,v 1.18 2023/03/05 13:12:53 tb Exp $ */
+/* $OpenBSD: pkeyutl.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -82,7 +82,7 @@
 	int pkey_op;
 	int rev;
 	char *sigfile;
-} pkeyutl_config;
+} cfg;
 
 static void pkeyutl_usage(void);
 
@@ -101,48 +101,48 @@
 		.name = "asn1parse",
 		.desc = "ASN.1 parse the output data",
 		.type = OPTION_FLAG,
-		.opt.flag = &pkeyutl_config.asn1parse,
+		.opt.flag = &cfg.asn1parse,
 	},
 	{
 		.name = "certin",
 		.desc = "Input is a certificate containing a public key",
 		.type = OPTION_VALUE,
 		.value = KEY_CERT,
-		.opt.value = &pkeyutl_config.key_type,
+		.opt.value = &cfg.key_type,
 	},
 	{
 		.name = "decrypt",
 		.desc = "Decrypt the input data using a private key",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_DECRYPT,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 	{
 		.name = "derive",
 		.desc = "Derive a shared secret using the peer key",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_DERIVE,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 	{
 		.name = "encrypt",
 		.desc = "Encrypt the input data using a public key",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_ENCRYPT,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 	{
 		.name = "hexdump",
 		.desc = "Hex dump the output data",
 		.type = OPTION_FLAG,
-		.opt.flag = &pkeyutl_config.hexdump,
+		.opt.flag = &cfg.hexdump,
 	},
 	{
 		.name = "in",
 		.argname = "file",
 		.desc = "Input file (default stdin)",
 		.type = OPTION_ARG,
-		.opt.arg = &pkeyutl_config.infile,
+		.opt.arg = &cfg.infile,
 	},
 	{
 		.name = "inkey",
@@ -156,28 +156,28 @@
 		.argname = "fmt",
 		.desc = "Input key format (DER or PEM (default))",
 		.type = OPTION_ARG_FORMAT,
-		.opt.value = &pkeyutl_config.keyform,
+		.opt.value = &cfg.keyform,
 	},
 	{
 		.name = "out",
 		.argname = "file",
 		.desc = "Output file (default stdout)",
 		.type = OPTION_ARG,
-		.opt.arg = &pkeyutl_config.outfile,
+		.opt.arg = &cfg.outfile,
 	},
 	{
 		.name = "passin",
 		.argname = "arg",
 		.desc = "Key password source",
 		.type = OPTION_ARG,
-		.opt.arg = &pkeyutl_config.passargin,
+		.opt.arg = &cfg.passargin,
 	},
 	{
 		.name = "peerform",
 		.argname = "fmt",
 		.desc = "Input key format (DER or PEM (default))",
 		.type = OPTION_ARG_FORMAT,
-		.opt.value = &pkeyutl_config.peerform,
+		.opt.value = &cfg.peerform,
 	},
 	{
 		.name = "peerkey",
@@ -198,41 +198,41 @@
 		.desc = "Input is a public key",
 		.type = OPTION_VALUE,
 		.value = KEY_PUBKEY,
-		.opt.value = &pkeyutl_config.key_type,
+		.opt.value = &cfg.key_type,
 	},
 	{
 		.name = "rev",
 		.desc = "Reverse the input data",
 		.type = OPTION_FLAG,
-		.opt.flag = &pkeyutl_config.rev,
+		.opt.flag = &cfg.rev,
 	},
 	{
 		.name = "sigfile",
 		.argname = "file",
 		.desc = "Signature file (verify operation only)",
 		.type = OPTION_ARG,
-		.opt.arg = &pkeyutl_config.sigfile,
+		.opt.arg = &cfg.sigfile,
 	},
 	{
 		.name = "sign",
 		.desc = "Sign the input data using private key",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_SIGN,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 	{
 		.name = "verify",
 		.desc = "Verify the input data using public key",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_VERIFY,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 	{
 		.name = "verifyrecover",
 		.desc = "Verify with public key, recover original data",
 		.type = OPTION_VALUE,
 		.value = EVP_PKEY_OP_VERIFYRECOVER,
-		.opt.value = &pkeyutl_config.pkey_op,
+		.opt.value = &cfg.pkey_op,
 	},
 
 	{NULL},
@@ -268,36 +268,36 @@
 		exit(1);
 	}
 
-	memset(&pkeyutl_config, 0, sizeof(pkeyutl_config));
-	pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN;
-	pkeyutl_config.key_type = KEY_PRIVKEY;
-	pkeyutl_config.keyform = FORMAT_PEM;
-	pkeyutl_config.peerform = FORMAT_PEM;
-	pkeyutl_config.keysize = -1;
+	memset(&cfg, 0, sizeof(cfg));
+	cfg.pkey_op = EVP_PKEY_OP_SIGN;
+	cfg.key_type = KEY_PRIVKEY;
+	cfg.keyform = FORMAT_PEM;
+	cfg.peerform = FORMAT_PEM;
+	cfg.keysize = -1;
 
 	if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) {
 		pkeyutl_usage();
 		goto end;
 	}
 
-	if (!pkeyutl_config.ctx) {
+	if (!cfg.ctx) {
 		pkeyutl_usage();
 		goto end;
 	}
-	if (pkeyutl_config.sigfile &&
-	    (pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) {
+	if (cfg.sigfile &&
+	    (cfg.pkey_op != EVP_PKEY_OP_VERIFY)) {
 		BIO_puts(bio_err, "Signature file specified for non verify\n");
 		goto end;
 	}
-	if (!pkeyutl_config.sigfile &&
-	    (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) {
+	if (!cfg.sigfile &&
+	    (cfg.pkey_op == EVP_PKEY_OP_VERIFY)) {
 		BIO_puts(bio_err, "No signature file specified for verify\n");
 		goto end;
 	}
 
-	if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) {
-		if (pkeyutl_config.infile) {
-			if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) {
+	if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) {
+		if (cfg.infile) {
+			if (!(in = BIO_new_file(cfg.infile, "rb"))) {
 				BIO_puts(bio_err,
 				    "Error Opening Input File\n");
 				ERR_print_errors(bio_err);
@@ -306,8 +306,8 @@
 		} else
 			in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	}
-	if (pkeyutl_config.outfile) {
-		if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) {
+	if (cfg.outfile) {
+		if (!(out = BIO_new_file(cfg.outfile, "wb"))) {
 			BIO_printf(bio_err, "Error Creating Output File\n");
 			ERR_print_errors(bio_err);
 			goto end;
@@ -316,14 +316,14 @@
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 	}
 
-	if (pkeyutl_config.sigfile) {
-		BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb");
+	if (cfg.sigfile) {
+		BIO *sigbio = BIO_new_file(cfg.sigfile, "rb");
 		if (!sigbio) {
 			BIO_printf(bio_err, "Can't open signature file %s\n",
-			    pkeyutl_config.sigfile);
+			    cfg.sigfile);
 			goto end;
 		}
-		siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio);
+		siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio);
 		BIO_free(sigbio);
 		if (siglen <= 0) {
 			BIO_printf(bio_err, "Error reading signature data\n");
@@ -332,12 +332,12 @@
 	}
 	if (in) {
 		/* Read the input data */
-		buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in);
+		buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in);
 		if (buf_inlen <= 0) {
 			BIO_printf(bio_err, "Error reading input Data\n");
 			exit(1);
 		}
-		if (pkeyutl_config.rev) {
+		if (cfg.rev) {
 			size_t i;
 			unsigned char ctmp;
 			size_t l = (size_t) buf_inlen;
@@ -348,8 +348,8 @@
 			}
 		}
 	}
-	if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) {
-		rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen,
+	if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) {
+		rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen,
 		    buf_in, (size_t) buf_inlen);
 		if (rv == 1) {
 			BIO_puts(out, "Signature Verified Successfully\n");
@@ -359,15 +359,15 @@
 		if (rv >= 0)
 			goto end;
 	} else {
-		rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL,
+		rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL,
 		    (size_t *)&buf_outlen, buf_in, (size_t) buf_inlen);
 		if (rv > 0) {
 			buf_out = malloc(buf_outlen);
 			if (!buf_out)
 				rv = -1;
 			else
-				rv = do_keyop(pkeyutl_config.ctx,
-				    pkeyutl_config.pkey_op,
+				rv = do_keyop(cfg.ctx,
+				    cfg.pkey_op,
 				    buf_out, (size_t *) & buf_outlen,
 				    buf_in, (size_t) buf_inlen);
 		}
@@ -379,16 +379,16 @@
 		goto end;
 	}
 	ret = 0;
-	if (pkeyutl_config.asn1parse) {
+	if (cfg.asn1parse) {
 		if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
 			ERR_print_errors(bio_err);
-	} else if (pkeyutl_config.hexdump)
+	} else if (cfg.hexdump)
 		BIO_dump(out, (char *) buf_out, buf_outlen);
 	else
 		BIO_write(out, buf_out, buf_outlen);
 
  end:
-	EVP_PKEY_CTX_free(pkeyutl_config.ctx);
+	EVP_PKEY_CTX_free(cfg.ctx);
 	BIO_free(in);
 	BIO_free_all(out);
 	free(buf_in);
@@ -406,32 +406,32 @@
 	int rv = -1;
 	X509 *x;
 
-	if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN)
-		|| (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT)
-		|| (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE))
-	    && (pkeyutl_config.key_type != KEY_PRIVKEY)) {
+	if (((cfg.pkey_op == EVP_PKEY_OP_SIGN)
+		|| (cfg.pkey_op == EVP_PKEY_OP_DECRYPT)
+		|| (cfg.pkey_op == EVP_PKEY_OP_DERIVE))
+	    && (cfg.key_type != KEY_PRIVKEY)) {
 		BIO_printf(bio_err,
 		    "A private key is needed for this operation\n");
 		goto end;
 	}
-	if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin,
+	if (!app_passwd(bio_err, cfg.passargin, NULL, &passin,
 	    NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 	}
-	switch (pkeyutl_config.key_type) {
+	switch (cfg.key_type) {
 	case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0,
+		pkey = load_key(bio_err, keyfile, cfg.keyform, 0,
 		    passin, "Private Key");
 		break;
 
 	case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0,
+		pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0,
 		    NULL, "Public Key");
 		break;
 
 	case KEY_CERT:
-		x = load_cert(bio_err, keyfile, pkeyutl_config.keyform,
+		x = load_cert(bio_err, keyfile, cfg.keyform,
 		    NULL, "Certificate");
 		if (x) {
 			pkey = X509_get_pubkey(x);
@@ -440,53 +440,53 @@
 		break;
 	}
 
-	pkeyutl_config.keysize = EVP_PKEY_size(pkey);
+	cfg.keysize = EVP_PKEY_size(pkey);
 
 	if (!pkey)
 		goto end;
 
-	pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL);
+	cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL);
 
 	EVP_PKEY_free(pkey);
 
-	if (!pkeyutl_config.ctx)
+	if (!cfg.ctx)
 		goto end;
 
-	switch (pkeyutl_config.pkey_op) {
+	switch (cfg.pkey_op) {
 	case EVP_PKEY_OP_SIGN:
-		rv = EVP_PKEY_sign_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_sign_init(cfg.ctx);
 		break;
 
 	case EVP_PKEY_OP_VERIFY:
-		rv = EVP_PKEY_verify_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_verify_init(cfg.ctx);
 		break;
 
 	case EVP_PKEY_OP_VERIFYRECOVER:
-		rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_verify_recover_init(cfg.ctx);
 		break;
 
 	case EVP_PKEY_OP_ENCRYPT:
-		rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_encrypt_init(cfg.ctx);
 		break;
 
 	case EVP_PKEY_OP_DECRYPT:
-		rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_decrypt_init(cfg.ctx);
 		break;
 
 	case EVP_PKEY_OP_DERIVE:
-		rv = EVP_PKEY_derive_init(pkeyutl_config.ctx);
+		rv = EVP_PKEY_derive_init(cfg.ctx);
 		break;
 	}
 
 	if (rv <= 0) {
-		EVP_PKEY_CTX_free(pkeyutl_config.ctx);
-		pkeyutl_config.ctx = NULL;
+		EVP_PKEY_CTX_free(cfg.ctx);
+		cfg.ctx = NULL;
 	}
 
  end:
 	free(passin);
 
-	if (!pkeyutl_config.ctx) {
+	if (!cfg.ctx) {
 		BIO_puts(bio_err, "Error initializing context\n");
 		ERR_print_errors(bio_err);
 		return (1);
@@ -501,11 +501,11 @@
 	EVP_PKEY *peer = NULL;
 	int ret;
 
-	if (!pkeyutl_config.ctx) {
+	if (!cfg.ctx) {
 		BIO_puts(bio_err, "-peerkey command before -inkey\n");
 		return (1);
 	}
-	peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL,
+	peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL,
 	    "Peer Key");
 
 	if (!peer) {
@@ -513,7 +513,7 @@
 		ERR_print_errors(bio_err);
 		return (1);
 	}
-	ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer);
+	ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer);
 
 	EVP_PKEY_free(peer);
 	if (ret <= 0) {
@@ -527,10 +527,10 @@
 static int
 pkeyutl_pkeyopt(char *pkeyopt)
 {
-	if (!pkeyutl_config.ctx) {
+	if (!cfg.ctx) {
 		BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
 		return (1);
-	} else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) {
+	} else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) {
 		BIO_puts(bio_err, "parameter setting error\n");
 		ERR_print_errors(bio_err);
 		return (1);