version 1.17, 2022/11/11 17:07:39 |
version 1.18, 2023/03/06 14:32:06 |
|
|
int pubout; |
int pubout; |
int pvk_encr; |
int pvk_encr; |
int text; |
int text; |
} rsa_config; |
} cfg; |
|
|
static int |
static int |
rsa_opt_cipher(int argc, char **argv, int *argsused) |
rsa_opt_cipher(int argc, char **argv, int *argsused) |
|
|
if (*name++ != '-') |
if (*name++ != '-') |
return (1); |
return (1); |
|
|
if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) { |
if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) { |
fprintf(stderr, "Invalid cipher '%s'\n", name); |
fprintf(stderr, "Invalid cipher '%s'\n", name); |
return (1); |
return (1); |
} |
} |
|
|
.name = "check", |
.name = "check", |
.desc = "Check consistency of RSA private key", |
.desc = "Check consistency of RSA private key", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &rsa_config.check, |
.opt.flag = &cfg.check, |
}, |
}, |
{ |
{ |
.name = "in", |
.name = "in", |
.argname = "file", |
.argname = "file", |
.desc = "Input file (default stdin)", |
.desc = "Input file (default stdin)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &rsa_config.infile, |
.opt.arg = &cfg.infile, |
}, |
}, |
{ |
{ |
.name = "inform", |
.name = "inform", |
.argname = "format", |
.argname = "format", |
.desc = "Input format (DER, NET or PEM (default))", |
.desc = "Input format (DER, NET or PEM (default))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &rsa_config.informat, |
.opt.value = &cfg.informat, |
}, |
}, |
{ |
{ |
.name = "modulus", |
.name = "modulus", |
.desc = "Print the RSA key modulus", |
.desc = "Print the RSA key modulus", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &rsa_config.modulus, |
.opt.flag = &cfg.modulus, |
}, |
}, |
{ |
{ |
.name = "noout", |
.name = "noout", |
.desc = "Do not print encoded version of the key", |
.desc = "Do not print encoded version of the key", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &rsa_config.noout, |
.opt.flag = &cfg.noout, |
}, |
}, |
{ |
{ |
.name = "out", |
.name = "out", |
.argname = "file", |
.argname = "file", |
.desc = "Output file (default stdout)", |
.desc = "Output file (default stdout)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &rsa_config.outfile, |
.opt.arg = &cfg.outfile, |
}, |
}, |
{ |
{ |
.name = "outform", |
.name = "outform", |
.argname = "format", |
.argname = "format", |
.desc = "Output format (DER, NET or PEM (default PEM))", |
.desc = "Output format (DER, NET or PEM (default PEM))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &rsa_config.outformat, |
.opt.value = &cfg.outformat, |
}, |
}, |
{ |
{ |
.name = "passin", |
.name = "passin", |
.argname = "src", |
.argname = "src", |
.desc = "Input file passphrase source", |
.desc = "Input file passphrase source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &rsa_config.passargin, |
.opt.arg = &cfg.passargin, |
}, |
}, |
{ |
{ |
.name = "passout", |
.name = "passout", |
.argname = "src", |
.argname = "src", |
.desc = "Output file passphrase source", |
.desc = "Output file passphrase source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &rsa_config.passargout, |
.opt.arg = &cfg.passargout, |
}, |
}, |
{ |
{ |
.name = "pubin", |
.name = "pubin", |
.desc = "Expect a public key (default private key)", |
.desc = "Expect a public key (default private key)", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 1, |
.value = 1, |
.opt.value = &rsa_config.pubin, |
.opt.value = &cfg.pubin, |
}, |
}, |
{ |
{ |
.name = "pubout", |
.name = "pubout", |
.desc = "Output a public key (default private key)", |
.desc = "Output a public key (default private key)", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 1, |
.value = 1, |
.opt.value = &rsa_config.pubout, |
.opt.value = &cfg.pubout, |
}, |
}, |
{ |
{ |
.name = "pvk-none", |
.name = "pvk-none", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 0, |
.value = 0, |
.opt.value = &rsa_config.pvk_encr, |
.opt.value = &cfg.pvk_encr, |
}, |
}, |
{ |
{ |
.name = "pvk-strong", |
.name = "pvk-strong", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 2, |
.value = 2, |
.opt.value = &rsa_config.pvk_encr, |
.opt.value = &cfg.pvk_encr, |
}, |
}, |
{ |
{ |
.name = "pvk-weak", |
.name = "pvk-weak", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 1, |
.value = 1, |
.opt.value = &rsa_config.pvk_encr, |
.opt.value = &cfg.pvk_encr, |
}, |
}, |
{ |
{ |
.name = "RSAPublicKey_in", |
.name = "RSAPublicKey_in", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 2, |
.value = 2, |
.opt.value = &rsa_config.pubin, |
.opt.value = &cfg.pubin, |
}, |
}, |
{ |
{ |
.name = "RSAPublicKey_out", |
.name = "RSAPublicKey_out", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 2, |
.value = 2, |
.opt.value = &rsa_config.pubout, |
.opt.value = &cfg.pubout, |
}, |
}, |
{ |
{ |
.name = "text", |
.name = "text", |
.desc = "Print in plain text in addition to encoded", |
.desc = "Print in plain text in addition to encoded", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &rsa_config.text, |
.opt.flag = &cfg.text, |
}, |
}, |
{ |
{ |
.name = NULL, |
.name = NULL, |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&rsa_config, 0, sizeof(rsa_config)); |
memset(&cfg, 0, sizeof(cfg)); |
rsa_config.pvk_encr = 2; |
cfg.pvk_encr = 2; |
rsa_config.informat = FORMAT_PEM; |
cfg.informat = FORMAT_PEM; |
rsa_config.outformat = FORMAT_PEM; |
cfg.outformat = FORMAT_PEM; |
|
|
if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { |
if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { |
rsa_usage(); |
rsa_usage(); |
goto end; |
goto end; |
} |
} |
|
|
if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, |
if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, |
&passin, &passout)) { |
&passin, &passout)) { |
BIO_printf(bio_err, "Error getting passwords\n"); |
BIO_printf(bio_err, "Error getting passwords\n"); |
goto end; |
goto end; |
} |
} |
if (rsa_config.check && rsa_config.pubin) { |
if (cfg.check && cfg.pubin) { |
BIO_printf(bio_err, "Only private keys can be checked\n"); |
BIO_printf(bio_err, "Only private keys can be checked\n"); |
goto end; |
goto end; |
} |
} |
|
|
{ |
{ |
EVP_PKEY *pkey; |
EVP_PKEY *pkey; |
|
|
if (rsa_config.pubin) { |
if (cfg.pubin) { |
int tmpformat = -1; |
int tmpformat = -1; |
if (rsa_config.pubin == 2) { |
if (cfg.pubin == 2) { |
if (rsa_config.informat == FORMAT_PEM) |
if (cfg.informat == FORMAT_PEM) |
tmpformat = FORMAT_PEMRSA; |
tmpformat = FORMAT_PEMRSA; |
else if (rsa_config.informat == FORMAT_ASN1) |
else if (cfg.informat == FORMAT_ASN1) |
tmpformat = FORMAT_ASN1RSA; |
tmpformat = FORMAT_ASN1RSA; |
} else |
} else |
tmpformat = rsa_config.informat; |
tmpformat = cfg.informat; |
|
|
pkey = load_pubkey(bio_err, rsa_config.infile, |
pkey = load_pubkey(bio_err, cfg.infile, |
tmpformat, 1, passin, "Public Key"); |
tmpformat, 1, passin, "Public Key"); |
} else |
} else |
pkey = load_key(bio_err, rsa_config.infile, |
pkey = load_key(bio_err, cfg.infile, |
rsa_config.informat, 1, passin, "Private Key"); |
cfg.informat, 1, passin, "Private Key"); |
|
|
if (pkey != NULL) |
if (pkey != NULL) |
rsa = EVP_PKEY_get1_RSA(pkey); |
rsa = EVP_PKEY_get1_RSA(pkey); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (rsa_config.outfile == NULL) { |
if (cfg.outfile == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_write_filename(out, rsa_config.outfile) <= 0) { |
if (BIO_write_filename(out, cfg.outfile) <= 0) { |
perror(rsa_config.outfile); |
perror(cfg.outfile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (rsa_config.text) |
if (cfg.text) |
if (!RSA_print(out, rsa, 0)) { |
if (!RSA_print(out, rsa, 0)) { |
perror(rsa_config.outfile); |
perror(cfg.outfile); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (rsa_config.modulus) { |
if (cfg.modulus) { |
BIO_printf(out, "Modulus="); |
BIO_printf(out, "Modulus="); |
BN_print(out, RSA_get0_n(rsa)); |
BN_print(out, RSA_get0_n(rsa)); |
BIO_printf(out, "\n"); |
BIO_printf(out, "\n"); |
} |
} |
if (rsa_config.check) { |
if (cfg.check) { |
int r = RSA_check_key(rsa); |
int r = RSA_check_key(rsa); |
|
|
if (r == 1) |
if (r == 1) |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
if (rsa_config.noout) { |
if (cfg.noout) { |
ret = 0; |
ret = 0; |
goto end; |
goto end; |
} |
} |
BIO_printf(bio_err, "writing RSA key\n"); |
BIO_printf(bio_err, "writing RSA key\n"); |
if (rsa_config.outformat == FORMAT_ASN1) { |
if (cfg.outformat == FORMAT_ASN1) { |
if (rsa_config.pubout || rsa_config.pubin) { |
if (cfg.pubout || cfg.pubin) { |
if (rsa_config.pubout == 2) |
if (cfg.pubout == 2) |
i = i2d_RSAPublicKey_bio(out, rsa); |
i = i2d_RSAPublicKey_bio(out, rsa); |
else |
else |
i = i2d_RSA_PUBKEY_bio(out, rsa); |
i = i2d_RSA_PUBKEY_bio(out, rsa); |
} else |
} else |
i = i2d_RSAPrivateKey_bio(out, rsa); |
i = i2d_RSAPrivateKey_bio(out, rsa); |
} else if (rsa_config.outformat == FORMAT_PEM) { |
} else if (cfg.outformat == FORMAT_PEM) { |
if (rsa_config.pubout || rsa_config.pubin) { |
if (cfg.pubout || cfg.pubin) { |
if (rsa_config.pubout == 2) |
if (cfg.pubout == 2) |
i = PEM_write_bio_RSAPublicKey(out, rsa); |
i = PEM_write_bio_RSAPublicKey(out, rsa); |
else |
else |
i = PEM_write_bio_RSA_PUBKEY(out, rsa); |
i = PEM_write_bio_RSA_PUBKEY(out, rsa); |
} else |
} else |
i = PEM_write_bio_RSAPrivateKey(out, rsa, |
i = PEM_write_bio_RSAPrivateKey(out, rsa, |
rsa_config.enc, NULL, 0, NULL, passout); |
cfg.enc, NULL, 0, NULL, passout); |
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) |
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) |
} else if (rsa_config.outformat == FORMAT_MSBLOB || |
} else if (cfg.outformat == FORMAT_MSBLOB || |
rsa_config.outformat == FORMAT_PVK) { |
cfg.outformat == FORMAT_PVK) { |
EVP_PKEY *pk; |
EVP_PKEY *pk; |
pk = EVP_PKEY_new(); |
pk = EVP_PKEY_new(); |
EVP_PKEY_set1_RSA(pk, rsa); |
EVP_PKEY_set1_RSA(pk, rsa); |
if (rsa_config.outformat == FORMAT_PVK) |
if (cfg.outformat == FORMAT_PVK) |
i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0, |
i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0, |
passout); |
passout); |
else if (rsa_config.pubin || rsa_config.pubout) |
else if (cfg.pubin || cfg.pubout) |
i = i2b_PublicKey_bio(out, pk); |
i = i2b_PublicKey_bio(out, pk); |
else |
else |
i = i2b_PrivateKey_bio(out, pk); |
i = i2b_PrivateKey_bio(out, pk); |