Convert openssl(1) gendsa to the newer style of option handling

- Adapt openssl(1) gendsa command to new option handling. - Add lacking ciphers and passout description in openssl.1 manpage. - Describe paramfile as argument in openssl.1 manpage. ok bcook@
author: inoguchi <> 2019-06-07 02:32:22 +0000
committer: inoguchi <> 2019-06-07 02:32:22 +0000
commit: e8b669f2076c79bee41d4c83b46469fece481ee8 (patch)
tree: 81d1d440f27ca77fcc9d4b9d7f0c5c18ffe9afb0 /src
parent: cc3b0029b71b5fced0a6c6099d13f1d7df3401be (diff)
download: openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.tar.gz
openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.tar.bz2
openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.zip
2 files changed, 178 insertions, 84 deletions
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index 3197e7be7c..f2e155128c 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gendsa.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */
+/* $OpenBSD: gendsa.c,v 1.11 2019/06/07 02:32:22 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -74,16 +74,114 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
+static int set_enc(int argc, char **argv, int *argsused);
+static const EVP_CIPHER *get_cipher_by_name(char *name);
+static struct {
+        const EVP_CIPHER *enc;
+        char *outfile;
+        char *passargout;
+} gendsa_config;
+static struct option gendsa_options[] = {
+#ifndef OPENSSL_NO_AES
+        {
+                .name = "aes128",
+                .desc = "Encrypt PEM output with cbc aes",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+        {
+                .name = "aes192",
+                .desc = "Encrypt PEM output with cbc aes",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+        {
+                .name = "aes256",
+                .desc = "Encrypt PEM output with cbc aes",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+        {
+                .name = "camellia128",
+                .desc = "Encrypt PEM output with cbc camellia",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+        {
+                .name = "camellia192",
+                .desc = "Encrypt PEM output with cbc camellia",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+        {
+                .name = "camellia256",
+                .desc = "Encrypt PEM output with cbc camellia",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+#endif
+#ifndef OPENSSL_NO_DES
+        {
+                .name = "des",
+                .desc = "Encrypt the generated key with DES in cbc mode",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+        {
+                .name = "des3",
+                .desc = "Encrypt the generated key with DES in ede cbc mode (168 bit key)",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+#endif
+#ifndef OPENSSL_NO_IDEA
+        {
+                .name = "idea",
+                .desc = "Encrypt the generated key with IDEA in cbc mode",
+                .type = OPTION_ARGV_FUNC,
+                .opt.argvfunc = set_enc,
+        },
+#endif
+        {
+                .name = "out",
+                .argname = "file",
+                .desc = "Output the key to 'file'",
+                .type = OPTION_ARG,
+                .opt.arg = &gendsa_config.outfile,
+        },
+        {
+                .name = "passout",
+                .argname = "src",
+                .desc = "Output file passphrase source",
+                .type = OPTION_ARG,
+                .opt.arg = &gendsa_config.passargout,
+        },
+        { NULL },
+};
+static void
+gendsa_usage(void)
+{
+        fprintf(stderr, "usage: gendsa [-aes128 | -aes192 | -aes256 |\n");
+        fprintf(stderr, "    -camellia128 | -camellia192 | -camellia256 |\n");
+        fprintf(stderr, "    -des | -des3 | -idea] [-out file] [-passout src]");
+        fprintf(stderr, " paramfile\n\n");
+        options_usage(gendsa_options);
+        fprintf(stderr, "\n");
+}
 int
 gendsa_main(int argc, char **argv)
 {
        DSA *dsa = NULL;
        int ret = 1;
-        char *outfile = NULL;
        char *dsaparams = NULL;
-        char *passargout = NULL, *passout = NULL;
+        char *passout = NULL;
        BIO *out = NULL, *in = NULL;
-        const EVP_CIPHER *enc = NULL;
        if (single_execution) {
                if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -92,80 +190,19 @@ gendsa_main(int argc, char **argv)
                }
        }
-        argv++;
+        memset(&gendsa_config, 0, sizeof(gendsa_config));
-        argc--;
-        for (;;) {
+        if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) {
-                if (argc <= 0)
+                gendsa_usage();
-                        break;
+                goto end;
-                if (strcmp(*argv, "-out") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        outfile = *(++argv);
-                } else if (strcmp(*argv, "-passout") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        passargout = *(++argv);
-                }
-                else if (strcmp(*argv, "-") == 0)
-                        goto bad;
-#ifndef OPENSSL_NO_DES
-                else if (strcmp(*argv, "-des") == 0)
-                        enc = EVP_des_cbc();
-                else if (strcmp(*argv, "-des3") == 0)
-                        enc = EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
-                else if (strcmp(*argv, "-idea") == 0)
-                        enc = EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-                else if (strcmp(*argv, "-aes128") == 0)
-                        enc = EVP_aes_128_cbc();
-                else if (strcmp(*argv, "-aes192") == 0)
-                        enc = EVP_aes_192_cbc();
-                else if (strcmp(*argv, "-aes256") == 0)
-                        enc = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-                else if (strcmp(*argv, "-camellia128") == 0)
-                        enc = EVP_camellia_128_cbc();
-                else if (strcmp(*argv, "-camellia192") == 0)
-                        enc = EVP_camellia_192_cbc();
-                else if (strcmp(*argv, "-camellia256") == 0)
-                        enc = EVP_camellia_256_cbc();
-#endif
-                else if (**argv != '-' && dsaparams == NULL) {
-                        dsaparams = *argv;
-                } else
-                        goto bad;
-                argv++;
-                argc--;
        }
        if (dsaparams == NULL) {
- bad:
+                gendsa_usage();
-                BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
-                BIO_printf(bio_err, " -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
-                BIO_printf(bio_err, " -des      - encrypt the generated key with DES in cbc mode\n");
-                BIO_printf(bio_err, " -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#endif
-#ifndef OPENSSL_NO_IDEA
-                BIO_printf(bio_err, " -idea     - encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_AES
-                BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
-                BIO_printf(bio_err, "                 encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-                BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
-                BIO_printf(bio_err, "                 encrypt PEM output with cbc camellia\n");
-#endif
-                BIO_printf(bio_err, " dsaparam-file\n");
-                BIO_printf(bio_err, "           - a DSA parameter file as generated by the dsaparam command\n");
                goto end;
        }
-        if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+        if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL,
+            &passout)) {
                BIO_printf(bio_err, "Error getting password\n");
                goto end;
        }
@@ -185,11 +222,11 @@ gendsa_main(int argc, char **argv)
        if (out == NULL)
                goto end;
-        if (outfile == NULL) {
+        if (gendsa_config.outfile == NULL) {
                BIO_set_fp(out, stdout, BIO_NOCLOSE);
        } else {
-                if (BIO_write_filename(out, outfile) <= 0) {
+                if (BIO_write_filename(out, gendsa_config.outfile) <= 0) {
-                        perror(outfile);
+                        perror(gendsa_config.outfile);
                        goto end;
                }
        }
@@ -199,7 +236,8 @@ gendsa_main(int argc, char **argv)
        if (!DSA_generate_key(dsa))
                goto end;
-        if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
+        if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0,
+            NULL, passout))
                goto end;
        ret = 0;
 end:
@@ -212,3 +250,52 @@ gendsa_main(int argc, char **argv)
        return (ret);
 }
+static int
+set_enc(int argc, char **argv, int *argsused)
+{
+        char *name = argv[0];
+        if (*name++ != '-')
+                return (1);
+        if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL)
+                return (1);
+        *argsused = 1;
+        return (0);
+}
+static const EVP_CIPHER *get_cipher_by_name(char *name)
+{
+        if (name == NULL || strcmp(name, "") == 0)
+                return (NULL);
+#ifndef OPENSSL_NO_AES
+        else if (strcmp(name, "aes128") == 0)
+                return EVP_aes_128_cbc();
+        else if (strcmp(name, "aes192") == 0)
+                return EVP_aes_192_cbc();
+        else if (strcmp(name, "aes256") == 0)
+                return EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+        else if (strcmp(name, "camellia128") == 0)
+                return EVP_camellia_128_cbc();
+        else if (strcmp(name, "camellia192") == 0)
+                return EVP_camellia_192_cbc();
+        else if (strcmp(name, "camellia256") == 0)
+                return EVP_camellia_256_cbc();
+#endif
+#ifndef OPENSSL_NO_DES
+        else if (strcmp(name, "des") == 0)
+                return EVP_des_cbc();
+        else if (strcmp(name, "des3") == 0)
+                return EVP_des_ede3_cbc();
+#endif
+#ifndef OPENSSL_NO_IDEA
+        else if (strcmp(name, "idea") == 0)
+                return EVP_idea_cbc();
+#endif
+        else
+                return (NULL);
+}
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index d00d5a8e50..e5d123b449 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.100 2019/02/04 11:21:05 tb Exp $
+.\" $OpenBSD: openssl.1,v 1.101 2019/06/07 02:32:22 inoguchi Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: February 4 2019 $
+.Dd $Mdocdate: June 7 2019 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1682,10 +1682,13 @@ Print debugging statistics about various aspects of the hash table.
 .Nm "openssl gendsa"
 .Oo
 .Fl aes128 | aes192 | aes256 |
-.Fl des | des3
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
 .Oc
 .Op Fl out Ar file
-.Op Ar paramfile
+.Op Fl passout Ar arg
+.Ar paramfile
 .nr nS 0
 .Pp
 The
@@ -1703,15 +1706,19 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Xo
 .Fl aes128 | aes192 | aes256 |
-.Fl des | des3
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
 .Xc
-Encrypt the private key with the AES, DES,
+Encrypt the private key with the AES, CAMELLIA, DES, triple DES
-or the triple DES ciphers, respectively, before outputting it.
+or the IDEA ciphers, respectively, before outputting it.
 A pass phrase is prompted for.
 If none of these options are specified, no encryption is used.
 .It Fl out Ar file
 The output file to write to,
 or standard output if not specified.
+.It Fl passout Ar arg
+The output file password source.
 .It Ar paramfile
 Specify the DSA parameter file to use.
 The parameters in this file determine the size of the private key.
author	inoguchi <>	2019-06-07 02:32:22 +0000
committer	inoguchi <>	2019-06-07 02:32:22 +0000
commit	e8b669f2076c79bee41d4c83b46469fece481ee8 (patch)
tree	81d1d440f27ca77fcc9d4b9d7f0c5c18ffe9afb0 /src
parent	cc3b0029b71b5fced0a6c6099d13f1d7df3401be (diff)
download	openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.tar.gz openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.tar.bz2 openbsd-e8b669f2076c79bee41d4c83b46469fece481ee8.zip

diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c index 3197e7be7c..f2e155128c 100644 --- a/src/usr.bin/openssl/gendsa.c +++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gendsa.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */	1	/* $OpenBSD: gendsa.c,v 1.11 2019/06/07 02:32:22 inoguchi Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -74,16 +74,114 @@
74	#include <openssl/pem.h>	74	#include <openssl/pem.h>
75	#include <openssl/x509.h>	75	#include <openssl/x509.h>
76		76
		77	static int set_enc(int argc, char *argv, int argsused);
		78	static const EVP_CIPHER get_cipher_by_name(char name);
		79
		80	static struct {
		81	const EVP_CIPHER *enc;
		82	char *outfile;
		83	char *passargout;
		84	} gendsa_config;
		85
		86	static struct option gendsa_options[] = {
		87	#ifndef OPENSSL_NO_AES
		88	{
		89	.name = "aes128",
		90	.desc = "Encrypt PEM output with cbc aes",
		91	.type = OPTION_ARGV_FUNC,
		92	.opt.argvfunc = set_enc,
		93	},
		94	{
		95	.name = "aes192",
		96	.desc = "Encrypt PEM output with cbc aes",
		97	.type = OPTION_ARGV_FUNC,
		98	.opt.argvfunc = set_enc,
		99	},
		100	{
		101	.name = "aes256",
		102	.desc = "Encrypt PEM output with cbc aes",
		103	.type = OPTION_ARGV_FUNC,
		104	.opt.argvfunc = set_enc,
		105	},
		106	#endif
		107	#ifndef OPENSSL_NO_CAMELLIA
		108	{
		109	.name = "camellia128",
		110	.desc = "Encrypt PEM output with cbc camellia",
		111	.type = OPTION_ARGV_FUNC,
		112	.opt.argvfunc = set_enc,
		113	},
		114	{
		115	.name = "camellia192",
		116	.desc = "Encrypt PEM output with cbc camellia",
		117	.type = OPTION_ARGV_FUNC,
		118	.opt.argvfunc = set_enc,
		119	},
		120	{
		121	.name = "camellia256",
		122	.desc = "Encrypt PEM output with cbc camellia",
		123	.type = OPTION_ARGV_FUNC,
		124	.opt.argvfunc = set_enc,
		125	},
		126	#endif
		127	#ifndef OPENSSL_NO_DES
		128	{
		129	.name = "des",
		130	.desc = "Encrypt the generated key with DES in cbc mode",
		131	.type = OPTION_ARGV_FUNC,
		132	.opt.argvfunc = set_enc,
		133	},
		134	{
		135	.name = "des3",
		136	.desc = "Encrypt the generated key with DES in ede cbc mode (168 bit key)",
		137	.type = OPTION_ARGV_FUNC,
		138	.opt.argvfunc = set_enc,
		139	},
		140	#endif
		141	#ifndef OPENSSL_NO_IDEA
		142	{
		143	.name = "idea",
		144	.desc = "Encrypt the generated key with IDEA in cbc mode",
		145	.type = OPTION_ARGV_FUNC,
		146	.opt.argvfunc = set_enc,
		147	},
		148	#endif
		149	{
		150	.name = "out",
		151	.argname = "file",
		152	.desc = "Output the key to 'file'",
		153	.type = OPTION_ARG,
		154	.opt.arg = &gendsa_config.outfile,
		155	},
		156	{
		157	.name = "passout",
		158	.argname = "src",
		159	.desc = "Output file passphrase source",
		160	.type = OPTION_ARG,
		161	.opt.arg = &gendsa_config.passargout,
		162	},
		163	{ NULL },
		164	};
		165
		166	static void
		167	gendsa_usage(void)
		168	{
		169	fprintf(stderr, "usage: gendsa [-aes128 \| -aes192 \| -aes256 \|\n");
		170	fprintf(stderr, " -camellia128 \| -camellia192 \| -camellia256 \|\n");
		171	fprintf(stderr, " -des \| -des3 \| -idea] [-out file] [-passout src]");
		172	fprintf(stderr, " paramfile\n\n");
		173	options_usage(gendsa_options);
		174	fprintf(stderr, "\n");
		175	}
		176
77	int	177	int
78	gendsa_main(int argc, char **argv)	178	gendsa_main(int argc, char **argv)
79	{	179	{
80	DSA *dsa = NULL;	180	DSA *dsa = NULL;
81	int ret = 1;	181	int ret = 1;
82	char *outfile = NULL;
83	char *dsaparams = NULL;	182	char *dsaparams = NULL;
84	char passargout = NULL, passout = NULL;	183	char *passout = NULL;
85	BIO out = NULL, in = NULL;	184	BIO out = NULL, in = NULL;
86	const EVP_CIPHER *enc = NULL;
87		185
88	if (single_execution) {	186	if (single_execution) {
89	if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {	187	if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -92,80 +190,19 @@ gendsa_main(int argc, char **argv)
92	}	190	}
93	}	191	}
94		192
95	argv++;	193	memset(&gendsa_config, 0, sizeof(gendsa_config));
96	argc--;	194
97	for (;;) {	195	if (options_parse(argc, argv, gendsa_options, &dsaparams, NULL) != 0) {
98	if (argc <= 0)	196	gendsa_usage();
99	break;	197	goto end;
100	if (strcmp(*argv, "-out") == 0) {
101	if (--argc < 1)
102	goto bad;
103	outfile = *(++argv);
104	} else if (strcmp(*argv, "-passout") == 0) {
105	if (--argc < 1)
106	goto bad;
107	passargout = *(++argv);
108	}
109	else if (strcmp(*argv, "-") == 0)
110	goto bad;
111	#ifndef OPENSSL_NO_DES
112	else if (strcmp(*argv, "-des") == 0)
113	enc = EVP_des_cbc();
114	else if (strcmp(*argv, "-des3") == 0)
115	enc = EVP_des_ede3_cbc();
116	#endif
117	#ifndef OPENSSL_NO_IDEA
118	else if (strcmp(*argv, "-idea") == 0)
119	enc = EVP_idea_cbc();
120	#endif
121	#ifndef OPENSSL_NO_AES
122	else if (strcmp(*argv, "-aes128") == 0)
123	enc = EVP_aes_128_cbc();
124	else if (strcmp(*argv, "-aes192") == 0)
125	enc = EVP_aes_192_cbc();
126	else if (strcmp(*argv, "-aes256") == 0)
127	enc = EVP_aes_256_cbc();
128	#endif
129	#ifndef OPENSSL_NO_CAMELLIA
130	else if (strcmp(*argv, "-camellia128") == 0)
131	enc = EVP_camellia_128_cbc();
132	else if (strcmp(*argv, "-camellia192") == 0)
133	enc = EVP_camellia_192_cbc();
134	else if (strcmp(*argv, "-camellia256") == 0)
135	enc = EVP_camellia_256_cbc();
136	#endif
137	else if (**argv != '-' && dsaparams == NULL) {
138	dsaparams = *argv;
139	} else
140	goto bad;
141	argv++;
142	argc--;
143	}	198	}
144		199
145	if (dsaparams == NULL) {	200	if (dsaparams == NULL) {
146	bad:	201	gendsa_usage();
147	BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
148	BIO_printf(bio_err, " -out file - output the key to 'file'\n");
149	#ifndef OPENSSL_NO_DES
150	BIO_printf(bio_err, " -des - encrypt the generated key with DES in cbc mode\n");
151	BIO_printf(bio_err, " -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
152	#endif
153	#ifndef OPENSSL_NO_IDEA
154	BIO_printf(bio_err, " -idea - encrypt the generated key with IDEA in cbc mode\n");
155	#endif
156	#ifndef OPENSSL_NO_AES
157	BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
158	BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
159	#endif
160	#ifndef OPENSSL_NO_CAMELLIA
161	BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
162	BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
163	#endif
164	BIO_printf(bio_err, " dsaparam-file\n");
165	BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n");
166	goto end;	202	goto end;
167	}	203	}
168	if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {	204	if (!app_passwd(bio_err, NULL, gendsa_config.passargout, NULL,
		205	&passout)) {
169	BIO_printf(bio_err, "Error getting password\n");	206	BIO_printf(bio_err, "Error getting password\n");
170	goto end;	207	goto end;
171	}	208	}
@@ -185,11 +222,11 @@ gendsa_main(int argc, char **argv)
185	if (out == NULL)	222	if (out == NULL)
186	goto end;	223	goto end;
187		224
188	if (outfile == NULL) {	225	if (gendsa_config.outfile == NULL) {
189	BIO_set_fp(out, stdout, BIO_NOCLOSE);	226	BIO_set_fp(out, stdout, BIO_NOCLOSE);
190	} else {	227	} else {
191	if (BIO_write_filename(out, outfile) <= 0) {	228	if (BIO_write_filename(out, gendsa_config.outfile) <= 0) {
192	perror(outfile);	229	perror(gendsa_config.outfile);
193	goto end;	230	goto end;
194	}	231	}
195	}	232	}
@@ -199,7 +236,8 @@ gendsa_main(int argc, char **argv)
199	if (!DSA_generate_key(dsa))	236	if (!DSA_generate_key(dsa))
200	goto end;	237	goto end;
201		238
202	if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))	239	if (!PEM_write_bio_DSAPrivateKey(out, dsa, gendsa_config.enc, NULL, 0,
		240	NULL, passout))
203	goto end;	241	goto end;
204	ret = 0;	242	ret = 0;
205	end:	243	end:
@@ -212,3 +250,52 @@ gendsa_main(int argc, char **argv)
212		250
213	return (ret);	251	return (ret);
214	}	252	}
		253
		254	static int
		255	set_enc(int argc, char *argv, int argsused)
		256	{
		257	char *name = argv[0];
		258
		259	if (*name++ != '-')
		260	return (1);
		261
		262	if ((gendsa_config.enc = get_cipher_by_name(name)) == NULL)
		263	return (1);
		264
		265	*argsused = 1;
		266	return (0);
		267	}
		268
		269	static const EVP_CIPHER get_cipher_by_name(char name)
		270	{
		271	if (name == NULL \|\| strcmp(name, "") == 0)
		272	return (NULL);
		273	#ifndef OPENSSL_NO_AES
		274	else if (strcmp(name, "aes128") == 0)
		275	return EVP_aes_128_cbc();
		276	else if (strcmp(name, "aes192") == 0)
		277	return EVP_aes_192_cbc();
		278	else if (strcmp(name, "aes256") == 0)
		279	return EVP_aes_256_cbc();
		280	#endif
		281	#ifndef OPENSSL_NO_CAMELLIA
		282	else if (strcmp(name, "camellia128") == 0)
		283	return EVP_camellia_128_cbc();
		284	else if (strcmp(name, "camellia192") == 0)
		285	return EVP_camellia_192_cbc();
		286	else if (strcmp(name, "camellia256") == 0)
		287	return EVP_camellia_256_cbc();
		288	#endif
		289	#ifndef OPENSSL_NO_DES
		290	else if (strcmp(name, "des") == 0)
		291	return EVP_des_cbc();
		292	else if (strcmp(name, "des3") == 0)
		293	return EVP_des_ede3_cbc();
		294	#endif
		295	#ifndef OPENSSL_NO_IDEA
		296	else if (strcmp(name, "idea") == 0)
		297	return EVP_idea_cbc();
		298	#endif
		299	else
		300	return (NULL);
		301	}


diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index d00d5a8e50..e5d123b449 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.100 2019/02/04 11:21:05 tb Exp $	1	.\" $OpenBSD: openssl.1,v 1.101 2019/06/07 02:32:22 inoguchi Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -110,7 +110,7 @@
110	.\" copied and put under another distribution licence	110	.\" copied and put under another distribution licence
111	.\" [including the GNU Public Licence.]	111	.\" [including the GNU Public Licence.]
112	.\"	112	.\"
113	.Dd $Mdocdate: February 4 2019 $	113	.Dd $Mdocdate: June 7 2019 $
114	.Dt OPENSSL 1	114	.Dt OPENSSL 1
115	.Os	115	.Os
116	.Sh NAME	116	.Sh NAME
@@ -1682,10 +1682,13 @@ Print debugging statistics about various aspects of the hash table.
1682	.Nm "openssl gendsa"	1682	.Nm "openssl gendsa"
1683	.Oo	1683	.Oo
1684	.Fl aes128 \| aes192 \| aes256 \|	1684	.Fl aes128 \| aes192 \| aes256 \|
1685	.Fl des \| des3	1685	.Fl camellia128 \| camellia192 \| camellia256 \|
		1686	.Fl des \| des3 \|
		1687	.Fl idea
1686	.Oc	1688	.Oc
1687	.Op Fl out Ar file	1689	.Op Fl out Ar file
1688	.Op Ar paramfile	1690	.Op Fl passout Ar arg
		1691	.Ar paramfile
1689	.nr nS 0	1692	.nr nS 0
1690	.Pp	1693	.Pp
1691	The	1694	The
@@ -1703,15 +1706,19 @@ The options are as follows:
1703	.Bl -tag -width Ds	1706	.Bl -tag -width Ds
1704	.It Xo	1707	.It Xo
1705	.Fl aes128 \| aes192 \| aes256 \|	1708	.Fl aes128 \| aes192 \| aes256 \|
1706	.Fl des \| des3	1709	.Fl camellia128 \| camellia192 \| camellia256 \|
		1710	.Fl des \| des3 \|
		1711	.Fl idea
1707	.Xc	1712	.Xc
1708	Encrypt the private key with the AES, DES,	1713	Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1709	or the triple DES ciphers, respectively, before outputting it.	1714	or the IDEA ciphers, respectively, before outputting it.
1710	A pass phrase is prompted for.	1715	A pass phrase is prompted for.
1711	If none of these options are specified, no encryption is used.	1716	If none of these options are specified, no encryption is used.
1712	.It Fl out Ar file	1717	.It Fl out Ar file
1713	The output file to write to,	1718	The output file to write to,
1714	or standard output if not specified.	1719	or standard output if not specified.
		1720	.It Fl passout Ar arg
		1721	The output file password source.
1715	.It Ar paramfile	1722	.It Ar paramfile
1716	Specify the DSA parameter file to use.	1723	Specify the DSA parameter file to use.
1717	The parameters in this file determine the size of the private key.	1724	The parameters in this file determine the size of the private key.