1 files changed, 196 insertions, 121 deletions
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 65b10858b8..c3c3a82f8f 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsautl.c,v 1.14 2019/01/29 10:17:56 tb Exp $ */
+/* $OpenBSD: rsautl.c,v 1.15 2019/02/03 14:20:07 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -58,7 +58,6 @@
 #include <openssl/opensslconf.h>
 #include <string.h>
 #include "apps.h"
@@ -76,26 +75,173 @@
 #define KEY_PUBKEY      2
 #define KEY_CERT        3
-static void usage(void);
+struct {
+        int asn1parse;
+        int hexdump;
+        char *infile;
+        char *keyfile;
+        int keyform;
+        int key_type;
+        char *outfile;
+        int pad;
+        char *passargin;
+        int rev;
+        int rsa_mode;
+} rsautl_config;
+struct option rsautl_options[] = {
+        {
+                .name = "asn1parse",
+                .desc = "ASN.1 parse the output data",
+                .type = OPTION_FLAG,
+                .opt.flag = &rsautl_config.asn1parse,
+        },
+        {
+                .name = "certin",
+                .desc = "Input is a certificate containing an RSA public key",
+                .type = OPTION_VALUE,
+                .value = KEY_CERT,
+                .opt.value = &rsautl_config.key_type,
+        },
+        {
+                .name = "decrypt",
+                .desc = "Decrypt the input data using RSA private key",
+                .type = OPTION_VALUE,
+                .value = RSA_DECRYPT,
+                .opt.value = &rsautl_config.rsa_mode,
+        },
+        {
+                .name = "encrypt",
+                .desc = "Encrypt the input data using RSA public key",
+                .type = OPTION_VALUE,
+                .value = RSA_ENCRYPT,
+                .opt.value = &rsautl_config.rsa_mode,
+        },
+        {
+                .name = "hexdump",
+                .desc = "Hex dump the output data",
+                .type = OPTION_FLAG,
+                .opt.flag = &rsautl_config.hexdump,
+        },
+        {
+                .name = "in",
+                .argname = "file",
+                .desc = "Input file (default stdin)",
+                .type = OPTION_ARG,
+                .opt.arg = &rsautl_config.infile,
+        },
+        {
+                .name = "inkey",
+                .argname = "file",
+                .desc = "Input key file",
+                .type = OPTION_ARG,
+                .opt.arg = &rsautl_config.keyfile,
+        },
+        {
+                .name = "keyform",
+                .argname = "fmt",
+                .desc = "Input key format (DER, TXT or PEM (default))",
+                .type = OPTION_ARG_FORMAT,
+                .opt.value = &rsautl_config.keyform,
+        },
+        {
+                .name = "oaep",
+                .desc = "Use PKCS#1 OAEP padding",
+                .type = OPTION_VALUE,
+                .value = RSA_PKCS1_OAEP_PADDING,
+                .opt.value = &rsautl_config.pad,
+        },
+        {
+                .name = "out",
+                .argname = "file",
+                .desc = "Output file (default stdout)",
+                .type = OPTION_ARG,
+                .opt.arg = &rsautl_config.outfile,
+        },
+        {
+                .name = "passin",
+                .argname = "arg",
+                .desc = "Key password source",
+                .type = OPTION_ARG,
+                .opt.arg = &rsautl_config.passargin,
+        },
+        {
+                .name = "pkcs",
+                .desc = "Use PKCS#1 v1.5 padding (default)",
+                .type = OPTION_VALUE,
+                .value = RSA_PKCS1_PADDING,
+                .opt.value = &rsautl_config.pad,
+        },
+        {
+                .name = "pubin",
+                .desc = "Input is an RSA public key",
+                .type = OPTION_VALUE,
+                .value = KEY_PUBKEY,
+                .opt.value = &rsautl_config.key_type,
+        },
+        {
+                .name = "raw",
+                .desc = "Use no padding",
+                .type = OPTION_VALUE,
+                .value = RSA_NO_PADDING,
+                .opt.value = &rsautl_config.pad,
+        },
+        {
+                .name = "rev",
+                .desc = "Reverse the input data",
+                .type = OPTION_FLAG,
+                .opt.flag = &rsautl_config.rev,
+        },
+        {
+                .name = "sign",
+                .desc = "Sign the input data using RSA private key",
+                .type = OPTION_VALUE,
+                .value = RSA_SIGN,
+                .opt.value = &rsautl_config.rsa_mode,
+        },
+        {
+                .name = "verify",
+                .desc = "Verify the input data using RSA public key",
+                .type = OPTION_VALUE,
+                .value = RSA_VERIFY,
+                .opt.value = &rsautl_config.rsa_mode,
+        },
+        {
+                .name = "x931",
+                .desc = "Use X931 padding",
+                .type = OPTION_VALUE,
+                .value = RSA_X931_PADDING,
+                .opt.value = &rsautl_config.pad,
+        },
+        {NULL},
+};
+static void
+rsautl_usage()
+{
+        fprintf(stderr,
+            "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] "
+            "[-hexdump]\n"
+            "    [-in file] [-inkey file] [-keyform der | pem]\n"
+            "    [-oaep | -pkcs | -raw] [-out file] [-pubin] [-sign]\n"
+            "    [-verify]\n\n");
+        options_usage(rsautl_options);
+}
 int
 rsautl_main(int argc, char **argv)
 {
        BIO *in = NULL, *out = NULL;
-        char *infile = NULL, *outfile = NULL;
-        char *keyfile = NULL;
-        char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
-        int keyform = FORMAT_PEM;
-        char need_priv = 0, badarg = 0, rev = 0;
-        char hexdump = 0, asn1parse = 0;
        X509 *x;
        EVP_PKEY *pkey = NULL;
        RSA *rsa = NULL;
-        unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+        unsigned char *rsa_in = NULL, *rsa_out = NULL;
-        char *passargin = NULL, *passin = NULL;
+        char *passin = NULL;
        int rsa_inlen, rsa_outlen = 0;
+        int need_priv = 0;
        int keysize;
        int ret = 1;
        if (single_execution) {
@@ -105,98 +251,44 @@ rsautl_main(int argc, char **argv)
                }
        }
-        argc--;
+        memset(&rsautl_config, 0, sizeof(rsautl_config));
-        argv++;
+        rsautl_config.keyform = FORMAT_PEM;
+        rsautl_config.key_type = KEY_PRIVKEY;
-        pad = RSA_PKCS1_PADDING;
+        rsautl_config.pad = RSA_PKCS1_PADDING;
+        rsautl_config.rsa_mode = RSA_VERIFY;
-        while (argc >= 1) {
-                if (!strcmp(*argv, "-in")) {
+        if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {
-                        if (--argc < 1)
+                rsautl_usage();
-                                badarg = 1;
+                return (1);
-                        else
-                                infile = *(++argv);
-                } else if (!strcmp(*argv, "-out")) {
-                        if (--argc < 1)
-                                badarg = 1;
-                        else
-                                outfile = *(++argv);
-                } else if (!strcmp(*argv, "-inkey")) {
-                        if (--argc < 1)
-                                badarg = 1;
-                        else
-                                keyfile = *(++argv);
-                } else if (!strcmp(*argv, "-passin")) {
-                        if (--argc < 1)
-                                badarg = 1;
-                        else
-                                passargin = *(++argv);
-                } else if (strcmp(*argv, "-keyform") == 0) {
-                        if (--argc < 1)
-                                badarg = 1;
-                        else
-                                keyform = str2fmt(*(++argv));
-                } else if (!strcmp(*argv, "-pubin")) {
-                        key_type = KEY_PUBKEY;
-                } else if (!strcmp(*argv, "-certin")) {
-                        key_type = KEY_CERT;
-                } else if (!strcmp(*argv, "-asn1parse"))
-                        asn1parse = 1;
-                else if (!strcmp(*argv, "-hexdump"))
-                        hexdump = 1;
-                else if (!strcmp(*argv, "-raw"))
-                        pad = RSA_NO_PADDING;
-                else if (!strcmp(*argv, "-oaep"))
-                        pad = RSA_PKCS1_OAEP_PADDING;
-                else if (!strcmp(*argv, "-pkcs"))
-                        pad = RSA_PKCS1_PADDING;
-                else if (!strcmp(*argv, "-x931"))
-                        pad = RSA_X931_PADDING;
-                else if (!strcmp(*argv, "-sign")) {
-                        rsa_mode = RSA_SIGN;
-                        need_priv = 1;
-                } else if (!strcmp(*argv, "-verify"))
-                        rsa_mode = RSA_VERIFY;
-                else if (!strcmp(*argv, "-rev"))
-                        rev = 1;
-                else if (!strcmp(*argv, "-encrypt"))
-                        rsa_mode = RSA_ENCRYPT;
-                else if (!strcmp(*argv, "-decrypt")) {
-                        rsa_mode = RSA_DECRYPT;
-                        need_priv = 1;
-                } else
-                        badarg = 1;
-                if (badarg) {
-                        usage();
-                        goto end;
-                }
-                argc--;
-                argv++;
        }
-        if (need_priv && (key_type != KEY_PRIVKEY)) {
+        if (rsautl_config.rsa_mode == RSA_SIGN ||
+            rsautl_config.rsa_mode == RSA_DECRYPT)
+                need_priv = 1;
+        if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) {
                BIO_printf(bio_err, "A private key is needed for this operation\n");
                goto end;
        }
-        if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+        if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) {
                BIO_printf(bio_err, "Error getting password\n");
                goto end;
        }
-        switch (key_type) {
+        switch (rsautl_config.key_type) {
        case KEY_PRIVKEY:
-                pkey = load_key(bio_err, keyfile, keyform, 0,
+                pkey = load_key(bio_err, rsautl_config.keyfile,
-                    passin, "Private Key");
+                    rsautl_config.keyform, 0, passin, "Private Key");
                break;
        case KEY_PUBKEY:
-                pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+                pkey = load_pubkey(bio_err, rsautl_config.keyfile,
-                    NULL, "Public Key");
+                    rsautl_config.keyform, 0, NULL, "Public Key");
                break;
        case KEY_CERT:
-                x = load_cert(bio_err, keyfile, keyform,
+                x = load_cert(bio_err, rsautl_config.keyfile,
-                    NULL, "Certificate");
+                    rsautl_config.keyform, NULL, "Certificate");
                if (x) {
                        pkey = X509_get_pubkey(x);
                        X509_free(x);
@@ -215,8 +307,8 @@ rsautl_main(int argc, char **argv)
                ERR_print_errors(bio_err);
                goto end;
        }
-        if (infile) {
+        if (rsautl_config.infile) {
-                if (!(in = BIO_new_file(infile, "rb"))) {
+                if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) {
                        BIO_printf(bio_err, "Error Reading Input File\n");
                        ERR_print_errors(bio_err);
                        goto end;
@@ -224,8 +316,8 @@ rsautl_main(int argc, char **argv)
        } else
                in = BIO_new_fp(stdin, BIO_NOCLOSE);
-        if (outfile) {
+        if (rsautl_config.outfile) {
-                if (!(out = BIO_new_file(outfile, "wb"))) {
+                if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) {
                        BIO_printf(bio_err, "Error Reading Output File\n");
                        ERR_print_errors(bio_err);
                        goto end;
@@ -253,7 +345,7 @@ rsautl_main(int argc, char **argv)
                BIO_printf(bio_err, "Error reading input Data\n");
                exit(1);
        }
-        if (rev) {
+        if (rsautl_config.rev) {
                int i;
                unsigned char ctmp;
                for (i = 0; i < rsa_inlen / 2; i++) {
@@ -262,24 +354,27 @@ rsautl_main(int argc, char **argv)
                        rsa_in[rsa_inlen - 1 - i] = ctmp;
                }
        }
-        switch (rsa_mode) {
+        switch (rsautl_config.rsa_mode) {
        case RSA_VERIFY:
-                rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,
+                    rsa, rsautl_config.pad);
                break;
        case RSA_SIGN:
-                rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,
+                    rsa, rsautl_config.pad);
                break;
        case RSA_ENCRYPT:
-                rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,
+                    rsa, rsautl_config.pad);
                break;
        case RSA_DECRYPT:
-                rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+                rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,
+                    rsa, rsautl_config.pad);
                break;
        }
        if (rsa_outlen <= 0) {
@@ -288,11 +383,11 @@ rsautl_main(int argc, char **argv)
                goto end;
        }
        ret = 0;
-        if (asn1parse) {
+        if (rsautl_config.asn1parse) {
                if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
                        ERR_print_errors(bio_err);
                }
-        } else if (hexdump)
+        } else if (rsautl_config.hexdump)
                BIO_dump(out, (char *) rsa_out, rsa_outlen);
        else
                BIO_write(out, rsa_out, rsa_outlen);
@@ -307,23 +402,3 @@ rsautl_main(int argc, char **argv)
        return ret;
 }
-static void
-usage()
-{
-        BIO_printf(bio_err, "Usage: rsautl [options]\n");
-        BIO_printf(bio_err, "-in file        input file\n");
-        BIO_printf(bio_err, "-out file       output file\n");
-        BIO_printf(bio_err, "-inkey file     input key\n");
-        BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
-        BIO_printf(bio_err, "-pubin          input is an RSA public\n");
-        BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
-        BIO_printf(bio_err, "-raw            use no padding\n");
-        BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
-        BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
-        BIO_printf(bio_err, "-sign           sign with private key\n");
-        BIO_printf(bio_err, "-verify         verify with public key\n");
-        BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
-        BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
-        BIO_printf(bio_err, "-hexdump        hex dump output\n");
-}

diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c index 65b10858b8..c3c3a82f8f 100644 --- a/src/usr.bin/openssl/rsautl.c +++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsautl.c,v 1.14 2019/01/29 10:17:56 tb Exp $ */	1	/* $OpenBSD: rsautl.c,v 1.15 2019/02/03 14:20:07 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -58,7 +58,6 @@
58		58
59	#include <openssl/opensslconf.h>	59	#include <openssl/opensslconf.h>
60		60
61
62	#include <string.h>	61	#include <string.h>
63		62
64	#include "apps.h"	63	#include "apps.h"
@@ -76,26 +75,173 @@
76	#define KEY_PUBKEY 2	75	#define KEY_PUBKEY 2
77	#define KEY_CERT 3	76	#define KEY_CERT 3
78		77
79	static void usage(void);	78	struct {
		79	int asn1parse;
		80	int hexdump;
		81	char *infile;
		82	char *keyfile;
		83	int keyform;
		84	int key_type;
		85	char *outfile;
		86	int pad;
		87	char *passargin;
		88	int rev;
		89	int rsa_mode;
		90	} rsautl_config;
		91
		92	struct option rsautl_options[] = {
		93	{
		94	.name = "asn1parse",
		95	.desc = "ASN.1 parse the output data",
		96	.type = OPTION_FLAG,
		97	.opt.flag = &rsautl_config.asn1parse,
		98	},
		99	{
		100	.name = "certin",
		101	.desc = "Input is a certificate containing an RSA public key",
		102	.type = OPTION_VALUE,
		103	.value = KEY_CERT,
		104	.opt.value = &rsautl_config.key_type,
		105	},
		106	{
		107	.name = "decrypt",
		108	.desc = "Decrypt the input data using RSA private key",
		109	.type = OPTION_VALUE,
		110	.value = RSA_DECRYPT,
		111	.opt.value = &rsautl_config.rsa_mode,
		112	},
		113	{
		114	.name = "encrypt",
		115	.desc = "Encrypt the input data using RSA public key",
		116	.type = OPTION_VALUE,
		117	.value = RSA_ENCRYPT,
		118	.opt.value = &rsautl_config.rsa_mode,
		119	},
		120	{
		121	.name = "hexdump",
		122	.desc = "Hex dump the output data",
		123	.type = OPTION_FLAG,
		124	.opt.flag = &rsautl_config.hexdump,
		125	},
		126	{
		127	.name = "in",
		128	.argname = "file",
		129	.desc = "Input file (default stdin)",
		130	.type = OPTION_ARG,
		131	.opt.arg = &rsautl_config.infile,
		132	},
		133	{
		134	.name = "inkey",
		135	.argname = "file",
		136	.desc = "Input key file",
		137	.type = OPTION_ARG,
		138	.opt.arg = &rsautl_config.keyfile,
		139	},
		140	{
		141	.name = "keyform",
		142	.argname = "fmt",
		143	.desc = "Input key format (DER, TXT or PEM (default))",
		144	.type = OPTION_ARG_FORMAT,
		145	.opt.value = &rsautl_config.keyform,
		146	},
		147	{
		148	.name = "oaep",
		149	.desc = "Use PKCS#1 OAEP padding",
		150	.type = OPTION_VALUE,
		151	.value = RSA_PKCS1_OAEP_PADDING,
		152	.opt.value = &rsautl_config.pad,
		153	},
		154	{
		155	.name = "out",
		156	.argname = "file",
		157	.desc = "Output file (default stdout)",
		158	.type = OPTION_ARG,
		159	.opt.arg = &rsautl_config.outfile,
		160	},
		161	{
		162	.name = "passin",
		163	.argname = "arg",
		164	.desc = "Key password source",
		165	.type = OPTION_ARG,
		166	.opt.arg = &rsautl_config.passargin,
		167	},
		168	{
		169	.name = "pkcs",
		170	.desc = "Use PKCS#1 v1.5 padding (default)",
		171	.type = OPTION_VALUE,
		172	.value = RSA_PKCS1_PADDING,
		173	.opt.value = &rsautl_config.pad,
		174	},
		175	{
		176	.name = "pubin",
		177	.desc = "Input is an RSA public key",
		178	.type = OPTION_VALUE,
		179	.value = KEY_PUBKEY,
		180	.opt.value = &rsautl_config.key_type,
		181	},
		182	{
		183	.name = "raw",
		184	.desc = "Use no padding",
		185	.type = OPTION_VALUE,
		186	.value = RSA_NO_PADDING,
		187	.opt.value = &rsautl_config.pad,
		188	},
		189	{
		190	.name = "rev",
		191	.desc = "Reverse the input data",
		192	.type = OPTION_FLAG,
		193	.opt.flag = &rsautl_config.rev,
		194	},
		195	{
		196	.name = "sign",
		197	.desc = "Sign the input data using RSA private key",
		198	.type = OPTION_VALUE,
		199	.value = RSA_SIGN,
		200	.opt.value = &rsautl_config.rsa_mode,
		201	},
		202	{
		203	.name = "verify",
		204	.desc = "Verify the input data using RSA public key",
		205	.type = OPTION_VALUE,
		206	.value = RSA_VERIFY,
		207	.opt.value = &rsautl_config.rsa_mode,
		208	},
		209	{
		210	.name = "x931",
		211	.desc = "Use X931 padding",
		212	.type = OPTION_VALUE,
		213	.value = RSA_X931_PADDING,
		214	.opt.value = &rsautl_config.pad,
		215	},
		216
		217	{NULL},
		218	};
		219
		220	static void
		221	rsautl_usage()
		222	{
		223	fprintf(stderr,
		224	"usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] "
		225	"[-hexdump]\n"
		226	" [-in file] [-inkey file] [-keyform der \| pem]\n"
		227	" [-oaep \| -pkcs \| -raw] [-out file] [-pubin] [-sign]\n"
		228	" [-verify]\n\n");
		229
		230	options_usage(rsautl_options);
		231	}
80		232
81	int	233	int
82	rsautl_main(int argc, char **argv)	234	rsautl_main(int argc, char **argv)
83	{	235	{
84	BIO in = NULL, out = NULL;	236	BIO in = NULL, out = NULL;
85	char infile = NULL, outfile = NULL;
86	char *keyfile = NULL;
87	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
88	int keyform = FORMAT_PEM;
89	char need_priv = 0, badarg = 0, rev = 0;
90	char hexdump = 0, asn1parse = 0;
91	X509 *x;	237	X509 *x;
92	EVP_PKEY *pkey = NULL;	238	EVP_PKEY *pkey = NULL;
93	RSA *rsa = NULL;	239	RSA *rsa = NULL;
94	unsigned char rsa_in = NULL, rsa_out = NULL, pad;	240	unsigned char rsa_in = NULL, rsa_out = NULL;
95	char passargin = NULL, passin = NULL;	241	char *passin = NULL;
96	int rsa_inlen, rsa_outlen = 0;	242	int rsa_inlen, rsa_outlen = 0;
		243	int need_priv = 0;
97	int keysize;	244	int keysize;
98
99	int ret = 1;	245	int ret = 1;
100		246
101	if (single_execution) {	247	if (single_execution) {
@@ -105,98 +251,44 @@ rsautl_main(int argc, char **argv)
105	}	251	}
106	}	252	}
107		253
108	argc--;	254	memset(&rsautl_config, 0, sizeof(rsautl_config));
109	argv++;	255	rsautl_config.keyform = FORMAT_PEM;
110		256	rsautl_config.key_type = KEY_PRIVKEY;
111	pad = RSA_PKCS1_PADDING;	257	rsautl_config.pad = RSA_PKCS1_PADDING;
112		258	rsautl_config.rsa_mode = RSA_VERIFY;
113	while (argc >= 1) {	259
114	if (!strcmp(*argv, "-in")) {	260	if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {
115	if (--argc < 1)	261	rsautl_usage();
116	badarg = 1;	262	return (1);
117	else
118	infile = *(++argv);
119	} else if (!strcmp(*argv, "-out")) {
120	if (--argc < 1)
121	badarg = 1;
122	else
123	outfile = *(++argv);
124	} else if (!strcmp(*argv, "-inkey")) {
125	if (--argc < 1)
126	badarg = 1;
127	else
128	keyfile = *(++argv);
129	} else if (!strcmp(*argv, "-passin")) {
130	if (--argc < 1)
131	badarg = 1;
132	else
133	passargin = *(++argv);
134	} else if (strcmp(*argv, "-keyform") == 0) {
135	if (--argc < 1)
136	badarg = 1;
137	else
138	keyform = str2fmt(*(++argv));
139	} else if (!strcmp(*argv, "-pubin")) {
140	key_type = KEY_PUBKEY;
141	} else if (!strcmp(*argv, "-certin")) {
142	key_type = KEY_CERT;
143	} else if (!strcmp(*argv, "-asn1parse"))
144	asn1parse = 1;
145	else if (!strcmp(*argv, "-hexdump"))
146	hexdump = 1;
147	else if (!strcmp(*argv, "-raw"))
148	pad = RSA_NO_PADDING;
149	else if (!strcmp(*argv, "-oaep"))
150	pad = RSA_PKCS1_OAEP_PADDING;
151	else if (!strcmp(*argv, "-pkcs"))
152	pad = RSA_PKCS1_PADDING;
153	else if (!strcmp(*argv, "-x931"))
154	pad = RSA_X931_PADDING;
155	else if (!strcmp(*argv, "-sign")) {
156	rsa_mode = RSA_SIGN;
157	need_priv = 1;
158	} else if (!strcmp(*argv, "-verify"))
159	rsa_mode = RSA_VERIFY;
160	else if (!strcmp(*argv, "-rev"))
161	rev = 1;
162	else if (!strcmp(*argv, "-encrypt"))
163	rsa_mode = RSA_ENCRYPT;
164	else if (!strcmp(*argv, "-decrypt")) {
165	rsa_mode = RSA_DECRYPT;
166	need_priv = 1;
167	} else
168	badarg = 1;
169	if (badarg) {
170	usage();
171	goto end;
172	}
173	argc--;
174	argv++;
175	}	263	}
176		264
177	if (need_priv && (key_type != KEY_PRIVKEY)) {	265	if (rsautl_config.rsa_mode == RSA_SIGN \|\|
		266	rsautl_config.rsa_mode == RSA_DECRYPT)
		267	need_priv = 1;
		268
		269	if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) {
178	BIO_printf(bio_err, "A private key is needed for this operation\n");	270	BIO_printf(bio_err, "A private key is needed for this operation\n");
179	goto end;	271	goto end;
180	}	272	}
181	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {	273	if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) {
182	BIO_printf(bio_err, "Error getting password\n");	274	BIO_printf(bio_err, "Error getting password\n");
183	goto end;	275	goto end;
184	}	276	}
185		277
186	switch (key_type) {	278	switch (rsautl_config.key_type) {
187	case KEY_PRIVKEY:	279	case KEY_PRIVKEY:
188	pkey = load_key(bio_err, keyfile, keyform, 0,	280	pkey = load_key(bio_err, rsautl_config.keyfile,
189	passin, "Private Key");	281	rsautl_config.keyform, 0, passin, "Private Key");
190	break;	282	break;
191		283
192	case KEY_PUBKEY:	284	case KEY_PUBKEY:
193	pkey = load_pubkey(bio_err, keyfile, keyform, 0,	285	pkey = load_pubkey(bio_err, rsautl_config.keyfile,
194	NULL, "Public Key");	286	rsautl_config.keyform, 0, NULL, "Public Key");
195	break;	287	break;
196		288
197	case KEY_CERT:	289	case KEY_CERT:
198	x = load_cert(bio_err, keyfile, keyform,	290	x = load_cert(bio_err, rsautl_config.keyfile,
199	NULL, "Certificate");	291	rsautl_config.keyform, NULL, "Certificate");
200	if (x) {	292	if (x) {
201	pkey = X509_get_pubkey(x);	293	pkey = X509_get_pubkey(x);
202	X509_free(x);	294	X509_free(x);
@@ -215,8 +307,8 @@ rsautl_main(int argc, char **argv)
215	ERR_print_errors(bio_err);	307	ERR_print_errors(bio_err);
216	goto end;	308	goto end;
217	}	309	}
218	if (infile) {	310	if (rsautl_config.infile) {
219	if (!(in = BIO_new_file(infile, "rb"))) {	311	if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) {
220	BIO_printf(bio_err, "Error Reading Input File\n");	312	BIO_printf(bio_err, "Error Reading Input File\n");
221	ERR_print_errors(bio_err);	313	ERR_print_errors(bio_err);
222	goto end;	314	goto end;
@@ -224,8 +316,8 @@ rsautl_main(int argc, char **argv)
224	} else	316	} else
225	in = BIO_new_fp(stdin, BIO_NOCLOSE);	317	in = BIO_new_fp(stdin, BIO_NOCLOSE);
226		318
227	if (outfile) {	319	if (rsautl_config.outfile) {
228	if (!(out = BIO_new_file(outfile, "wb"))) {	320	if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) {
229	BIO_printf(bio_err, "Error Reading Output File\n");	321	BIO_printf(bio_err, "Error Reading Output File\n");
230	ERR_print_errors(bio_err);	322	ERR_print_errors(bio_err);
231	goto end;	323	goto end;
@@ -253,7 +345,7 @@ rsautl_main(int argc, char **argv)
253	BIO_printf(bio_err, "Error reading input Data\n");	345	BIO_printf(bio_err, "Error reading input Data\n");
254	exit(1);	346	exit(1);
255	}	347	}
256	if (rev) {	348	if (rsautl_config.rev) {
257	int i;	349	int i;
258	unsigned char ctmp;	350	unsigned char ctmp;
259	for (i = 0; i < rsa_inlen / 2; i++) {	351	for (i = 0; i < rsa_inlen / 2; i++) {
@@ -262,24 +354,27 @@ rsautl_main(int argc, char **argv)
262	rsa_in[rsa_inlen - 1 - i] = ctmp;	354	rsa_in[rsa_inlen - 1 - i] = ctmp;
263	}	355	}
264	}	356	}
265	switch (rsa_mode) {
266		357
		358	switch (rsautl_config.rsa_mode) {
267	case RSA_VERIFY:	359	case RSA_VERIFY:
268	rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);	360	rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,
		361	rsa, rsautl_config.pad);
269	break;	362	break;
270		363
271	case RSA_SIGN:	364	case RSA_SIGN:
272	rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);	365	rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,
		366	rsa, rsautl_config.pad);
273	break;	367	break;
274		368
275	case RSA_ENCRYPT:	369	case RSA_ENCRYPT:
276	rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);	370	rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,
		371	rsa, rsautl_config.pad);
277	break;	372	break;
278		373
279	case RSA_DECRYPT:	374	case RSA_DECRYPT:
280	rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);	375	rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,
		376	rsa, rsautl_config.pad);
281	break;	377	break;
282
283	}	378	}
284		379
285	if (rsa_outlen <= 0) {	380	if (rsa_outlen <= 0) {
@@ -288,11 +383,11 @@ rsautl_main(int argc, char **argv)
288	goto end;	383	goto end;
289	}	384	}
290	ret = 0;	385	ret = 0;
291	if (asn1parse) {	386	if (rsautl_config.asn1parse) {
292	if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {	387	if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
293	ERR_print_errors(bio_err);	388	ERR_print_errors(bio_err);
294	}	389	}
295	} else if (hexdump)	390	} else if (rsautl_config.hexdump)
296	BIO_dump(out, (char *) rsa_out, rsa_outlen);	391	BIO_dump(out, (char *) rsa_out, rsa_outlen);
297	else	392	else
298	BIO_write(out, rsa_out, rsa_outlen);	393	BIO_write(out, rsa_out, rsa_outlen);
@@ -307,23 +402,3 @@ rsautl_main(int argc, char **argv)
307		402
308	return ret;	403	return ret;
309	}	404	}
310
311	static void
312	usage()
313	{
314	BIO_printf(bio_err, "Usage: rsautl [options]\n");
315	BIO_printf(bio_err, "-in file input file\n");
316	BIO_printf(bio_err, "-out file output file\n");
317	BIO_printf(bio_err, "-inkey file input key\n");
318	BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
319	BIO_printf(bio_err, "-pubin input is an RSA public\n");
320	BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
321	BIO_printf(bio_err, "-raw use no padding\n");
322	BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
323	BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
324	BIO_printf(bio_err, "-sign sign with private key\n");
325	BIO_printf(bio_err, "-verify verify with public key\n");
326	BIO_printf(bio_err, "-encrypt encrypt with public key\n");
327	BIO_printf(bio_err, "-decrypt decrypt with private key\n");
328	BIO_printf(bio_err, "-hexdump hex dump output\n");
329	}