summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/rsautl.c317
1 files changed, 196 insertions, 121 deletions
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 65b10858b8..c3c3a82f8f 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsautl.c,v 1.14 2019/01/29 10:17:56 tb Exp $ */ 1/* $OpenBSD: rsautl.c,v 1.15 2019/02/03 14:20:07 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -58,7 +58,6 @@
58 58
59#include <openssl/opensslconf.h> 59#include <openssl/opensslconf.h>
60 60
61
62#include <string.h> 61#include <string.h>
63 62
64#include "apps.h" 63#include "apps.h"
@@ -76,26 +75,173 @@
76#define KEY_PUBKEY 2 75#define KEY_PUBKEY 2
77#define KEY_CERT 3 76#define KEY_CERT 3
78 77
79static void usage(void); 78struct {
79 int asn1parse;
80 int hexdump;
81 char *infile;
82 char *keyfile;
83 int keyform;
84 int key_type;
85 char *outfile;
86 int pad;
87 char *passargin;
88 int rev;
89 int rsa_mode;
90} rsautl_config;
91
92struct option rsautl_options[] = {
93 {
94 .name = "asn1parse",
95 .desc = "ASN.1 parse the output data",
96 .type = OPTION_FLAG,
97 .opt.flag = &rsautl_config.asn1parse,
98 },
99 {
100 .name = "certin",
101 .desc = "Input is a certificate containing an RSA public key",
102 .type = OPTION_VALUE,
103 .value = KEY_CERT,
104 .opt.value = &rsautl_config.key_type,
105 },
106 {
107 .name = "decrypt",
108 .desc = "Decrypt the input data using RSA private key",
109 .type = OPTION_VALUE,
110 .value = RSA_DECRYPT,
111 .opt.value = &rsautl_config.rsa_mode,
112 },
113 {
114 .name = "encrypt",
115 .desc = "Encrypt the input data using RSA public key",
116 .type = OPTION_VALUE,
117 .value = RSA_ENCRYPT,
118 .opt.value = &rsautl_config.rsa_mode,
119 },
120 {
121 .name = "hexdump",
122 .desc = "Hex dump the output data",
123 .type = OPTION_FLAG,
124 .opt.flag = &rsautl_config.hexdump,
125 },
126 {
127 .name = "in",
128 .argname = "file",
129 .desc = "Input file (default stdin)",
130 .type = OPTION_ARG,
131 .opt.arg = &rsautl_config.infile,
132 },
133 {
134 .name = "inkey",
135 .argname = "file",
136 .desc = "Input key file",
137 .type = OPTION_ARG,
138 .opt.arg = &rsautl_config.keyfile,
139 },
140 {
141 .name = "keyform",
142 .argname = "fmt",
143 .desc = "Input key format (DER, TXT or PEM (default))",
144 .type = OPTION_ARG_FORMAT,
145 .opt.value = &rsautl_config.keyform,
146 },
147 {
148 .name = "oaep",
149 .desc = "Use PKCS#1 OAEP padding",
150 .type = OPTION_VALUE,
151 .value = RSA_PKCS1_OAEP_PADDING,
152 .opt.value = &rsautl_config.pad,
153 },
154 {
155 .name = "out",
156 .argname = "file",
157 .desc = "Output file (default stdout)",
158 .type = OPTION_ARG,
159 .opt.arg = &rsautl_config.outfile,
160 },
161 {
162 .name = "passin",
163 .argname = "arg",
164 .desc = "Key password source",
165 .type = OPTION_ARG,
166 .opt.arg = &rsautl_config.passargin,
167 },
168 {
169 .name = "pkcs",
170 .desc = "Use PKCS#1 v1.5 padding (default)",
171 .type = OPTION_VALUE,
172 .value = RSA_PKCS1_PADDING,
173 .opt.value = &rsautl_config.pad,
174 },
175 {
176 .name = "pubin",
177 .desc = "Input is an RSA public key",
178 .type = OPTION_VALUE,
179 .value = KEY_PUBKEY,
180 .opt.value = &rsautl_config.key_type,
181 },
182 {
183 .name = "raw",
184 .desc = "Use no padding",
185 .type = OPTION_VALUE,
186 .value = RSA_NO_PADDING,
187 .opt.value = &rsautl_config.pad,
188 },
189 {
190 .name = "rev",
191 .desc = "Reverse the input data",
192 .type = OPTION_FLAG,
193 .opt.flag = &rsautl_config.rev,
194 },
195 {
196 .name = "sign",
197 .desc = "Sign the input data using RSA private key",
198 .type = OPTION_VALUE,
199 .value = RSA_SIGN,
200 .opt.value = &rsautl_config.rsa_mode,
201 },
202 {
203 .name = "verify",
204 .desc = "Verify the input data using RSA public key",
205 .type = OPTION_VALUE,
206 .value = RSA_VERIFY,
207 .opt.value = &rsautl_config.rsa_mode,
208 },
209 {
210 .name = "x931",
211 .desc = "Use X931 padding",
212 .type = OPTION_VALUE,
213 .value = RSA_X931_PADDING,
214 .opt.value = &rsautl_config.pad,
215 },
216
217 {NULL},
218};
219
220static void
221rsautl_usage()
222{
223 fprintf(stderr,
224 "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] "
225 "[-hexdump]\n"
226 " [-in file] [-inkey file] [-keyform der | pem]\n"
227 " [-oaep | -pkcs | -raw] [-out file] [-pubin] [-sign]\n"
228 " [-verify]\n\n");
229
230 options_usage(rsautl_options);
231}
80 232
81int 233int
82rsautl_main(int argc, char **argv) 234rsautl_main(int argc, char **argv)
83{ 235{
84 BIO *in = NULL, *out = NULL; 236 BIO *in = NULL, *out = NULL;
85 char *infile = NULL, *outfile = NULL;
86 char *keyfile = NULL;
87 char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
88 int keyform = FORMAT_PEM;
89 char need_priv = 0, badarg = 0, rev = 0;
90 char hexdump = 0, asn1parse = 0;
91 X509 *x; 237 X509 *x;
92 EVP_PKEY *pkey = NULL; 238 EVP_PKEY *pkey = NULL;
93 RSA *rsa = NULL; 239 RSA *rsa = NULL;
94 unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; 240 unsigned char *rsa_in = NULL, *rsa_out = NULL;
95 char *passargin = NULL, *passin = NULL; 241 char *passin = NULL;
96 int rsa_inlen, rsa_outlen = 0; 242 int rsa_inlen, rsa_outlen = 0;
243 int need_priv = 0;
97 int keysize; 244 int keysize;
98
99 int ret = 1; 245 int ret = 1;
100 246
101 if (single_execution) { 247 if (single_execution) {
@@ -105,98 +251,44 @@ rsautl_main(int argc, char **argv)
105 } 251 }
106 } 252 }
107 253
108 argc--; 254 memset(&rsautl_config, 0, sizeof(rsautl_config));
109 argv++; 255 rsautl_config.keyform = FORMAT_PEM;
110 256 rsautl_config.key_type = KEY_PRIVKEY;
111 pad = RSA_PKCS1_PADDING; 257 rsautl_config.pad = RSA_PKCS1_PADDING;
112 258 rsautl_config.rsa_mode = RSA_VERIFY;
113 while (argc >= 1) { 259
114 if (!strcmp(*argv, "-in")) { 260 if (options_parse(argc, argv, rsautl_options, NULL, NULL) != 0) {
115 if (--argc < 1) 261 rsautl_usage();
116 badarg = 1; 262 return (1);
117 else
118 infile = *(++argv);
119 } else if (!strcmp(*argv, "-out")) {
120 if (--argc < 1)
121 badarg = 1;
122 else
123 outfile = *(++argv);
124 } else if (!strcmp(*argv, "-inkey")) {
125 if (--argc < 1)
126 badarg = 1;
127 else
128 keyfile = *(++argv);
129 } else if (!strcmp(*argv, "-passin")) {
130 if (--argc < 1)
131 badarg = 1;
132 else
133 passargin = *(++argv);
134 } else if (strcmp(*argv, "-keyform") == 0) {
135 if (--argc < 1)
136 badarg = 1;
137 else
138 keyform = str2fmt(*(++argv));
139 } else if (!strcmp(*argv, "-pubin")) {
140 key_type = KEY_PUBKEY;
141 } else if (!strcmp(*argv, "-certin")) {
142 key_type = KEY_CERT;
143 } else if (!strcmp(*argv, "-asn1parse"))
144 asn1parse = 1;
145 else if (!strcmp(*argv, "-hexdump"))
146 hexdump = 1;
147 else if (!strcmp(*argv, "-raw"))
148 pad = RSA_NO_PADDING;
149 else if (!strcmp(*argv, "-oaep"))
150 pad = RSA_PKCS1_OAEP_PADDING;
151 else if (!strcmp(*argv, "-pkcs"))
152 pad = RSA_PKCS1_PADDING;
153 else if (!strcmp(*argv, "-x931"))
154 pad = RSA_X931_PADDING;
155 else if (!strcmp(*argv, "-sign")) {
156 rsa_mode = RSA_SIGN;
157 need_priv = 1;
158 } else if (!strcmp(*argv, "-verify"))
159 rsa_mode = RSA_VERIFY;
160 else if (!strcmp(*argv, "-rev"))
161 rev = 1;
162 else if (!strcmp(*argv, "-encrypt"))
163 rsa_mode = RSA_ENCRYPT;
164 else if (!strcmp(*argv, "-decrypt")) {
165 rsa_mode = RSA_DECRYPT;
166 need_priv = 1;
167 } else
168 badarg = 1;
169 if (badarg) {
170 usage();
171 goto end;
172 }
173 argc--;
174 argv++;
175 } 263 }
176 264
177 if (need_priv && (key_type != KEY_PRIVKEY)) { 265 if (rsautl_config.rsa_mode == RSA_SIGN ||
266 rsautl_config.rsa_mode == RSA_DECRYPT)
267 need_priv = 1;
268
269 if (need_priv && rsautl_config.key_type != KEY_PRIVKEY) {
178 BIO_printf(bio_err, "A private key is needed for this operation\n"); 270 BIO_printf(bio_err, "A private key is needed for this operation\n");
179 goto end; 271 goto end;
180 } 272 }
181 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 273 if (!app_passwd(bio_err, rsautl_config.passargin, NULL, &passin, NULL)) {
182 BIO_printf(bio_err, "Error getting password\n"); 274 BIO_printf(bio_err, "Error getting password\n");
183 goto end; 275 goto end;
184 } 276 }
185 277
186 switch (key_type) { 278 switch (rsautl_config.key_type) {
187 case KEY_PRIVKEY: 279 case KEY_PRIVKEY:
188 pkey = load_key(bio_err, keyfile, keyform, 0, 280 pkey = load_key(bio_err, rsautl_config.keyfile,
189 passin, "Private Key"); 281 rsautl_config.keyform, 0, passin, "Private Key");
190 break; 282 break;
191 283
192 case KEY_PUBKEY: 284 case KEY_PUBKEY:
193 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 285 pkey = load_pubkey(bio_err, rsautl_config.keyfile,
194 NULL, "Public Key"); 286 rsautl_config.keyform, 0, NULL, "Public Key");
195 break; 287 break;
196 288
197 case KEY_CERT: 289 case KEY_CERT:
198 x = load_cert(bio_err, keyfile, keyform, 290 x = load_cert(bio_err, rsautl_config.keyfile,
199 NULL, "Certificate"); 291 rsautl_config.keyform, NULL, "Certificate");
200 if (x) { 292 if (x) {
201 pkey = X509_get_pubkey(x); 293 pkey = X509_get_pubkey(x);
202 X509_free(x); 294 X509_free(x);
@@ -215,8 +307,8 @@ rsautl_main(int argc, char **argv)
215 ERR_print_errors(bio_err); 307 ERR_print_errors(bio_err);
216 goto end; 308 goto end;
217 } 309 }
218 if (infile) { 310 if (rsautl_config.infile) {
219 if (!(in = BIO_new_file(infile, "rb"))) { 311 if (!(in = BIO_new_file(rsautl_config.infile, "rb"))) {
220 BIO_printf(bio_err, "Error Reading Input File\n"); 312 BIO_printf(bio_err, "Error Reading Input File\n");
221 ERR_print_errors(bio_err); 313 ERR_print_errors(bio_err);
222 goto end; 314 goto end;
@@ -224,8 +316,8 @@ rsautl_main(int argc, char **argv)
224 } else 316 } else
225 in = BIO_new_fp(stdin, BIO_NOCLOSE); 317 in = BIO_new_fp(stdin, BIO_NOCLOSE);
226 318
227 if (outfile) { 319 if (rsautl_config.outfile) {
228 if (!(out = BIO_new_file(outfile, "wb"))) { 320 if (!(out = BIO_new_file(rsautl_config.outfile, "wb"))) {
229 BIO_printf(bio_err, "Error Reading Output File\n"); 321 BIO_printf(bio_err, "Error Reading Output File\n");
230 ERR_print_errors(bio_err); 322 ERR_print_errors(bio_err);
231 goto end; 323 goto end;
@@ -253,7 +345,7 @@ rsautl_main(int argc, char **argv)
253 BIO_printf(bio_err, "Error reading input Data\n"); 345 BIO_printf(bio_err, "Error reading input Data\n");
254 exit(1); 346 exit(1);
255 } 347 }
256 if (rev) { 348 if (rsautl_config.rev) {
257 int i; 349 int i;
258 unsigned char ctmp; 350 unsigned char ctmp;
259 for (i = 0; i < rsa_inlen / 2; i++) { 351 for (i = 0; i < rsa_inlen / 2; i++) {
@@ -262,24 +354,27 @@ rsautl_main(int argc, char **argv)
262 rsa_in[rsa_inlen - 1 - i] = ctmp; 354 rsa_in[rsa_inlen - 1 - i] = ctmp;
263 } 355 }
264 } 356 }
265 switch (rsa_mode) {
266 357
358 switch (rsautl_config.rsa_mode) {
267 case RSA_VERIFY: 359 case RSA_VERIFY:
268 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 360 rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out,
361 rsa, rsautl_config.pad);
269 break; 362 break;
270 363
271 case RSA_SIGN: 364 case RSA_SIGN:
272 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 365 rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out,
366 rsa, rsautl_config.pad);
273 break; 367 break;
274 368
275 case RSA_ENCRYPT: 369 case RSA_ENCRYPT:
276 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 370 rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out,
371 rsa, rsautl_config.pad);
277 break; 372 break;
278 373
279 case RSA_DECRYPT: 374 case RSA_DECRYPT:
280 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); 375 rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out,
376 rsa, rsautl_config.pad);
281 break; 377 break;
282
283 } 378 }
284 379
285 if (rsa_outlen <= 0) { 380 if (rsa_outlen <= 0) {
@@ -288,11 +383,11 @@ rsautl_main(int argc, char **argv)
288 goto end; 383 goto end;
289 } 384 }
290 ret = 0; 385 ret = 0;
291 if (asn1parse) { 386 if (rsautl_config.asn1parse) {
292 if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { 387 if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
293 ERR_print_errors(bio_err); 388 ERR_print_errors(bio_err);
294 } 389 }
295 } else if (hexdump) 390 } else if (rsautl_config.hexdump)
296 BIO_dump(out, (char *) rsa_out, rsa_outlen); 391 BIO_dump(out, (char *) rsa_out, rsa_outlen);
297 else 392 else
298 BIO_write(out, rsa_out, rsa_outlen); 393 BIO_write(out, rsa_out, rsa_outlen);
@@ -307,23 +402,3 @@ rsautl_main(int argc, char **argv)
307 402
308 return ret; 403 return ret;
309} 404}
310
311static void
312usage()
313{
314 BIO_printf(bio_err, "Usage: rsautl [options]\n");
315 BIO_printf(bio_err, "-in file input file\n");
316 BIO_printf(bio_err, "-out file output file\n");
317 BIO_printf(bio_err, "-inkey file input key\n");
318 BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
319 BIO_printf(bio_err, "-pubin input is an RSA public\n");
320 BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
321 BIO_printf(bio_err, "-raw use no padding\n");
322 BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
323 BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
324 BIO_printf(bio_err, "-sign sign with private key\n");
325 BIO_printf(bio_err, "-verify verify with public key\n");
326 BIO_printf(bio_err, "-encrypt encrypt with public key\n");
327 BIO_printf(bio_err, "-decrypt decrypt with private key\n");
328 BIO_printf(bio_err, "-hexdump hex dump output\n");
329}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 06:50:47 +0000