search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
autofs: disable by default
[unleashed.git] / bin / openssl / rsa.c
blob09fe8ef0d6a611f6027c0f022b59c0d6e5eed608
1 /* $OpenBSD: rsa.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <openssl/opensslconf.h>
60
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <time.h>
65
66 #include "apps.h"
67 #include "progs.h"
68
69 #include <openssl/bio.h>
70 #include <openssl/bn.h>
71 #include <openssl/err.h>
72 #include <openssl/evp.h>
73 #include <openssl/pem.h>
74 #include <openssl/rsa.h>
75 #include <openssl/x509.h>
76
77 static struct {
78 int check;
79 const EVP_CIPHER *enc;
80 char *infile;
81 int informat;
82 int modulus;
83 int noout;
84 char *outfile;
85 int outformat;
86 char *passargin;
87 char *passargout;
88 int pubin;
89 int pubout;
90 int pvk_encr;
91 int sgckey;
92 int text;
93 } rsa_config;
94
95 static int
96 rsa_opt_cipher(int argc, char **argv, int *argsused)
97 {
98 char *name = argv[0];
99
100 if (*name++ != '-')
101 return (1);
102
103 if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) {
104 fprintf(stderr, "Invalid cipher '%s'\n", name);
105 return (1);
106 }
107
108 *argsused = 1;
109 return (0);
110 }
111
112 static struct option rsa_options[] = {
113 {
114 .name = "check",
115 .desc = "Check consistency of RSA private key",
116 .type = OPTION_FLAG,
117 .opt.flag = &rsa_config.check,
118 },
119 {
120 .name = "in",
121 .argname = "file",
122 .desc = "Input file (default stdin)",
123 .type = OPTION_ARG,
124 .opt.arg = &rsa_config.infile,
125 },
126 {
127 .name = "inform",
128 .argname = "format",
129 .desc = "Input format (DER, NET or PEM (default))",
130 .type = OPTION_ARG_FORMAT,
131 .opt.value = &rsa_config.informat,
132 },
133 {
134 .name = "modulus",
135 .desc = "Print the RSA key modulus",
136 .type = OPTION_FLAG,
137 .opt.flag = &rsa_config.modulus,
138 },
139 {
140 .name = "noout",
141 .desc = "Do not print encoded version of the key",
142 .type = OPTION_FLAG,
143 .opt.flag = &rsa_config.noout,
144 },
145 {
146 .name = "out",
147 .argname = "file",
148 .desc = "Output file (default stdout)",
149 .type = OPTION_ARG,
150 .opt.arg = &rsa_config.outfile,
151 },
152 {
153 .name = "outform",
154 .argname = "format",
155 .desc = "Output format (DER, NET or PEM (default PEM))",
156 .type = OPTION_ARG_FORMAT,
157 .opt.value = &rsa_config.outformat,
158 },
159 {
160 .name = "passin",
161 .argname = "src",
162 .desc = "Input file passphrase source",
163 .type = OPTION_ARG,
164 .opt.arg = &rsa_config.passargin,
165 },
166 {
167 .name = "passout",
168 .argname = "src",
169 .desc = "Output file passphrase source",
170 .type = OPTION_ARG,
171 .opt.arg = &rsa_config.passargout,
172 },
173 {
174 .name = "pubin",
175 .desc = "Expect a public key (default private key)",
176 .type = OPTION_VALUE,
177 .value = 1,
178 .opt.value = &rsa_config.pubin,
179 },
180 {
181 .name = "pubout",
182 .desc = "Output a public key (default private key)",
183 .type = OPTION_VALUE,
184 .value = 1,
185 .opt.value = &rsa_config.pubout,
186 },
187 {
188 .name = "pvk-none",
189 .type = OPTION_VALUE,
190 .value = 0,
191 .opt.value = &rsa_config.pvk_encr,
192 },
193 {
194 .name = "pvk-strong",
195 .type = OPTION_VALUE,
196 .value = 2,
197 .opt.value = &rsa_config.pvk_encr,
198 },
199 {
200 .name = "pvk-weak",
201 .type = OPTION_VALUE,
202 .value = 1,
203 .opt.value = &rsa_config.pvk_encr,
204 },
205 {
206 .name = "RSAPublicKey_in",
207 .type = OPTION_VALUE,
208 .value = 2,
209 .opt.value = &rsa_config.pubin,
210 },
211 {
212 .name = "RSAPublicKey_out",
213 .type = OPTION_VALUE,
214 .value = 2,
215 .opt.value = &rsa_config.pubout,
216 },
217 {
218 .name = "sgckey",
219 .desc = "Use modified NET algorithm for IIS and SGC keys",
220 .type = OPTION_FLAG,
221 .opt.flag = &rsa_config.sgckey,
222 },
223 {
224 .name = "text",
225 .desc = "Print in plain text in addition to encoded",
226 .type = OPTION_FLAG,
227 .opt.flag = &rsa_config.text,
228 },
229 {
230 .name = NULL,
231 .type = OPTION_ARGV_FUNC,
232 .opt.argvfunc = rsa_opt_cipher,
233 },
234 { NULL }
235 };
236
237 static void
238 show_ciphers(const OBJ_NAME *name, void *arg)
239 {
240 static int n;
241
242 fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n"));
243 }
244
245 static void
246 rsa_usage()
247 {
248 fprintf(stderr,
249 "usage: rsa [-ciphername] [-check] [-in file] "
250 "[-inform fmt]\n"
251 " [-modulus] [-noout] [-out file] [-outform fmt] "
252 "[-passin src]\n"
253 " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
254 options_usage(rsa_options);
255 fprintf(stderr, "\n");
256
257 fprintf(stderr, "Valid ciphername values:\n\n");
258 OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL);
259 fprintf(stderr, "\n");
260 }
261
262 int
263 rsa_main(int argc, char **argv)
264 {
265 int ret = 1;
266 RSA *rsa = NULL;
267 int i;
268 BIO *out = NULL;
269 char *passin = NULL, *passout = NULL;
270
271 if (single_execution) {
272 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
273 perror("pledge");
274 exit(1);
275 }
276 }
277
278 memset(&rsa_config, 0, sizeof(rsa_config));
279 rsa_config.pvk_encr = 2;
280 rsa_config.informat = FORMAT_PEM;
281 rsa_config.outformat = FORMAT_PEM;
282
283 if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
284 rsa_usage();
285 goto end;
286 }
287
288 if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
289 &passin, &passout)) {
290 BIO_printf(bio_err, "Error getting passwords\n");
291 goto end;
292 }
293 if (rsa_config.check && rsa_config.pubin) {
294 BIO_printf(bio_err, "Only private keys can be checked\n");
295 goto end;
296 }
297 out = BIO_new(BIO_s_file());
298
299 {
300 EVP_PKEY *pkey;
301
302 if (rsa_config.pubin) {
303 int tmpformat = -1;
304 if (rsa_config.pubin == 2) {
305 if (rsa_config.informat == FORMAT_PEM)
306 tmpformat = FORMAT_PEMRSA;
307 else if (rsa_config.informat == FORMAT_ASN1)
308 tmpformat = FORMAT_ASN1RSA;
309 } else if (rsa_config.informat == FORMAT_NETSCAPE &&
310 rsa_config.sgckey)
311 tmpformat = FORMAT_IISSGC;
312 else
313 tmpformat = rsa_config.informat;
314
315 pkey = load_pubkey(bio_err, rsa_config.infile,
316 tmpformat, 1, passin, "Public Key");
317 } else
318 pkey = load_key(bio_err, rsa_config.infile,
319 (rsa_config.informat == FORMAT_NETSCAPE &&
320 rsa_config.sgckey ? FORMAT_IISSGC :
321 rsa_config.informat), 1, passin, "Private Key");
322
323 if (pkey != NULL)
324 rsa = EVP_PKEY_get1_RSA(pkey);
325 EVP_PKEY_free(pkey);
326 }
327
328 if (rsa == NULL) {
329 ERR_print_errors(bio_err);
330 goto end;
331 }
332 if (rsa_config.outfile == NULL) {
333 BIO_set_fp(out, stdout, BIO_NOCLOSE);
334 } else {
335 if (BIO_write_filename(out, rsa_config.outfile) <= 0) {
336 perror(rsa_config.outfile);
337 goto end;
338 }
339 }
340
341 if (rsa_config.text)
342 if (!RSA_print(out, rsa, 0)) {
343 perror(rsa_config.outfile);
344 ERR_print_errors(bio_err);
345 goto end;
346 }
347 if (rsa_config.modulus) {
348 BIO_printf(out, "Modulus=");
349 BN_print(out, rsa->n);
350 BIO_printf(out, "\n");
351 }
352 if (rsa_config.check) {
353 int r = RSA_check_key(rsa);
354
355 if (r == 1)
356 BIO_printf(out, "RSA key ok\n");
357 else if (r == 0) {
358 unsigned long err;
359
360 while ((err = ERR_peek_error()) != 0 &&
361 ERR_GET_LIB(err) == ERR_LIB_RSA &&
362 ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
363 ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
364 BIO_printf(out, "RSA key error: %s\n",
365 ERR_reason_error_string(err));
366 ERR_get_error(); /* remove e from error
367 * stack */
368 }
369 }
370 if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
371 * r == -1 */
372 ERR_print_errors(bio_err);
373 goto end;
374 }
375 }
376 if (rsa_config.noout) {
377 ret = 0;
378 goto end;
379 }
380 BIO_printf(bio_err, "writing RSA key\n");
381 if (rsa_config.outformat == FORMAT_ASN1) {
382 if (rsa_config.pubout || rsa_config.pubin) {
383 if (rsa_config.pubout == 2)
384 i = i2d_RSAPublicKey_bio(out, rsa);
385 else
386 i = i2d_RSA_PUBKEY_bio(out, rsa);
387 } else
388 i = i2d_RSAPrivateKey_bio(out, rsa);
389 }
390 #ifndef OPENSSL_NO_RC4
391 else if (rsa_config.outformat == FORMAT_NETSCAPE) {
392 unsigned char *p, *pp;
393 int size;
394
395 i = 1;
396 size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
397 if ((p = malloc(size)) == NULL) {
398 BIO_printf(bio_err, "Memory allocation failure\n");
399 goto end;
400 }
401 pp = p;
402 i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
403 BIO_write(out, (char *) pp, size);
404 free(pp);
405 }
406 #endif
407 else if (rsa_config.outformat == FORMAT_PEM) {
408 if (rsa_config.pubout || rsa_config.pubin) {
409 if (rsa_config.pubout == 2)
410 i = PEM_write_bio_RSAPublicKey(out, rsa);
411 else
412 i = PEM_write_bio_RSA_PUBKEY(out, rsa);
413 } else
414 i = PEM_write_bio_RSAPrivateKey(out, rsa,
415 rsa_config.enc, NULL, 0, NULL, passout);
416 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
417 } else if (rsa_config.outformat == FORMAT_MSBLOB ||
418 rsa_config.outformat == FORMAT_PVK) {
419 EVP_PKEY *pk;
420 pk = EVP_PKEY_new();
421 EVP_PKEY_set1_RSA(pk, rsa);
422 if (rsa_config.outformat == FORMAT_PVK)
423 i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0,
424 passout);
425 else if (rsa_config.pubin || rsa_config.pubout)
426 i = i2b_PublicKey_bio(out, pk);
427 else
428 i = i2b_PrivateKey_bio(out, pk);
429 EVP_PKEY_free(pk);
430 #endif
431 } else {
432 BIO_printf(bio_err,
433 "bad output format specified for outfile\n");
434 goto end;
435 }
436 if (i <= 0) {
437 BIO_printf(bio_err, "unable to write key\n");
438 ERR_print_errors(bio_err);
439 } else
440 ret = 0;
441
442 end:
443 BIO_free_all(out);
444 RSA_free(rsa);
445 free(passin);
446 free(passout);
447
448 return (ret);
449 }
Unleashed OS