GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/rsa.c Lines: 0 127 0.0 %
Date: 2016-12-06 Branches: 0 92 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: rsa.c,v 1.8 2015/10/17 15:00:11 doug Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include <openssl/opensslconf.h>
60
61
#include <stdio.h>
62
#include <stdlib.h>
63
#include <string.h>
64
#include <time.h>
65
66
#include "apps.h"
67
#include "progs.h"
68
69
#include <openssl/bio.h>
70
#include <openssl/bn.h>
71
#include <openssl/err.h>
72
#include <openssl/evp.h>
73
#include <openssl/pem.h>
74
#include <openssl/rsa.h>
75
#include <openssl/x509.h>
76
77
static struct {
78
	int check;
79
	const EVP_CIPHER *enc;
80
	char *infile;
81
	int informat;
82
	int modulus;
83
	int noout;
84
	char *outfile;
85
	int outformat;
86
	char *passargin;
87
	char *passargout;
88
	int pubin;
89
	int pubout;
90
	int pvk_encr;
91
	int sgckey;
92
	int text;
93
} rsa_config;
94
95
static int
96
rsa_opt_cipher(int argc, char **argv, int *argsused)
97
{
98
	char *name = argv[0];
99
100
	if (*name++ != '-')
101
		return (1);
102
103
	if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) {
104
		fprintf(stderr, "Invalid cipher '%s'\n", name);
105
		return (1);
106
	}
107
108
	*argsused = 1;
109
	return (0);
110
}
111
112
static struct option rsa_options[] = {
113
	{
114
		.name = "check",
115
		.desc = "Check consistency of RSA private key",
116
		.type = OPTION_FLAG,
117
		.opt.flag = &rsa_config.check,
118
	},
119
	{
120
		.name = "in",
121
		.argname = "file",
122
		.desc = "Input file (default stdin)",
123
		.type = OPTION_ARG,
124
		.opt.arg = &rsa_config.infile,
125
	},
126
	{
127
		.name = "inform",
128
		.argname = "format",
129
		.desc = "Input format (DER, NET or PEM (default))",
130
		.type = OPTION_ARG_FORMAT,
131
		.opt.value = &rsa_config.informat,
132
	},
133
	{
134
		.name = "modulus",
135
		.desc = "Print the RSA key modulus",
136
		.type = OPTION_FLAG,
137
		.opt.flag = &rsa_config.modulus,
138
	},
139
	{
140
		.name = "noout",
141
		.desc = "Do not print encoded version of the key",
142
		.type = OPTION_FLAG,
143
		.opt.flag = &rsa_config.noout,
144
	},
145
	{
146
		.name = "out",
147
		.argname = "file",
148
		.desc = "Output file (default stdout)",
149
		.type = OPTION_ARG,
150
		.opt.arg = &rsa_config.outfile,
151
	},
152
	{
153
		.name = "outform",
154
		.argname = "format",
155
		.desc = "Output format (DER, NET or PEM (default PEM))",
156
		.type = OPTION_ARG_FORMAT,
157
		.opt.value = &rsa_config.outformat,
158
	},
159
	{
160
		.name = "passin",
161
		.argname = "src",
162
		.desc = "Input file passphrase source",
163
		.type = OPTION_ARG,
164
		.opt.arg = &rsa_config.passargin,
165
	},
166
	{
167
		.name = "passout",
168
		.argname = "src",
169
		.desc = "Output file passphrase source",
170
		.type = OPTION_ARG,
171
		.opt.arg = &rsa_config.passargout,
172
	},
173
	{
174
		.name = "pubin",
175
		.desc = "Expect a public key (default private key)",
176
		.type = OPTION_VALUE,
177
		.value = 1,
178
		.opt.value = &rsa_config.pubin,
179
	},
180
	{
181
		.name = "pubout",
182
		.desc = "Output a public key (default private key)",
183
		.type = OPTION_VALUE,
184
		.value = 1,
185
		.opt.value = &rsa_config.pubout,
186
	},
187
	{
188
		.name = "pvk-none",
189
		.type = OPTION_VALUE,
190
		.value = 0,
191
		.opt.value = &rsa_config.pvk_encr,
192
	},
193
	{
194
		.name = "pvk-strong",
195
		.type = OPTION_VALUE,
196
		.value = 2,
197
		.opt.value = &rsa_config.pvk_encr,
198
	},
199
	{
200
		.name = "pvk-weak",
201
		.type = OPTION_VALUE,
202
		.value = 1,
203
		.opt.value = &rsa_config.pvk_encr,
204
	},
205
	{
206
		.name = "RSAPublicKey_in",
207
		.type = OPTION_VALUE,
208
		.value = 2,
209
		.opt.value = &rsa_config.pubin,
210
	},
211
	{
212
		.name = "RSAPublicKey_out",
213
		.type = OPTION_VALUE,
214
		.value = 2,
215
		.opt.value = &rsa_config.pubout,
216
	},
217
	{
218
		.name = "sgckey",
219
		.desc = "Use modified NET algorithm for IIS and SGC keys",
220
		.type = OPTION_FLAG,
221
		.opt.flag = &rsa_config.sgckey,
222
	},
223
	{
224
		.name = "text",
225
		.desc = "Print in plain text in addition to encoded",
226
		.type = OPTION_FLAG,
227
		.opt.flag = &rsa_config.text,
228
	},
229
	{
230
		.name = NULL,
231
		.type = OPTION_ARGV_FUNC,
232
		.opt.argvfunc = rsa_opt_cipher,
233
	},
234
	{ NULL }
235
};
236
237
static void
238
show_ciphers(const OBJ_NAME *name, void *arg)
239
{
240
	static int n;
241
242
	fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n"));
243
}
244
245
static void
246
rsa_usage()
247
{
248
	fprintf(stderr,
249
	    "usage: rsa [-ciphername] [-check] [-in file] "
250
	    "[-inform fmt]\n"
251
	    "    [-modulus] [-noout] [-out file] [-outform fmt] "
252
	    "[-passin src]\n"
253
	    "    [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
254
	options_usage(rsa_options);
255
	fprintf(stderr, "\n");
256
257
	fprintf(stderr, "Valid ciphername values:\n\n");
258
	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL);
259
	fprintf(stderr, "\n");
260
}
261
262
int
263
rsa_main(int argc, char **argv)
264
{
265
	int ret = 1;
266
	RSA *rsa = NULL;
267
	int i;
268
	BIO *out = NULL;
269
	char *passin = NULL, *passout = NULL;
270
271
	if (single_execution) {
272
		if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
273
			perror("pledge");
274
			exit(1);
275
		}
276
	}
277
278
	memset(&rsa_config, 0, sizeof(rsa_config));
279
	rsa_config.pvk_encr = 2;
280
	rsa_config.informat = FORMAT_PEM;
281
	rsa_config.outformat = FORMAT_PEM;
282
283
	if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
284
		rsa_usage();
285
		goto end;
286
	}
287
288
	if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
289
	    &passin, &passout)) {
290
		BIO_printf(bio_err, "Error getting passwords\n");
291
		goto end;
292
	}
293
	if (rsa_config.check && rsa_config.pubin) {
294
		BIO_printf(bio_err, "Only private keys can be checked\n");
295
		goto end;
296
	}
297
	out = BIO_new(BIO_s_file());
298
299
	{
300
		EVP_PKEY *pkey;
301
302
		if (rsa_config.pubin) {
303
			int tmpformat = -1;
304
			if (rsa_config.pubin == 2) {
305
				if (rsa_config.informat == FORMAT_PEM)
306
					tmpformat = FORMAT_PEMRSA;
307
				else if (rsa_config.informat == FORMAT_ASN1)
308
					tmpformat = FORMAT_ASN1RSA;
309
			} else if (rsa_config.informat == FORMAT_NETSCAPE &&
310
			    rsa_config.sgckey)
311
				tmpformat = FORMAT_IISSGC;
312
			else
313
				tmpformat = rsa_config.informat;
314
315
			pkey = load_pubkey(bio_err, rsa_config.infile,
316
			    tmpformat, 1, passin, "Public Key");
317
		} else
318
			pkey = load_key(bio_err, rsa_config.infile,
319
			    (rsa_config.informat == FORMAT_NETSCAPE &&
320
			    rsa_config.sgckey ? FORMAT_IISSGC :
321
			    rsa_config.informat), 1, passin, "Private Key");
322
323
		if (pkey != NULL)
324
			rsa = EVP_PKEY_get1_RSA(pkey);
325
		EVP_PKEY_free(pkey);
326
	}
327
328
	if (rsa == NULL) {
329
		ERR_print_errors(bio_err);
330
		goto end;
331
	}
332
	if (rsa_config.outfile == NULL) {
333
		BIO_set_fp(out, stdout, BIO_NOCLOSE);
334
	} else {
335
		if (BIO_write_filename(out, rsa_config.outfile) <= 0) {
336
			perror(rsa_config.outfile);
337
			goto end;
338
		}
339
	}
340
341
	if (rsa_config.text)
342
		if (!RSA_print(out, rsa, 0)) {
343
			perror(rsa_config.outfile);
344
			ERR_print_errors(bio_err);
345
			goto end;
346
		}
347
	if (rsa_config.modulus) {
348
		BIO_printf(out, "Modulus=");
349
		BN_print(out, rsa->n);
350
		BIO_printf(out, "\n");
351
	}
352
	if (rsa_config.check) {
353
		int r = RSA_check_key(rsa);
354
355
		if (r == 1)
356
			BIO_printf(out, "RSA key ok\n");
357
		else if (r == 0) {
358
			unsigned long err;
359
360
			while ((err = ERR_peek_error()) != 0 &&
361
			    ERR_GET_LIB(err) == ERR_LIB_RSA &&
362
			    ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
363
			    ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
364
				BIO_printf(out, "RSA key error: %s\n",
365
				    ERR_reason_error_string(err));
366
				ERR_get_error();	/* remove e from error
367
							 * stack */
368
			}
369
		}
370
		if (r == -1 || ERR_peek_error() != 0) {	/* should happen only if
371
							 * r == -1 */
372
			ERR_print_errors(bio_err);
373
			goto end;
374
		}
375
	}
376
	if (rsa_config.noout) {
377
		ret = 0;
378
		goto end;
379
	}
380
	BIO_printf(bio_err, "writing RSA key\n");
381
	if (rsa_config.outformat == FORMAT_ASN1) {
382
		if (rsa_config.pubout || rsa_config.pubin) {
383
			if (rsa_config.pubout == 2)
384
				i = i2d_RSAPublicKey_bio(out, rsa);
385
			else
386
				i = i2d_RSA_PUBKEY_bio(out, rsa);
387
		} else
388
			i = i2d_RSAPrivateKey_bio(out, rsa);
389
	}
390
#ifndef OPENSSL_NO_RC4
391
	else if (rsa_config.outformat == FORMAT_NETSCAPE) {
392
		unsigned char *p, *pp;
393
		int size;
394
395
		i = 1;
396
		size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
397
		if ((p = malloc(size)) == NULL) {
398
			BIO_printf(bio_err, "Memory allocation failure\n");
399
			goto end;
400
		}
401
		pp = p;
402
		i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
403
		BIO_write(out, (char *) pp, size);
404
		free(pp);
405
	}
406
#endif
407
	else if (rsa_config.outformat == FORMAT_PEM) {
408
		if (rsa_config.pubout || rsa_config.pubin) {
409
			if (rsa_config.pubout == 2)
410
				i = PEM_write_bio_RSAPublicKey(out, rsa);
411
			else
412
				i = PEM_write_bio_RSA_PUBKEY(out, rsa);
413
		} else
414
			i = PEM_write_bio_RSAPrivateKey(out, rsa,
415
			    rsa_config.enc, NULL, 0, NULL, passout);
416
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
417
	} else if (rsa_config.outformat == FORMAT_MSBLOB ||
418
	    rsa_config.outformat == FORMAT_PVK) {
419
		EVP_PKEY *pk;
420
		pk = EVP_PKEY_new();
421
		EVP_PKEY_set1_RSA(pk, rsa);
422
		if (rsa_config.outformat == FORMAT_PVK)
423
			i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0,
424
			    passout);
425
		else if (rsa_config.pubin || rsa_config.pubout)
426
			i = i2b_PublicKey_bio(out, pk);
427
		else
428
			i = i2b_PrivateKey_bio(out, pk);
429
		EVP_PKEY_free(pk);
430
#endif
431
	} else {
432
		BIO_printf(bio_err,
433
		    "bad output format specified for outfile\n");
434
		goto end;
435
	}
436
	if (i <= 0) {
437
		BIO_printf(bio_err, "unable to write key\n");
438
		ERR_print_errors(bio_err);
439
	} else
440
		ret = 0;
441
442
end:
443
	BIO_free_all(out);
444
	RSA_free(rsa);
445
	free(passin);
446
	free(passout);
447
448
	return (ret);
449
}