GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/rsautl.c Lines: 95 153 62.1 %
Date: 2017-11-13 Branches: 57 101 56.4 %

Line Branch Exec Source
1
/* $OpenBSD: rsautl.c,v 1.12 2017/08/28 17:50:58 jsing Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2000.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <openssl/opensslconf.h>
60
61
62
#include <string.h>
63
64
#include "apps.h"
65
66
#include <openssl/err.h>
67
#include <openssl/pem.h>
68
#include <openssl/rsa.h>
69
70
#define RSA_SIGN 	1
71
#define RSA_VERIFY 	2
72
#define RSA_ENCRYPT 	3
73
#define RSA_DECRYPT 	4
74
75
#define KEY_PRIVKEY	1
76
#define KEY_PUBKEY	2
77
#define KEY_CERT	3
78
79
static void usage(void);
80
81
int
82
rsautl_main(int argc, char **argv)
83
{
84
	BIO *in = NULL, *out = NULL;
85
	char *infile = NULL, *outfile = NULL;
86
	char *keyfile = NULL;
87
	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
88
	int keyform = FORMAT_PEM;
89
	char need_priv = 0, badarg = 0, rev = 0;
90
	char hexdump = 0, asn1parse = 0;
91
	X509 *x;
92
	EVP_PKEY *pkey = NULL;
93
	RSA *rsa = NULL;
94
	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
95
24
	char *passargin = NULL, *passin = NULL;
96
	int rsa_inlen, rsa_outlen = 0;
97
	int keysize;
98
99
	int ret = 1;
100
101
12
	if (single_execution) {
102
12
		if (pledge("stdio cpath wpath rpath tty flock", NULL) == -1) {
103
			perror("pledge");
104
			exit(1);
105
		}
106
	}
107
108
12
	argc--;
109
12
	argv++;
110
111
	pad = RSA_PKCS1_PADDING;
112
113
96
	while (argc >= 1) {
114
40
		if (!strcmp(*argv, "-in")) {
115
8
			if (--argc < 1)
116
				badarg = 1;
117
			else
118
8
				infile = *(++argv);
119
32
		} else if (!strcmp(*argv, "-out")) {
120
4
			if (--argc < 1)
121
				badarg = 1;
122
			else
123
4
				outfile = *(++argv);
124
28
		} else if (!strcmp(*argv, "-inkey")) {
125
8
			if (--argc < 1)
126
				badarg = 1;
127
			else
128
8
				keyfile = *(++argv);
129
20
		} else if (!strcmp(*argv, "-passin")) {
130
8
			if (--argc < 1)
131
				badarg = 1;
132
			else
133
8
				passargin = *(++argv);
134
12
		} else if (strcmp(*argv, "-keyform") == 0) {
135
			if (--argc < 1)
136
				badarg = 1;
137
			else
138
				keyform = str2fmt(*(++argv));
139
12
		} else if (!strcmp(*argv, "-pubin")) {
140
			key_type = KEY_PUBKEY;
141
12
		} else if (!strcmp(*argv, "-certin")) {
142
			key_type = KEY_CERT;
143
12
		} else if (!strcmp(*argv, "-asn1parse"))
144
			asn1parse = 1;
145
12
		else if (!strcmp(*argv, "-hexdump"))
146
			hexdump = 1;
147
12
		else if (!strcmp(*argv, "-raw"))
148
			pad = RSA_NO_PADDING;
149
12
		else if (!strcmp(*argv, "-oaep"))
150
			pad = RSA_PKCS1_OAEP_PADDING;
151
12
		else if (!strcmp(*argv, "-pkcs"))
152
			pad = RSA_PKCS1_PADDING;
153
12
		else if (!strcmp(*argv, "-x931"))
154
			pad = RSA_X931_PADDING;
155
12
		else if (!strcmp(*argv, "-sign")) {
156
			rsa_mode = RSA_SIGN;
157
			need_priv = 1;
158
12
		} else if (!strcmp(*argv, "-verify"))
159
4
			rsa_mode = RSA_VERIFY;
160
4
		else if (!strcmp(*argv, "-rev"))
161
			rev = 1;
162
4
		else if (!strcmp(*argv, "-encrypt"))
163
			rsa_mode = RSA_ENCRYPT;
164
4
		else if (!strcmp(*argv, "-decrypt")) {
165
			rsa_mode = RSA_DECRYPT;
166
			need_priv = 1;
167
		} else
168
			badarg = 1;
169
40
		if (badarg) {
170
4
			usage();
171
4
			goto end;
172
		}
173
36
		argc--;
174
36
		argv++;
175
	}
176
177

12
	if (need_priv && (key_type != KEY_PRIVKEY)) {
178
		BIO_printf(bio_err, "A private key is needed for this operation\n");
179
		goto end;
180
	}
181
8
	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
182
		BIO_printf(bio_err, "Error getting password\n");
183
		goto end;
184
	}
185
186

16
	switch (key_type) {
187
	case KEY_PRIVKEY:
188
16
		pkey = load_key(bio_err, keyfile, keyform, 0,
189
8
		    passin, "Private Key");
190
8
		break;
191
192
	case KEY_PUBKEY:
193
		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
194
		    NULL, "Public Key");
195
		break;
196
197
	case KEY_CERT:
198
		x = load_cert(bio_err, keyfile, keyform,
199
		    NULL, "Certificate");
200
		if (x) {
201
			pkey = X509_get_pubkey(x);
202
			X509_free(x);
203
		}
204
		break;
205
	}
206
207
8
	if (!pkey)
208
		goto end;
209
210
8
	rsa = EVP_PKEY_get1_RSA(pkey);
211
8
	EVP_PKEY_free(pkey);
212
213
8
	if (!rsa) {
214
		BIO_printf(bio_err, "Error getting RSA key\n");
215
		ERR_print_errors(bio_err);
216
		goto end;
217
	}
218
8
	if (infile) {
219
8
		if (!(in = BIO_new_file(infile, "rb"))) {
220
			BIO_printf(bio_err, "Error Reading Input File\n");
221
			ERR_print_errors(bio_err);
222
			goto end;
223
		}
224
	} else
225
		in = BIO_new_fp(stdin, BIO_NOCLOSE);
226
227
8
	if (outfile) {
228
4
		if (!(out = BIO_new_file(outfile, "wb"))) {
229
			BIO_printf(bio_err, "Error Reading Output File\n");
230
			ERR_print_errors(bio_err);
231
			goto end;
232
		}
233
	} else {
234
4
		out = BIO_new_fp(stdout, BIO_NOCLOSE);
235
	}
236
237
8
	keysize = RSA_size(rsa);
238
239
8
	rsa_in = reallocarray(NULL, keysize, 2);
240
8
	if (rsa_in == NULL) {
241
		BIO_printf(bio_err, "Error allocating memory for input data\n");
242
		exit(1);
243
	}
244
8
	rsa_out = malloc(keysize);
245
8
	if (rsa_out == NULL) {
246
		BIO_printf(bio_err, "Error allocating memory for output data\n");
247
		exit(1);
248
	}
249
250
	/* Read the input data */
251
8
	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
252
8
	if (rsa_inlen <= 0) {
253
		BIO_printf(bio_err, "Error reading input Data\n");
254
		exit(1);
255
	}
256
8
	if (rev) {
257
		int i;
258
		unsigned char ctmp;
259
		for (i = 0; i < rsa_inlen / 2; i++) {
260
			ctmp = rsa_in[i];
261
			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
262
			rsa_in[rsa_inlen - 1 - i] = ctmp;
263
		}
264
	}
265

16
	switch (rsa_mode) {
266
267
	case RSA_VERIFY:
268
4
		rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
269
4
		break;
270
271
	case RSA_SIGN:
272
4
		rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
273
4
		break;
274
275
	case RSA_ENCRYPT:
276
		rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
277
		break;
278
279
	case RSA_DECRYPT:
280
		rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
281
		break;
282
283
	}
284
285
8
	if (rsa_outlen <= 0) {
286
		BIO_printf(bio_err, "RSA operation error\n");
287
		ERR_print_errors(bio_err);
288
		goto end;
289
	}
290
	ret = 0;
291
8
	if (asn1parse) {
292
		if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
293
			ERR_print_errors(bio_err);
294
		}
295
8
	} else if (hexdump)
296
		BIO_dump(out, (char *) rsa_out, rsa_outlen);
297
	else
298
8
		BIO_write(out, rsa_out, rsa_outlen);
299
300
end:
301
12
	RSA_free(rsa);
302
12
	BIO_free(in);
303
12
	BIO_free_all(out);
304
12
	free(rsa_in);
305
12
	free(rsa_out);
306
12
	free(passin);
307
308
12
	return ret;
309
12
}
310
311
static void
312
usage()
313
{
314
8
	BIO_printf(bio_err, "Usage: rsautl [options]\n");
315
4
	BIO_printf(bio_err, "-in file        input file\n");
316
4
	BIO_printf(bio_err, "-out file       output file\n");
317
4
	BIO_printf(bio_err, "-inkey file     input key\n");
318
4
	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
319
4
	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
320
4
	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
321
4
	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
322
4
	BIO_printf(bio_err, "-raw            use no padding\n");
323
4
	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
324
4
	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
325
4
	BIO_printf(bio_err, "-sign           sign with private key\n");
326
4
	BIO_printf(bio_err, "-verify         verify with public key\n");
327
4
	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
328
4
	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
329
4
	BIO_printf(bio_err, "-hexdump        hex dump output\n");
330
4
}