- unsigned char *out, size_t *poutlen,
- unsigned char *in, size_t inlen);
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
- BIO *in = NULL, *out = NULL;
- char *infile = NULL, *outfile = NULL, *sigfile = NULL;
- ENGINE *e = NULL;
- int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
- int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
- char badarg = 0, rev = 0;
- char hexdump = 0, asn1parse = 0;
- EVP_PKEY_CTX *ctx = NULL;
- char *passargin = NULL;
- int keysize = -1;
-
- unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
- size_t buf_outlen;
- int buf_inlen = 0, siglen = -1;
-
- int ret = 1, rv = -1;
-
- argc--;
- argv++;
-
- if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
-
- while(argc >= 1)
- {
- if (!strcmp(*argv,"-in"))
- {
- if (--argc < 1) badarg = 1;
- else infile= *(++argv);
- }
- else if (!strcmp(*argv,"-out"))
- {
- if (--argc < 1) badarg = 1;
- else outfile= *(++argv);
- }
- else if (!strcmp(*argv,"-sigfile"))
- {
- if (--argc < 1) badarg = 1;
- else sigfile= *(++argv);
- }
- else if(!strcmp(*argv, "-inkey"))
- {
- if (--argc < 1)
- badarg = 1;
- else
- {
- ctx = init_ctx(&keysize,
- *(++argv), keyform, key_type,
- passargin, pkey_op, e);
- if (!ctx)
- {
- BIO_puts(bio_err,
- "Error initializing context\n");
- ERR_print_errors(bio_err);
- badarg = 1;
- }
- }
- }
- else if (!strcmp(*argv,"-peerkey"))
- {
- if (--argc < 1)
- badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
- badarg = 1;
- }
- else if (!strcmp(*argv,"-passin"))
- {
- if (--argc < 1) badarg = 1;
- else passargin= *(++argv);
- }
- else if (strcmp(*argv,"-peerform") == 0)
- {
- if (--argc < 1) badarg = 1;
- else peerform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) badarg = 1;
- else keyform=str2fmt(*(++argv));
- }
+ unsigned char *out, size_t *poutlen,
+ const unsigned char *in, size_t inlen);
+
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
+ OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
+ OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+ OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
+ OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN
+} OPTION_CHOICE;
+
+OPTIONS pkeyutl_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"in", OPT_IN, '<', "Input file - default stdin"},
+ {"out", OPT_OUT, '>', "Output file - default stdout"},
+ {"pubin", OPT_PUBIN, '-', "Input is a public key"},
+ {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+ {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+ {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+ {"sign", OPT_SIGN, '-', "Sign input data with private key"},
+ {"verify", OPT_VERIFY, '-', "Verify with public key"},
+ {"verifyrecover", OPT_VERIFYRECOVER, '-',
+ "Verify with public key, recover original data"},
+ {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+ {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+ {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+ {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+ {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
+ {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
+ {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+ {"inkey", OPT_INKEY, 's', "Input private key file"},
+ {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
+ {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+ {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},