diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-10-20 11:56:22 +0200 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-10-22 12:14:32 +1000 |
| commit | b78c777ee3038920064f5c2e3eb2a4f66a35119d (patch) | |
| tree | 9eb5786fb794a2e4be77327a11d89cfe8211bca2 | |
| parent | f31ac320012c9aa1540034288ea94f6c80924aa3 (diff) | |
APPS: Implement load_keyparams() to load key parameters
'openssl dsaparam' is affected as an obvious usage example.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
| -rw-r--r-- | apps/cmp.c | 2 | ||||
| -rw-r--r-- | apps/dsaparam.c | 14 | ||||
| -rw-r--r-- | apps/include/apps.h | 2 | ||||
| -rw-r--r-- | apps/lib/apps.c | 38 | ||||
| -rw-r--r-- | doc/man1/openssl-dsaparam.pod.in | 2 |
5 files changed, 41 insertions, 17 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index e52eff3c28..a30c9f1684 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -724,7 +724,7 @@ static int load_cert_certs(const char *uri, return ret; } pass_string = get_passwd(pass, desc); - ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, + ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL, pcert, pcerts, NULL, NULL); clear_free(pass_string); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 5fd906a069..7e374eb6ad 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -66,7 +66,7 @@ const OPTIONS dsaparam_options[] = { int dsaparam_main(int argc, char **argv) { ENGINE *e = NULL; - BIO *in = NULL, *out = NULL; + BIO *out = NULL; EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; int numbits = -1, num = 0, genkey = 0; @@ -140,9 +140,6 @@ int dsaparam_main(int argc, char **argv) } private = genkey ? 1 : 0; - in = bio_open_default(infile, 'r', informat); - if (in == NULL) - goto end; out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; @@ -181,10 +178,12 @@ int dsaparam_main(int argc, char **argv) BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } - } else if (informat == FORMAT_ASN1) { - params = d2i_KeyParams_bio(EVP_PKEY_DSA, NULL, in); } else { - params = PEM_read_bio_Parameters(in, NULL); + params = load_keyparams(infile, 1, "DSA parameters"); + if (!EVP_PKEY_is_a(params, "DSA")) { + EVP_PKEY_free(params); + params = NULL; + } } if (params == NULL) { BIO_printf(bio_err, "Error, unable to load DSA parameters\n"); @@ -276,7 +275,6 @@ int dsaparam_main(int argc, char **argv) end: if (ret != 0) ERR_print_errors(bio_err); - BIO_free(in); BIO_free_all(out); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); diff --git a/apps/include/apps.h b/apps/include/apps.h index 195f226910..8bb92e07db 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -116,6 +116,7 @@ EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); +EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc); int load_certs(const char *uri, STACK_OF(X509) **certs, const char *pass, const char *desc); int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, @@ -123,6 +124,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, int load_key_certs_crls(const char *uri, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); int load_key_cert_crl(const char *uri, int maybe_stdin, diff --git a/apps/lib/apps.c b/apps/lib/apps.c index d90ef6a192..d100ce42dd 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -476,7 +476,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, if (desc == NULL) desc = "certificate"; (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, - NULL, NULL, &cert, NULL, NULL, NULL); + NULL, NULL, NULL, &cert, NULL, NULL, NULL); if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); @@ -492,7 +492,7 @@ X509_CRL *load_crl(const char *uri, int format, const char *desc) if (desc == NULL) desc = "CRL"; (void)load_key_certs_crls(uri, 0, NULL, desc, - NULL, NULL, NULL, NULL, &crl, NULL); + NULL, NULL, NULL, NULL, NULL, &crl, NULL); if (crl == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); ERR_print_errors(bio_err); @@ -559,7 +559,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin, } } else { (void)load_key_certs_crls(uri, may_stdin, pass, desc, - &pkey, NULL, NULL, NULL, NULL, NULL); + &pkey, NULL, NULL, NULL, NULL, NULL, NULL); } if (pkey == NULL) { @@ -589,7 +589,7 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, } } else { (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, - NULL, &pkey, NULL, NULL, NULL, NULL); + NULL, &pkey, NULL, NULL, NULL, NULL, NULL); } if (pkey == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -598,6 +598,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, return pkey; } +EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc) +{ + EVP_PKEY *params = NULL; + + if (desc == NULL) + desc = "key parameters"; + + (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc, + NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); + if (params == NULL) { + BIO_printf(bio_err, "Unable to load %s\n", desc); + ERR_print_errors(bio_err); + } + return params; +} + void app_bail_out(char *fmt, ...) { va_list args; @@ -627,7 +643,7 @@ int load_certs(const char *uri, STACK_OF(X509) **certs, const char *pass, const char *desc) { int was_NULL = *certs == NULL; - int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { @@ -645,7 +661,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc) { int was_NULL = *crls == NULL; - int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, + int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL, NULL, NULL, NULL, crls); if (!ret && was_NULL) { @@ -671,6 +687,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, int load_key_certs_crls(const char *uri, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) { @@ -761,6 +778,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, if (ppubkey != NULL && *ppubkey == NULL) ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL); break; + case OSSL_STORE_INFO_PARAMS: + if (pparams != NULL && *pparams == NULL) + ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL); + break; case OSSL_STORE_INFO_CERT: if (pcert != NULL && *pcert == NULL) ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL; @@ -794,8 +815,11 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, if (failed == NULL) { int any = 0; - if (ppkey != NULL && *ppkey == NULL) { + if ((ppkey != NULL && *ppkey == NULL) + || (ppubkey != NULL && *ppubkey == NULL)) { failed = "key"; + } else if (pparams != NULL && *pparams == NULL) { + failed = "params"; } else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) { if (pcert == NULL) any = 1; diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index 0e6e6cb6de..d7431b0507 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -40,7 +40,7 @@ Print out a usage message. =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -The input and formats; the default is B<PEM>. +This option has become obsolete. See L<openssl(1)/Format Options> for details. Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>. |