diff options
| author | Paul Yang <yang.yang@baishancloud.com> | 2017-11-01 00:45:24 +0800 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2017-11-20 07:20:30 +0100 |
| commit | b0004708730f300a2e5c6a11c887caab50b6c42a (patch) | |
| tree | cdfb52867403b6dee0f8c1c9860111076dd37144 /apps/pkeyparam.c | |
| parent | 5d99881e6a58a8775b8ca866b794f615a16bb033 (diff) | |
Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check()
Doc and test cases are added
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)
Diffstat (limited to 'apps/pkeyparam.c')
| -rw-r--r-- | apps/pkeyparam.c | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 9ac247509a..35cdd8dc92 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -16,7 +16,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE + OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, + OPT_ENGINE, OPT_CHECK } OPTION_CHOICE; const OPTIONS pkeyparam_options[] = { @@ -28,6 +29,7 @@ const OPTIONS pkeyparam_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"check", OPT_CHECK, '-', "Check key param consistency"}, {NULL} }; @@ -36,7 +38,7 @@ int pkeyparam_main(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; EVP_PKEY *pkey = NULL; - int text = 0, noout = 0, ret = 1; + int text = 0, noout = 0, ret = 1, check = 0; OPTION_CHOICE o; char *infile = NULL, *outfile = NULL, *prog; @@ -67,6 +69,9 @@ int pkeyparam_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; + case OPT_CHECK: + check = 1; + break; } } argc = opt_num_rest(); @@ -86,6 +91,38 @@ int pkeyparam_main(int argc, char **argv) goto end; } + if (check) { + int r; + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx == NULL) { + ERR_print_errors(bio_err); + goto end; + } + + r = EVP_PKEY_param_check(ctx); + + if (r == 1) { + BIO_printf(out, "Parameters are valid\n"); + } else { + /* + * Note: at least for RSA keys if this function returns + * -1, there will be no error reasons. + */ + unsigned long err; + + BIO_printf(out, "Parameters are invalid\n"); + + while ((err = ERR_peek_error()) != 0) { + BIO_printf(out, "Detailed error: %s\n", + ERR_reason_error_string(err)); + ERR_get_error(); /* remove err from error stack */ + } + } + EVP_PKEY_CTX_free(ctx); + } + if (!noout) PEM_write_bio_Parameters(out, pkey); |