diff options
| author | Pauli <paul.dale@oracle.com> | 2020-10-20 13:32:26 +1000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-12-17 21:09:54 +0100 |
| commit | 47422549da431cf9546a148d916d162e196fcd44 (patch) | |
| tree | a09cdee887b43d97878a2c1382b6df8b48fddc5e /apps | |
| parent | 575b36ecefca4eff181210ff1eeb3a3dcfbf5456 (diff) | |
dsa: apps deprecation changes
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dhparam.c | 2 | ||||
| -rw-r--r-- | apps/dsa.c | 132 | ||||
| -rw-r--r-- | apps/gendsa.c | 28 | ||||
| -rw-r--r-- | apps/rsa.c | 10 | ||||
| -rw-r--r-- | apps/x509.c | 17 |
5 files changed, 97 insertions, 92 deletions
diff --git a/apps/dhparam.c b/apps/dhparam.c index a69dfd3810..8242a1f1d7 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -47,8 +47,10 @@ const OPTIONS dhparam_options[] = { OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, {"check", OPT_CHECK, '-', "Check the DH parameters"}, +#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, +#endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, #endif diff --git a/apps/dsa.c b/apps/dsa.c index 2deda0a32c..ebb841fa53 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -22,6 +22,15 @@ #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/bn.h> +#include <openssl/encoder.h> +#include <openssl/core_names.h> +#include <openssl/core_dispatch.h> + +#ifndef OPENSSL_NO_RC4 +# define DEFAULT_PVK_ENCR_STRENGTH 2 +#else +# define DEFAULT_PVK_ENCR_STRENGTH 0 +#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -68,7 +77,6 @@ const OPTIONS dsa_options[] = { int dsa_main(int argc, char **argv) { BIO *out = NULL; - DSA *dsa = NULL; ENGINE *e = NULL; EVP_PKEY *pkey = NULL; const EVP_CIPHER *enc = NULL; @@ -76,11 +84,13 @@ int dsa_main(int argc, char **argv) char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; - int i, modulus = 0, pubin = 0, pubout = 0, ret = 1; -#ifndef OPENSSL_NO_RC4 - int pvk_encr = 2; -#endif + int modulus = 0, pubin = 0, pubout = 0, ret = 1; + int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; int private = 0; + const char *output_type = NULL; + const char *output_structure = NULL; + int selection = 0; + OSSL_ENCODER_CTX *ectx = NULL; prog = opt_init(argc, argv, dsa_options); while ((o = opt_next()) != OPT_EOF) { @@ -171,14 +181,15 @@ int dsa_main(int argc, char **argv) else pkey = load_key(infile, informat, 1, passin, e, "private key"); - if (pkey != NULL) - dsa = EVP_PKEY_get1_DSA(pkey); - - if (dsa == NULL) { + if (pkey == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } + if (!EVP_PKEY_is_a(pkey, "DSA")) { + BIO_printf(bio_err, "Not a DSA key\n"); + goto end; + } out = bio_open_owner(outfile, outformat, private); if (out == NULL) @@ -195,11 +206,16 @@ int dsa_main(int argc, char **argv) } if (modulus) { - const BIGNUM *pub_key = NULL; - DSA_get0_key(dsa, &pub_key, NULL); + BIGNUM *pub_key = NULL; + + if (!EVP_PKEY_get_bn_param(pkey, "pub", &pub_key)) { + ERR_print_errors(bio_err); + goto end; + } BIO_printf(out, "Public Key="); BN_print(out, pub_key); BIO_printf(out, "\n"); + BN_free(pub_key); } if (noout) { @@ -208,64 +224,68 @@ int dsa_main(int argc, char **argv) } BIO_printf(bio_err, "writing DSA key\n"); if (outformat == FORMAT_ASN1) { - if (pubin || pubout) { - i = i2d_DSA_PUBKEY_bio(out, dsa); - } else { - assert(private); - i = i2d_DSAPrivateKey_bio(out, dsa); - } + output_type = "DER"; } else if (outformat == FORMAT_PEM) { - if (pubin || pubout) { - i = PEM_write_bio_DSA_PUBKEY(out, dsa); - } else { - assert(private); - i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, - NULL, 0, NULL, passout); - } -#ifndef OPENSSL_NO_RSA - } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { - EVP_PKEY *pk; - pk = EVP_PKEY_new(); - if (pk == NULL) - goto end; - - EVP_PKEY_set1_DSA(pk, dsa); - if (outformat == FORMAT_PVK) { - if (pubin) { - BIO_printf(bio_err, "PVK form impossible with public key input\n"); - EVP_PKEY_free(pk); - goto end; - } - assert(private); -# ifdef OPENSSL_NO_RC4 - BIO_printf(bio_err, "PVK format not supported\n"); - EVP_PKEY_free(pk); + output_type = "PEM"; + } else if (outformat == FORMAT_MSBLOB) { + output_type = "MSBLOB"; + } else if (outformat == FORMAT_PVK) { + if (pubin) { + BIO_printf(bio_err, "PVK form impossible with public key input\n"); goto end; -# else - i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif - } else if (pubin || pubout) { - i = i2b_PublicKey_bio(out, pk); - } else { - assert(private); - i = i2b_PrivateKey_bio(out, pk); } - EVP_PKEY_free(pk); -#endif + output_type = "PVK"; } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } - if (i <= 0) { - BIO_printf(bio_err, "unable to write private key\n"); - ERR_print_errors(bio_err); + + if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) { + if (pubout || pubin) + output_structure = "SubjectPublicKeyInfo"; + else + output_structure = "type-specific"; + } + + /* Select what you want in the output */ + if (pubout || pubin) { + selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + } else { + assert(private); + selection = (OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + } + + /* Perform the encoding */ + ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, output_type, + output_structure, NULL); + if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { + BIO_printf(bio_err, "%s format not supported\n", output_type); + goto end; + } + + /* PVK requires a bit more */ + if (outformat == FORMAT_PVK) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr); + if (!OSSL_ENCODER_CTX_set_params(ectx, params)) { + BIO_printf(bio_err, "invalid PVK encryption level\n"); + goto end; + } + } + + if (!OSSL_ENCODER_to_bio(ectx, out)) { + BIO_printf(bio_err, "unable to write key\n"); goto end; } ret = 0; end: + if (ret != 0) + ERR_print_errors(bio_err); + OSSL_ENCODER_CTX_free(ectx); BIO_free_all(out); EVP_PKEY_free(pkey); - DSA_free(dsa); release_engine(e); OPENSSL_free(passin); OPENSSL_free(passout); diff --git a/apps/gendsa.c b/apps/gendsa.c index d525f7093b..c90a01d979 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -54,7 +54,6 @@ int gendsa_main(int argc, char **argv) { ENGINE *e = NULL; BIO *out = NULL, *in = NULL; - DSA *dsa = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; const EVP_CIPHER *enc = NULL; @@ -117,38 +116,18 @@ int gendsa_main(int argc, char **argv) goto end; } - in = bio_open_default(dsaparams, 'r', FORMAT_PEM); - if (in == NULL) - goto end2; - - if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) { - BIO_printf(bio_err, "unable to load DSA parameter file\n"); - goto end; - } - BIO_free(in); - in = NULL; + pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters"); out = bio_open_owner(outfile, FORMAT_PEM, private); if (out == NULL) goto end2; - DSA_get0_pqg(dsa, &p, NULL, NULL); - - if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS) + if (EVP_PKEY_bits(pkey) > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, "Warning: It is not recommended to use more than %d bit for DSA keys.\n" " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p)); + OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_bits(pkey)); - pkey = EVP_PKEY_new(); - if (pkey == NULL) { - BIO_printf(bio_err, "unable to allocate PKEY\n"); - goto end; - } - if (!EVP_PKEY_set1_DSA(pkey, dsa)) { - BIO_printf(bio_err, "unable to associate DSA parameters with PKEY\n"); - goto end; - } ctx = EVP_PKEY_CTX_new(pkey, NULL); if (ctx == NULL) { BIO_printf(bio_err, "unable to create PKEY context\n"); @@ -179,7 +158,6 @@ int gendsa_main(int argc, char **argv) end2: BIO_free(in); BIO_free_all(out); - DSA_free(dsa); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); release_engine(e); diff --git a/apps/rsa.c b/apps/rsa.c index bdfbcf07b8..b65c8fc793 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -30,6 +30,12 @@ */ #include <openssl/core_dispatch.h> +#ifndef OPENSSL_NO_RC4 +# define DEFAULT_PVK_ENCR_STRENGTH 2 +#else +# define DEFAULT_PVK_ENCR_STRENGTH 0 +#endif + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, @@ -69,10 +75,12 @@ const OPTIONS rsa_options[] = { {"traditional", OPT_TRADITIONAL, '-', "Use traditional format for private keys"}, +#ifndef OPENSSL_NO_RC4 OPT_SECTION("PVK"), {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, +#endif OPT_PROV_OPTIONS, {NULL} @@ -90,7 +98,7 @@ int rsa_main(int argc, char **argv) int private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1; - int pvk_encr = 2; + int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; OPTION_CHOICE o; int traditional = 0; const char *output_type = NULL; diff --git a/apps/x509.c b/apps/x509.c index a82682bc11..5de25c1e2c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -755,7 +755,6 @@ int x509_main(int argc, char **argv) goto end; } BIO_printf(out, "Modulus="); -#ifndef OPENSSL_NO_RSA if (EVP_PKEY_is_a(pkey, "RSA")) { BIGNUM *n; @@ -763,16 +762,14 @@ int x509_main(int argc, char **argv) EVP_PKEY_get_bn_param(pkey, "n", &n); BN_print(out, n); BN_free(n); - } else -#endif -#ifndef OPENSSL_NO_DSA - if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { - const BIGNUM *dsapub = NULL; - DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL); + } else if (EVP_PKEY_is_a(pkey, "DSA")) { + BIGNUM *dsapub; + + /* Every DSA key has an 'pub' */ + EVP_PKEY_get_bn_param(pkey, "pub", &dsapub); BN_print(out, dsapub); - } else -#endif - { + BN_free(dsapub); + } else { BIO_printf(out, "Wrong Algorithm type"); } BIO_printf(out, "\n"); |