These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.
ok inoguchi jsing
-/* $OpenBSD: apps.c,v 1.61 2021/11/26 16:23:27 tb Exp $ */
+/* $OpenBSD: apps.c,v 1.62 2022/01/10 12:17:49 tb Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n"));
}
+
+int
+pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *),
+ const char *desc)
+{
+ EVP_PKEY_CTX *ctx;
+
+ if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ if (check_fn(ctx) == 1) {
+ BIO_printf(out, "%s valid\n", desc);
+ } else {
+ unsigned long err;
+
+ BIO_printf(out, "%s invalid\n", desc);
+
+ while ((err = ERR_get_error()) != 0)
+ BIO_printf(out, "Detailed error: %s\n",
+ ERR_reason_error_string(err));
+ }
+
+ EVP_PKEY_CTX_free(ctx);
+
+ return 1;
+}
-/* $OpenBSD: apps.h,v 1.30 2021/11/26 16:23:27 tb Exp $ */
+/* $OpenBSD: apps.h,v 1.31 2022/01/10 12:17:49 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
void show_cipher(const OBJ_NAME *name, void *arg);
+int pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *),
+ const char *desc);
#endif
-/* $OpenBSD: pkey.c,v 1.15 2019/07/14 03:30:46 guenther Exp $ */
+/* $OpenBSD: pkey.c,v 1.16 2022/01/10 12:17:49 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
#include <openssl/pem.h>
static struct {
+ int check;
const EVP_CIPHER *cipher;
char *infile;
int informat;
int outformat;
char *passargin;
char *passargout;
+ int pubcheck;
int pubin;
int pubout;
int pubtext;
}
static const struct option pkey_options[] = {
+ {
+ .name = "check",
+ .desc = "Check validity of key",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkey_config.check,
+ },
{
.name = "in",
.argname = "file",
.type = OPTION_ARG,
.opt.arg = &pkey_config.passargout,
},
+ {
+ .name = "pubcheck",
+ .desc = "Check validity of public key",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkey_config.pubcheck,
+ },
{
.name = "pubin",
.desc = "Expect a public key (default private key)",
int n = 0;
fprintf(stderr,
- "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] "
- "[-out file]\n"
- " [-outform fmt] [-passin src] [-passout src] [-pubin] "
- "[-pubout] [-text]\n"
- " [-text_pub]\n\n");
+ "usage: pkey [-check] [-ciphername] [-in file] [-inform fmt] "
+ "[-noout] [-out file]\n"
+ " [-outform fmt] [-passin src] [-passout src] [-pubcheck] "
+ "[-pubin] [-pubout]\n"
+ " [-text] [-text_pub]\n\n");
options_usage(pkey_options);
fprintf(stderr, "\n");
if (!pkey)
goto end;
+#if notyet
+ if (pkey_config.check) {
+ if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair"))
+ goto end;
+ } else if (pkey_config.pubcheck) {
+ if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key"))
+ goto end;
+ }
+#endif
+
if (!pkey_config.noout) {
if (pkey_config.outformat == FORMAT_PEM) {
if (pkey_config.pubout)
-/* $OpenBSD: pkeyparam.c,v 1.12 2019/07/14 03:30:46 guenther Exp $ */
+/* $OpenBSD: pkeyparam.c,v 1.13 2022/01/10 12:17:49 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
#include <openssl/pem.h>
struct {
+ int check;
char *infile;
int noout;
char *outfile;
} pkeyparam_config;
static const struct option pkeyparam_options[] = {
+ {
+ .name = "check",
+ .desc = "Check validity of key parameters",
+ .type = OPTION_FLAG,
+ .opt.flag = &pkeyparam_config.check,
+ },
{
.name = "in",
.argname = "file",
pkeyparam_usage()
{
fprintf(stderr,
- "usage: pkeyparam [-in file] [-noout] [-out file] "
+ "usage: pkeyparam [-check] [-in file] [-noout] [-out file] "
"[-text]\n");
options_usage(pkeyparam_options);
}
ERR_print_errors(bio_err);
goto end;
}
+
+#if notyet
+ if (pkeyparam_config.check) {
+ if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters"))
+ goto end;
+ }
+#endif
+
if (!pkeyparam_config.noout)
PEM_write_bio_Parameters(out, pkey);
projects / openbsd / commitdiff