summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/usr.bin/openssl/apps.c30
-rw-r--r--src/usr.bin/openssl/apps.h4
-rw-r--r--src/usr.bin/openssl/pkey.c36
-rw-r--r--src/usr.bin/openssl/pkeyparam.c19
4 files changed, 79 insertions, 10 deletions
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index 392d3cc339..fd13371f5d 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.c,v 1.61 2021/11/26 16:23:27 tb Exp $ */ 1/* $OpenBSD: apps.c,v 1.62 2022/01/10 12:17:49 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -2262,3 +2262,31 @@ show_cipher(const OBJ_NAME *name, void *arg)
2262 2262
2263 fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n")); 2263 fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n"));
2264} 2264}
2265
2266int
2267pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *),
2268 const char *desc)
2269{
2270 EVP_PKEY_CTX *ctx;
2271
2272 if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
2273 ERR_print_errors(bio_err);
2274 return 0;
2275 }
2276
2277 if (check_fn(ctx) == 1) {
2278 BIO_printf(out, "%s valid\n", desc);
2279 } else {
2280 unsigned long err;
2281
2282 BIO_printf(out, "%s invalid\n", desc);
2283
2284 while ((err = ERR_get_error()) != 0)
2285 BIO_printf(out, "Detailed error: %s\n",
2286 ERR_reason_error_string(err));
2287 }
2288
2289 EVP_PKEY_CTX_free(ctx);
2290
2291 return 1;
2292}
diff --git a/src/usr.bin/openssl/apps.h b/src/usr.bin/openssl/apps.h
index e8116bfe44..f4fa5361a7 100644
--- a/src/usr.bin/openssl/apps.h
+++ b/src/usr.bin/openssl/apps.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.h,v 1.30 2021/11/26 16:23:27 tb Exp $ */ 1/* $OpenBSD: apps.h,v 1.31 2022/01/10 12:17:49 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -326,4 +326,6 @@ int options_parse(int argc, char **argv, const struct option *opts,
326 326
327void show_cipher(const OBJ_NAME *name, void *arg); 327void show_cipher(const OBJ_NAME *name, void *arg);
328 328
329int pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *),
330 const char *desc);
329#endif 331#endif
diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c
index 06b4c01894..9134fc7192 100644
--- a/src/usr.bin/openssl/pkey.c
+++ b/src/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkey.c,v 1.15 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkey.c,v 1.16 2022/01/10 12:17:49 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -66,6 +66,7 @@
66#include <openssl/pem.h> 66#include <openssl/pem.h>
67 67
68static struct { 68static struct {
69 int check;
69 const EVP_CIPHER *cipher; 70 const EVP_CIPHER *cipher;
70 char *infile; 71 char *infile;
71 int informat; 72 int informat;
@@ -74,6 +75,7 @@ static struct {
74 int outformat; 75 int outformat;
75 char *passargin; 76 char *passargin;
76 char *passargout; 77 char *passargout;
78 int pubcheck;
77 int pubin; 79 int pubin;
78 int pubout; 80 int pubout;
79 int pubtext; 81 int pubtext;
@@ -99,6 +101,12 @@ pkey_opt_cipher(int argc, char **argv, int *argsused)
99 101
100static const struct option pkey_options[] = { 102static const struct option pkey_options[] = {
101 { 103 {
104 .name = "check",
105 .desc = "Check validity of key",
106 .type = OPTION_FLAG,
107 .opt.flag = &pkey_config.check,
108 },
109 {
102 .name = "in", 110 .name = "in",
103 .argname = "file", 111 .argname = "file",
104 .desc = "Input file (default stdin)", 112 .desc = "Input file (default stdin)",
@@ -147,6 +155,12 @@ static const struct option pkey_options[] = {
147 .opt.arg = &pkey_config.passargout, 155 .opt.arg = &pkey_config.passargout,
148 }, 156 },
149 { 157 {
158 .name = "pubcheck",
159 .desc = "Check validity of public key",
160 .type = OPTION_FLAG,
161 .opt.flag = &pkey_config.pubcheck,
162 },
163 {
150 .name = "pubin", 164 .name = "pubin",
151 .desc = "Expect a public key (default private key)", 165 .desc = "Expect a public key (default private key)",
152 .type = OPTION_VALUE, 166 .type = OPTION_VALUE,
@@ -186,11 +200,11 @@ pkey_usage()
186 int n = 0; 200 int n = 0;
187 201
188 fprintf(stderr, 202 fprintf(stderr,
189 "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] " 203 "usage: pkey [-check] [-ciphername] [-in file] [-inform fmt] "
190 "[-out file]\n" 204 "[-noout] [-out file]\n"
191 " [-outform fmt] [-passin src] [-passout src] [-pubin] " 205 " [-outform fmt] [-passin src] [-passout src] [-pubcheck] "
192 "[-pubout] [-text]\n" 206 "[-pubin] [-pubout]\n"
193 " [-text_pub]\n\n"); 207 " [-text] [-text_pub]\n\n");
194 options_usage(pkey_options); 208 options_usage(pkey_options);
195 fprintf(stderr, "\n"); 209 fprintf(stderr, "\n");
196 210
@@ -252,6 +266,16 @@ pkey_main(int argc, char **argv)
252 if (!pkey) 266 if (!pkey)
253 goto end; 267 goto end;
254 268
269#if notyet
270 if (pkey_config.check) {
271 if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair"))
272 goto end;
273 } else if (pkey_config.pubcheck) {
274 if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key"))
275 goto end;
276 }
277#endif
278
255 if (!pkey_config.noout) { 279 if (!pkey_config.noout) {
256 if (pkey_config.outformat == FORMAT_PEM) { 280 if (pkey_config.outformat == FORMAT_PEM) {
257 if (pkey_config.pubout) 281 if (pkey_config.pubout)
diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index 81bed13958..6ac4558578 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyparam.c,v 1.12 2019/07/14 03:30:46 guenther Exp $ */ 1/* $OpenBSD: pkeyparam.c,v 1.13 2022/01/10 12:17:49 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -66,6 +66,7 @@
66#include <openssl/pem.h> 66#include <openssl/pem.h>
67 67
68struct { 68struct {
69 int check;
69 char *infile; 70 char *infile;
70 int noout; 71 int noout;
71 char *outfile; 72 char *outfile;
@@ -74,6 +75,12 @@ struct {
74 75
75static const struct option pkeyparam_options[] = { 76static const struct option pkeyparam_options[] = {
76 { 77 {
78 .name = "check",
79 .desc = "Check validity of key parameters",
80 .type = OPTION_FLAG,
81 .opt.flag = &pkeyparam_config.check,
82 },
83 {
77 .name = "in", 84 .name = "in",
78 .argname = "file", 85 .argname = "file",
79 .desc = "Input file (default stdin)", 86 .desc = "Input file (default stdin)",
@@ -106,7 +113,7 @@ static void
106pkeyparam_usage() 113pkeyparam_usage()
107{ 114{
108 fprintf(stderr, 115 fprintf(stderr,
109 "usage: pkeyparam [-in file] [-noout] [-out file] " 116 "usage: pkeyparam [-check] [-in file] [-noout] [-out file] "
110 "[-text]\n"); 117 "[-text]\n");
111 options_usage(pkeyparam_options); 118 options_usage(pkeyparam_options);
112} 119}
@@ -157,6 +164,14 @@ pkeyparam_main(int argc, char **argv)
157 ERR_print_errors(bio_err); 164 ERR_print_errors(bio_err);
158 goto end; 165 goto end;
159 } 166 }
167
168#if notyet
169 if (pkeyparam_config.check) {
170 if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters"))
171 goto end;
172 }
173#endif
174
160 if (!pkeyparam_config.noout) 175 if (!pkeyparam_config.noout)
161 PEM_write_bio_Parameters(out, pkey); 176 PEM_write_bio_Parameters(out, pkey);
162 177
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:24:13 +0000