From d7610bb566b677b7cd1dff6af83c18174a305942 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 10 Jan 2022 12:17:49 +0000 Subject: Implement openssl pkey -{,pub}check and pkeyparam -check These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump. ok inoguchi jsing --- src/usr.bin/openssl/pkey.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) (limited to 'src/usr.bin/openssl/pkey.c') diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c index 06b4c01894..9134fc7192 100644 --- a/src/usr.bin/openssl/pkey.c +++ b/src/usr.bin/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.15 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: pkey.c,v 1.16 2022/01/10 12:17:49 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -66,6 +66,7 @@ #include static struct { + int check; const EVP_CIPHER *cipher; char *infile; int informat; @@ -74,6 +75,7 @@ static struct { int outformat; char *passargin; char *passargout; + int pubcheck; int pubin; int pubout; int pubtext; @@ -98,6 +100,12 @@ pkey_opt_cipher(int argc, char **argv, int *argsused) } static const struct option pkey_options[] = { + { + .name = "check", + .desc = "Check validity of key", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.check, + }, { .name = "in", .argname = "file", @@ -146,6 +154,12 @@ static const struct option pkey_options[] = { .type = OPTION_ARG, .opt.arg = &pkey_config.passargout, }, + { + .name = "pubcheck", + .desc = "Check validity of public key", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.pubcheck, + }, { .name = "pubin", .desc = "Expect a public key (default private key)", @@ -186,11 +200,11 @@ pkey_usage() int n = 0; fprintf(stderr, - "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] " - "[-out file]\n" - " [-outform fmt] [-passin src] [-passout src] [-pubin] " - "[-pubout] [-text]\n" - " [-text_pub]\n\n"); + "usage: pkey [-check] [-ciphername] [-in file] [-inform fmt] " + "[-noout] [-out file]\n" + " [-outform fmt] [-passin src] [-passout src] [-pubcheck] " + "[-pubin] [-pubout]\n" + " [-text] [-text_pub]\n\n"); options_usage(pkey_options); fprintf(stderr, "\n"); @@ -252,6 +266,16 @@ pkey_main(int argc, char **argv) if (!pkey) goto end; +#if notyet + if (pkey_config.check) { + if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) + goto end; + } else if (pkey_config.pubcheck) { + if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) + goto end; + } +#endif + if (!pkey_config.noout) { if (pkey_config.outformat == FORMAT_PEM) { if (pkey_config.pubout) -- cgit v1.2.3-55-g6feb