[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Oct 22 02:15:03 UTC 2020
The branch master has been updated
via b78c777ee3038920064f5c2e3eb2a4f66a35119d (commit)
from f31ac320012c9aa1540034288ea94f6c80924aa3 (commit)
- Log -----------------------------------------------------------------
commit b78c777ee3038920064f5c2e3eb2a4f66a35119d
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Oct 20 11:56:22 2020 +0200
APPS: Implement load_keyparams() to load key parameters
'openssl dsaparam' is affected as an obvious usage example.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 2 +-
apps/dsaparam.c | 14 ++++++--------
apps/include/apps.h | 2 ++
apps/lib/apps.c | 38 +++++++++++++++++++++++++++++++-------
doc/man1/openssl-dsaparam.pod.in | 2 +-
5 files changed, 41 insertions(+), 17 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index e52eff3c28..a30c9f1684 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -724,7 +724,7 @@ static int load_cert_certs(const char *uri,
return ret;
}
pass_string = get_passwd(pass, desc);
- ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL,
+ ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
pcert, pcerts, NULL, NULL);
clear_free(pass_string);
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 5fd906a069..7e374eb6ad 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -66,7 +66,7 @@ const OPTIONS dsaparam_options[] = {
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
- BIO *in = NULL, *out = NULL;
+ BIO *out = NULL;
EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
int numbits = -1, num = 0, genkey = 0;
@@ -140,9 +140,6 @@ int dsaparam_main(int argc, char **argv)
}
private = genkey ? 1 : 0;
- in = bio_open_default(infile, 'r', informat);
- if (in == NULL)
- goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
@@ -181,10 +178,12 @@ int dsaparam_main(int argc, char **argv)
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
- } else if (informat == FORMAT_ASN1) {
- params = d2i_KeyParams_bio(EVP_PKEY_DSA, NULL, in);
} else {
- params = PEM_read_bio_Parameters(in, NULL);
+ params = load_keyparams(infile, 1, "DSA parameters");
+ if (!EVP_PKEY_is_a(params, "DSA")) {
+ EVP_PKEY_free(params);
+ params = NULL;
+ }
}
if (params == NULL) {
BIO_printf(bio_err, "Error, unable to load DSA parameters\n");
@@ -276,7 +275,6 @@ int dsaparam_main(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
- BIO_free(in);
BIO_free_all(out);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 195f226910..8bb92e07db 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -116,6 +116,7 @@ EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc);
int load_certs(const char *uri, STACK_OF(X509) **certs,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
@@ -123,6 +124,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
int load_key_certs_crls(const char *uri, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
int load_key_cert_crl(const char *uri, int maybe_stdin,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index d90ef6a192..d100ce42dd 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -476,7 +476,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
if (desc == NULL)
desc = "certificate";
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
- NULL, NULL, &cert, NULL, NULL, NULL);
+ NULL, NULL, NULL, &cert, NULL, NULL, NULL);
if (cert == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
@@ -492,7 +492,7 @@ X509_CRL *load_crl(const char *uri, int format, const char *desc)
if (desc == NULL)
desc = "CRL";
(void)load_key_certs_crls(uri, 0, NULL, desc,
- NULL, NULL, NULL, NULL, &crl, NULL);
+ NULL, NULL, NULL, NULL, NULL, &crl, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
@@ -559,7 +559,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
}
} else {
(void)load_key_certs_crls(uri, may_stdin, pass, desc,
- &pkey, NULL, NULL, NULL, NULL, NULL);
+ &pkey, NULL, NULL, NULL, NULL, NULL, NULL);
}
if (pkey == NULL) {
@@ -589,7 +589,7 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
}
} else {
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
- NULL, &pkey, NULL, NULL, NULL, NULL);
+ NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
}
if (pkey == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
@@ -598,6 +598,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
return pkey;
}
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
+{
+ EVP_PKEY *params = NULL;
+
+ if (desc == NULL)
+ desc = "key parameters";
+
+ (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+ NULL, NULL, ¶ms, NULL, NULL, NULL, NULL);
+ if (params == NULL) {
+ BIO_printf(bio_err, "Unable to load %s\n", desc);
+ ERR_print_errors(bio_err);
+ }
+ return params;
+}
+
void app_bail_out(char *fmt, ...)
{
va_list args;
@@ -627,7 +643,7 @@ int load_certs(const char *uri, STACK_OF(X509) **certs,
const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
- int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+ int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
@@ -645,7 +661,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc)
{
int was_NULL = *crls == NULL;
- int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+ int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
NULL, NULL, NULL, crls);
if (!ret && was_NULL) {
@@ -671,6 +687,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
int load_key_certs_crls(const char *uri, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls)
{
@@ -761,6 +778,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
if (ppubkey != NULL && *ppubkey == NULL)
ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL);
break;
+ case OSSL_STORE_INFO_PARAMS:
+ if (pparams != NULL && *pparams == NULL)
+ ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL);
+ break;
case OSSL_STORE_INFO_CERT:
if (pcert != NULL && *pcert == NULL)
ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL;
@@ -794,8 +815,11 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
if (failed == NULL) {
int any = 0;
- if (ppkey != NULL && *ppkey == NULL) {
+ if ((ppkey != NULL && *ppkey == NULL)
+ || (ppubkey != NULL && *ppubkey == NULL)) {
failed = "key";
+ } else if (pparams != NULL && *pparams == NULL) {
+ failed = "params";
} else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
if (pcert == NULL)
any = 1;
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index 0e6e6cb6de..d7431b0507 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -40,7 +40,7 @@ Print out a usage message.
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
-The input and formats; the default is B<PEM>.
+This option has become obsolete.
See L<openssl(1)/Format Options> for details.
Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>.
More information about the openssl-commits
mailing list