src/usr.bin/openssl/pkeyutl.c - diff

Return to pkeyutl.c CVS log

Up to [local] / src / usr.bin / openssl

Diff for /src/usr.bin/openssl/pkeyutl.c between version 1.18 and 1.19

version 1.18, 2023/03/05 13:12:53

version 1.19, 2023/03/06 14:32:06

Line 82

int pkey_op;

int rev;

char *sigfile;

} pkeyutl_config;

} cfg;

static void pkeyutl_usage(void);

Line 101

.name = "asn1parse",

.desc = "ASN.1 parse the output data",

.type = OPTION_FLAG,

.opt.flag = &pkeyutl_config.asn1parse,

.opt.flag = &cfg.asn1parse,

{

.name = "certin",

.desc = "Input is a certificate containing a public key",

.type = OPTION_VALUE,

.value = KEY_CERT,

.opt.value = &pkeyutl_config.key_type,

.opt.value = &cfg.key_type,

{

.name = "decrypt",

.desc = "Decrypt the input data using a private key",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_DECRYPT,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{

.name = "derive",

.desc = "Derive a shared secret using the peer key",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_DERIVE,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{

.name = "encrypt",

.desc = "Encrypt the input data using a public key",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_ENCRYPT,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{

.name = "hexdump",

.desc = "Hex dump the output data",

.type = OPTION_FLAG,

.opt.flag = &pkeyutl_config.hexdump,

.opt.flag = &cfg.hexdump,

{

.name = "in",

.argname = "file",

.desc = "Input file (default stdin)",

.type = OPTION_ARG,

.opt.arg = &pkeyutl_config.infile,

.opt.arg = &cfg.infile,

{

.name = "inkey",

Line 156

.argname = "fmt",

.desc = "Input key format (DER or PEM (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &pkeyutl_config.keyform,

.opt.value = &cfg.keyform,

{

.name = "out",

.argname = "file",

.desc = "Output file (default stdout)",

.type = OPTION_ARG,

.opt.arg = &pkeyutl_config.outfile,

.opt.arg = &cfg.outfile,

{

.name = "passin",

.argname = "arg",

.desc = "Key password source",

.type = OPTION_ARG,

.opt.arg = &pkeyutl_config.passargin,

.opt.arg = &cfg.passargin,

{

.name = "peerform",

.argname = "fmt",

.desc = "Input key format (DER or PEM (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &pkeyutl_config.peerform,

.opt.value = &cfg.peerform,

{

.name = "peerkey",

Line 198

.desc = "Input is a public key",

.type = OPTION_VALUE,

.value = KEY_PUBKEY,

.opt.value = &pkeyutl_config.key_type,

.opt.value = &cfg.key_type,

{

.name = "rev",

.desc = "Reverse the input data",

.type = OPTION_FLAG,

.opt.flag = &pkeyutl_config.rev,

.opt.flag = &cfg.rev,

{

.name = "sigfile",

.argname = "file",

.desc = "Signature file (verify operation only)",

.type = OPTION_ARG,

.opt.arg = &pkeyutl_config.sigfile,

.opt.arg = &cfg.sigfile,

{

.name = "sign",

.desc = "Sign the input data using private key",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_SIGN,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{

.name = "verify",

.desc = "Verify the input data using public key",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_VERIFY,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{

.name = "verifyrecover",

.desc = "Verify with public key, recover original data",

.type = OPTION_VALUE,

.value = EVP_PKEY_OP_VERIFYRECOVER,

.opt.value = &pkeyutl_config.pkey_op,

.opt.value = &cfg.pkey_op,

{NULL},

Line 268

exit(1);

}

memset(&pkeyutl_config, 0, sizeof(pkeyutl_config));

memset(&cfg, 0, sizeof(cfg));

pkeyutl_config.pkey_op = EVP_PKEY_OP_SIGN;

cfg.pkey_op = EVP_PKEY_OP_SIGN;

pkeyutl_config.key_type = KEY_PRIVKEY;

cfg.key_type = KEY_PRIVKEY;

pkeyutl_config.keyform = FORMAT_PEM;

cfg.keyform = FORMAT_PEM;

pkeyutl_config.peerform = FORMAT_PEM;

cfg.peerform = FORMAT_PEM;

pkeyutl_config.keysize = -1;

cfg.keysize = -1;

if (options_parse(argc, argv, pkeyutl_options, NULL, NULL) != 0) {

pkeyutl_usage();

goto end;

}

if (!pkeyutl_config.ctx) {

if (!cfg.ctx) {

pkeyutl_usage();

goto end;

}

if (pkeyutl_config.sigfile &&

if (cfg.sigfile &&

(pkeyutl_config.pkey_op != EVP_PKEY_OP_VERIFY)) {

(cfg.pkey_op != EVP_PKEY_OP_VERIFY)) {

BIO_puts(bio_err, "Signature file specified for non verify\n");

goto end;

}

if (!pkeyutl_config.sigfile &&

if (!cfg.sigfile &&

(pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY)) {

(cfg.pkey_op == EVP_PKEY_OP_VERIFY)) {

BIO_puts(bio_err, "No signature file specified for verify\n");

goto end;

}

if (pkeyutl_config.pkey_op != EVP_PKEY_OP_DERIVE) {

if (cfg.pkey_op != EVP_PKEY_OP_DERIVE) {

if (pkeyutl_config.infile) {

if (cfg.infile) {

if (!(in = BIO_new_file(pkeyutl_config.infile, "rb"))) {

if (!(in = BIO_new_file(cfg.infile, "rb"))) {

BIO_puts(bio_err,

"Error Opening Input File\n");

ERR_print_errors(bio_err);

Line 306

} else

in = BIO_new_fp(stdin, BIO_NOCLOSE);

}

if (pkeyutl_config.outfile) {

if (cfg.outfile) {

if (!(out = BIO_new_file(pkeyutl_config.outfile, "wb"))) {

if (!(out = BIO_new_file(cfg.outfile, "wb"))) {

BIO_printf(bio_err, "Error Creating Output File\n");

ERR_print_errors(bio_err);

goto end;

Line 316

out = BIO_new_fp(stdout, BIO_NOCLOSE);

}

if (pkeyutl_config.sigfile) {

if (cfg.sigfile) {

BIO *sigbio = BIO_new_file(pkeyutl_config.sigfile, "rb");

BIO *sigbio = BIO_new_file(cfg.sigfile, "rb");

if (!sigbio) {

BIO_printf(bio_err, "Can't open signature file %s\n",

pkeyutl_config.sigfile);

cfg.sigfile);

goto end;

}

siglen = bio_to_mem(&sig, pkeyutl_config.keysize * 10, sigbio);

siglen = bio_to_mem(&sig, cfg.keysize * 10, sigbio);

BIO_free(sigbio);

if (siglen <= 0) {

BIO_printf(bio_err, "Error reading signature data\n");

Line 332

}

if (in) {

/* Read the input data */

buf_inlen = bio_to_mem(&buf_in, pkeyutl_config.keysize * 10, in);

buf_inlen = bio_to_mem(&buf_in, cfg.keysize * 10, in);

if (buf_inlen <= 0) {

BIO_printf(bio_err, "Error reading input Data\n");

exit(1);

}

if (pkeyutl_config.rev) {

if (cfg.rev) {

size_t i;

unsigned char ctmp;

size_t l = (size_t) buf_inlen;

Line 348

}

if (pkeyutl_config.pkey_op == EVP_PKEY_OP_VERIFY) {

if (cfg.pkey_op == EVP_PKEY_OP_VERIFY) {

rv = EVP_PKEY_verify(pkeyutl_config.ctx, sig, (size_t) siglen,

rv = EVP_PKEY_verify(cfg.ctx, sig, (size_t) siglen,

buf_in, (size_t) buf_inlen);

if (rv == 1) {

BIO_puts(out, "Signature Verified Successfully\n");

Line 359

if (rv >= 0)

goto end;

} else {

rv = do_keyop(pkeyutl_config.ctx, pkeyutl_config.pkey_op, NULL,

rv = do_keyop(cfg.ctx, cfg.pkey_op, NULL,

(size_t *)&buf_outlen, buf_in, (size_t) buf_inlen);

if (rv > 0) {

buf_out = malloc(buf_outlen);

if (!buf_out)

rv = -1;

else

rv = do_keyop(pkeyutl_config.ctx,

rv = do_keyop(cfg.ctx,

pkeyutl_config.pkey_op,

cfg.pkey_op,

buf_out, (size_t *) & buf_outlen,

buf_in, (size_t) buf_inlen);

}

Line 379

goto end;

}

ret = 0;

if (pkeyutl_config.asn1parse) {

if (cfg.asn1parse) {

if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))

ERR_print_errors(bio_err);

} else if (pkeyutl_config.hexdump)

} else if (cfg.hexdump)

BIO_dump(out, (char *) buf_out, buf_outlen);

else

BIO_write(out, buf_out, buf_outlen);

end:

EVP_PKEY_CTX_free(pkeyutl_config.ctx);

EVP_PKEY_CTX_free(cfg.ctx);

BIO_free(in);

BIO_free_all(out);

free(buf_in);

Line 406

int rv = -1;

X509 *x;

if (((pkeyutl_config.pkey_op == EVP_PKEY_OP_SIGN)

if (((cfg.pkey_op == EVP_PKEY_OP_SIGN)

|| (pkeyutl_config.pkey_op == EVP_PKEY_OP_DECRYPT)

|| (cfg.pkey_op == EVP_PKEY_OP_DECRYPT)

|| (pkeyutl_config.pkey_op == EVP_PKEY_OP_DERIVE))

|| (cfg.pkey_op == EVP_PKEY_OP_DERIVE))

&& (pkeyutl_config.key_type != KEY_PRIVKEY)) {

&& (cfg.key_type != KEY_PRIVKEY)) {

BIO_printf(bio_err,

"A private key is needed for this operation\n");

goto end;

}

if (!app_passwd(bio_err, pkeyutl_config.passargin, NULL, &passin,

if (!app_passwd(bio_err, cfg.passargin, NULL, &passin,

NULL)) {

BIO_printf(bio_err, "Error getting password\n");

goto end;

}

switch (pkeyutl_config.key_type) {

switch (cfg.key_type) {

case KEY_PRIVKEY:

pkey = load_key(bio_err, keyfile, pkeyutl_config.keyform, 0,

pkey = load_key(bio_err, keyfile, cfg.keyform, 0,

passin, "Private Key");

break;

case KEY_PUBKEY:

pkey = load_pubkey(bio_err, keyfile, pkeyutl_config.keyform, 0,

pkey = load_pubkey(bio_err, keyfile, cfg.keyform, 0,

NULL, "Public Key");

break;

case KEY_CERT:

x = load_cert(bio_err, keyfile, pkeyutl_config.keyform,

x = load_cert(bio_err, keyfile, cfg.keyform,

NULL, "Certificate");

if (x) {

pkey = X509_get_pubkey(x);

Line 440

break;

}

pkeyutl_config.keysize = EVP_PKEY_size(pkey);

cfg.keysize = EVP_PKEY_size(pkey);

if (!pkey)

goto end;

pkeyutl_config.ctx = EVP_PKEY_CTX_new(pkey, NULL);

cfg.ctx = EVP_PKEY_CTX_new(pkey, NULL);

EVP_PKEY_free(pkey);

if (!pkeyutl_config.ctx)

if (!cfg.ctx)

goto end;

switch (pkeyutl_config.pkey_op) {

switch (cfg.pkey_op) {

case EVP_PKEY_OP_SIGN:

rv = EVP_PKEY_sign_init(pkeyutl_config.ctx);

rv = EVP_PKEY_sign_init(cfg.ctx);

break;

case EVP_PKEY_OP_VERIFY:

rv = EVP_PKEY_verify_init(pkeyutl_config.ctx);

rv = EVP_PKEY_verify_init(cfg.ctx);

break;

case EVP_PKEY_OP_VERIFYRECOVER:

rv = EVP_PKEY_verify_recover_init(pkeyutl_config.ctx);

rv = EVP_PKEY_verify_recover_init(cfg.ctx);

break;

case EVP_PKEY_OP_ENCRYPT:

rv = EVP_PKEY_encrypt_init(pkeyutl_config.ctx);

rv = EVP_PKEY_encrypt_init(cfg.ctx);

break;

case EVP_PKEY_OP_DECRYPT:

rv = EVP_PKEY_decrypt_init(pkeyutl_config.ctx);

rv = EVP_PKEY_decrypt_init(cfg.ctx);

break;

case EVP_PKEY_OP_DERIVE:

rv = EVP_PKEY_derive_init(pkeyutl_config.ctx);

rv = EVP_PKEY_derive_init(cfg.ctx);

break;

}

if (rv <= 0) {

EVP_PKEY_CTX_free(pkeyutl_config.ctx);

EVP_PKEY_CTX_free(cfg.ctx);

pkeyutl_config.ctx = NULL;

cfg.ctx = NULL;

}

end:

free(passin);

if (!pkeyutl_config.ctx) {

if (!cfg.ctx) {

BIO_puts(bio_err, "Error initializing context\n");

ERR_print_errors(bio_err);

return (1);

Line 501

EVP_PKEY *peer = NULL;

int ret;

if (!pkeyutl_config.ctx) {

if (!cfg.ctx) {

BIO_puts(bio_err, "-peerkey command before -inkey\n");

return (1);

}

peer = load_pubkey(bio_err, file, pkeyutl_config.peerform, 0, NULL,

peer = load_pubkey(bio_err, file, cfg.peerform, 0, NULL,

"Peer Key");

if (!peer) {

Line 513

ERR_print_errors(bio_err);

return (1);

}

ret = EVP_PKEY_derive_set_peer(pkeyutl_config.ctx, peer);

ret = EVP_PKEY_derive_set_peer(cfg.ctx, peer);

EVP_PKEY_free(peer);

if (ret <= 0) {

Line 527

static int

pkeyutl_pkeyopt(char *pkeyopt)

{

if (!pkeyutl_config.ctx) {

if (!cfg.ctx) {

BIO_puts(bio_err, "-pkeyopt command before -inkey\n");

return (1);

} else if (pkey_ctrl_string(pkeyutl_config.ctx, pkeyopt) <= 0) {

} else if (pkey_ctrl_string(cfg.ctx, pkeyopt) <= 0) {

BIO_puts(bio_err, "parameter setting error\n");

ERR_print_errors(bio_err);

return (1);