#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
+#include <openssl/encoder.h>
+#include <openssl/core_names.h>
+#include <openssl/core_dispatch.h>
+
+#ifndef OPENSSL_NO_RC4
+# define DEFAULT_PVK_ENCR_STRENGTH 2
+#else
+# define DEFAULT_PVK_ENCR_STRENGTH 0
+#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
- DSA *dsa = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
const EVP_CIPHER *enc = NULL;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
- int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
-#ifndef OPENSSL_NO_RC4
- int pvk_encr = 2;
-#endif
+ int modulus = 0, pubin = 0, pubout = 0, ret = 1;
+ int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
int private = 0;
+ const char *output_type = NULL;
+ const char *output_structure = NULL;
+ int selection = 0;
+ OSSL_ENCODER_CTX *ectx = NULL;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
else
pkey = load_key(infile, informat, 1, passin, e, "private key");
- if (pkey != NULL)
- dsa = EVP_PKEY_get1_DSA(pkey);
-
- if (dsa == NULL) {
+ if (pkey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
+ if (!EVP_PKEY_is_a(pkey, "DSA")) {
+ BIO_printf(bio_err, "Not a DSA key\n");
+ goto end;
+ }
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
}
if (modulus) {
- const BIGNUM *pub_key = NULL;
- DSA_get0_key(dsa, &pub_key, NULL);
+ BIGNUM *pub_key = NULL;
+
+ if (!EVP_PKEY_get_bn_param(pkey, "pub", &pub_key)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
BIO_printf(out, "Public Key=");
BN_print(out, pub_key);
BIO_printf(out, "\n");
+ BN_free(pub_key);
}
if (noout) {
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
- if (pubin || pubout) {
- i = i2d_DSA_PUBKEY_bio(out, dsa);
- } else {
- assert(private);
- i = i2d_DSAPrivateKey_bio(out, dsa);
- }
+ output_type = "DER";
} else if (outformat == FORMAT_PEM) {
- if (pubin || pubout) {
- i = PEM_write_bio_DSA_PUBKEY(out, dsa);
- } else {
- assert(private);
- i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
- NULL, 0, NULL, passout);
- }
-#ifndef OPENSSL_NO_RSA
- } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
- EVP_PKEY *pk;
- pk = EVP_PKEY_new();
- if (pk == NULL)
- goto end;
-
- EVP_PKEY_set1_DSA(pk, dsa);
- if (outformat == FORMAT_PVK) {
- if (pubin) {
- BIO_printf(bio_err, "PVK form impossible with public key input\n");
- EVP_PKEY_free(pk);
- goto end;
- }
- assert(private);
-# ifdef OPENSSL_NO_RC4
- BIO_printf(bio_err, "PVK format not supported\n");
- EVP_PKEY_free(pk);
+ output_type = "PEM";
+ } else if (outformat == FORMAT_MSBLOB) {
+ output_type = "MSBLOB";
+ } else if (outformat == FORMAT_PVK) {
+ if (pubin) {
+ BIO_printf(bio_err, "PVK form impossible with public key input\n");
goto end;
-# else
- i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-# endif
- } else if (pubin || pubout) {
- i = i2b_PublicKey_bio(out, pk);
- } else {
- assert(private);
- i = i2b_PrivateKey_bio(out, pk);
}
- EVP_PKEY_free(pk);
-#endif
+ output_type = "PVK";
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
- if (i <= 0) {
- BIO_printf(bio_err, "unable to write private key\n");
- ERR_print_errors(bio_err);
+
+ if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) {
+ if (pubout || pubin)
+ output_structure = "SubjectPublicKeyInfo";
+ else
+ output_structure = "type-specific";
+ }
+
+ /* Select what you want in the output */
+ if (pubout || pubin) {
+ selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ } else {
+ assert(private);
+ selection = (OSSL_KEYMGMT_SELECT_KEYPAIR
+ | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+ }
+
+ /* Perform the encoding */
+ ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, output_type,
+ output_structure, NULL);
+ if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
+ BIO_printf(bio_err, "%s format not supported\n", output_type);
+ goto end;
+ }
+
+ /* PVK requires a bit more */
+ if (outformat == FORMAT_PVK) {
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr);
+ if (!OSSL_ENCODER_CTX_set_params(ectx, params)) {
+ BIO_printf(bio_err, "invalid PVK encryption level\n");
+ goto end;
+ }
+ }
+
+ if (!OSSL_ENCODER_to_bio(ectx, out)) {
+ BIO_printf(bio_err, "unable to write key\n");
goto end;
}
ret = 0;
end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ OSSL_ENCODER_CTX_free(ectx);
BIO_free_all(out);
EVP_PKEY_free(pkey);
- DSA_free(dsa);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
{
ENGINE *e = NULL;
BIO *out = NULL, *in = NULL;
- DSA *dsa = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *enc = NULL;
goto end;
}
- in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
- if (in == NULL)
- goto end2;
-
- if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
- BIO_printf(bio_err, "unable to load DSA parameter file\n");
- goto end;
- }
- BIO_free(in);
- in = NULL;
+ pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end2;
- DSA_get0_pqg(dsa, &p, NULL, NULL);
-
- if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+ if (EVP_PKEY_bits(pkey) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
- OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
+ OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_bits(pkey));
- pkey = EVP_PKEY_new();
- if (pkey == NULL) {
- BIO_printf(bio_err, "unable to allocate PKEY\n");
- goto end;
- }
- if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
- BIO_printf(bio_err, "unable to associate DSA parameters with PKEY\n");
- goto end;
- }
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (ctx == NULL) {
BIO_printf(bio_err, "unable to create PKEY context\n");
end2:
BIO_free(in);
BIO_free_all(out);
- DSA_free(dsa);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
release_engine(e);
*/
#include <openssl/core_dispatch.h>
+#ifndef OPENSSL_NO_RC4
+# define DEFAULT_PVK_ENCR_STRENGTH 2
+#else
+# define DEFAULT_PVK_ENCR_STRENGTH 0
+#endif
+
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
{"traditional", OPT_TRADITIONAL, '-',
"Use traditional format for private keys"},
+#ifndef OPENSSL_NO_RC4
OPT_SECTION("PVK"),
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+#endif
OPT_PROV_OPTIONS,
{NULL}
int private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
- int pvk_encr = 2;
+ int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
OPTION_CHOICE o;
int traditional = 0;
const char *output_type = NULL;