/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
+
#include <stdio.h>
#include <string.h>
#include "apps.h"
+#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
-static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int quiet;
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
+ OSSL_LIB_CTX *libctx, const char *propq);
typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_COMMON,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
- OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
+ OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
+ OPT_QUIET, OPT_CONFIG,
+ OPT_PROV_ENUM
} OPTION_CHOICE;
-OPTIONS genpkey_options[] = {
+const OPTIONS genpkey_options[] = {
+ OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
- {"pass", OPT_PASS, 's', "Output file pass phrase source"},
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+ {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"},
{"pkeyopt", OPT_PKEYOPT, 's',
"Set the public key algorithm option as opt:value"},
+ OPT_CONFIG_OPTION,
+
+ OPT_SECTION("Output"),
+ {"out", OPT_OUT, '>', "Output file"},
+ {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
+ {"pass", OPT_PASS, 's', "Output file pass phrase source"},
{"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
+
+ OPT_PROV_OPTIONS,
+
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
int genpkey_main(int argc, char **argv)
{
+ CONF *conf = NULL;
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
- char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
- const EVP_CIPHER *cipher = NULL;
+ char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog, *p;
+ const char *ciphername = NULL, *paramfile = NULL, *algname = NULL;
+ EVP_CIPHER *cipher = NULL;
OPTION_CHOICE o;
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
- int private = 0;
+ int private = 0, i;
+ OSSL_LIB_CTX *libctx = app_get0_libctx();
+ STACK_OF(OPENSSL_STRING) *keyopt = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genpkey_options);
+ keyopt = sk_OPENSSL_STRING_new_null();
+ if (keyopt == NULL)
+ goto end;
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
- if (!init_keygen_file(&ctx, opt_arg(), e))
- goto end;
+ paramfile = opt_arg();
break;
case OPT_ALGORITHM:
- if (!init_gen_str(&ctx, opt_arg(), e, do_param))
- goto end;
+ algname = opt_arg();
break;
case OPT_PKEYOPT:
- if (ctx == NULL) {
- BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
- goto opthelp;
- }
- if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
- BIO_printf(bio_err,
- "%s: Error setting %s parameter:\n",
- prog, opt_arg());
- ERR_print_errors(bio_err);
+ if (!sk_OPENSSL_STRING_push(keyopt, opt_arg()))
goto end;
- }
+ break;
+ case OPT_QUIET:
+ quiet = 1;
break;
case OPT_GENPARAM:
- if (ctx != NULL)
- goto opthelp;
do_param = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &cipher)
- || do_param == 1)
- goto opthelp;
+ ciphername = opt_unknown();
+ break;
+ case OPT_CONFIG:
+ conf = app_load_config_modules(opt_arg());
+ if (conf == NULL)
+ goto end;
+ break;
+ case OPT_PROV_CASES:
+ if (!opt_provider(o))
+ goto end;
+ break;
}
}
- argc = opt_num_rest();
- argv = opt_rest();
- private = do_param ? 0 : 1;
+ /* No extra arguments. */
+ if (!opt_check_rest_arg(NULL))
+ goto opthelp;
+
+ /* Fetch cipher, etc. */
+ if (paramfile != NULL) {
+ if (!init_keygen_file(&ctx, paramfile, e, libctx, app_get0_propq()))
+ goto end;
+ }
+ if (algname != NULL) {
+ if (!init_gen_str(&ctx, algname, e, do_param, libctx, app_get0_propq()))
+ goto end;
+ }
if (ctx == NULL)
goto opthelp;
+ for (i = 0; i < sk_OPENSSL_STRING_num(keyopt); i++) {
+ p = sk_OPENSSL_STRING_value(keyopt, i);
+ if (pkey_ctrl_string(ctx, p) <= 0) {
+ BIO_printf(bio_err, "%s: Error setting %s parameter:\n", prog, p);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (!opt_cipher(ciphername, &cipher))
+ goto opthelp;
+ if (ciphername != NULL && do_param == 1) {
+ BIO_printf(bio_err, "Cannot use cipher with -genparam option\n");
+ goto opthelp;
+ }
+
+ private = do_param ? 0 : 1;
+
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
- if (!app_load_modules(NULL))
- goto end;
-
- out = bio_open_owner(outfile, "wb", private);
+ out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
- EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
+ if (!quiet)
+ EVP_PKEY_CTX_set_cb(ctx, progress_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
- if (do_param) {
- if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
- BIO_puts(bio_err, "Error generating parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
- BIO_puts(bio_err, "Error generating key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
+ pkey = do_param ? app_paramgen(ctx, algname)
+ : app_keygen(ctx, algname, 0, 0 /* not verbose */);
- if (do_param)
+ if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);
- else if (outformat == FORMAT_PEM) {
+ } else if (outformat == FORMAT_PEM) {
assert(private);
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
} else if (outformat == FORMAT_ASN1) {
goto end;
}
+ ret = 0;
+
if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n");
- ERR_print_errors(bio_err);
+ ret = 1;
}
if (text) {
if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n");
- ERR_print_errors(bio_err);
+ ret = 1;
}
}
- ret = 0;
-
end:
+ sk_OPENSSL_STRING_free(keyopt);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
+ EVP_CIPHER_free(cipher);
BIO_free_all(out);
BIO_free(in);
+ release_engine(e);
OPENSSL_free(pass);
-
+ NCONF_free(conf);
return ret;
}
-static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
}
pbio = BIO_new_file(file, "r");
- if (!pbio) {
+ if (pbio == NULL) {
BIO_printf(bio_err, "Can't open parameter file %s\n", file);
return 0;
}
- pkey = PEM_read_bio_Parameters(pbio, NULL);
+ pkey = PEM_read_bio_Parameters_ex(pbio, NULL, libctx, propq);
BIO_free(pbio);
- if (!pkey) {
+ if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
- ctx = EVP_PKEY_CTX_new(pkey, e);
- if (!ctx)
+ if (e != NULL)
+ ctx = EVP_PKEY_CTX_new(pkey, e);
+ else
+ ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
+ if (ctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
int init_gen_str(EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param)
+ const char *algname, ENGINE *e, int do_param,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *tmpeng = NULL;
int pkey_id;
if (*pctx) {
return 0;
}
- ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
-
-#ifndef OPENSSL_NO_ENGINE
- if (!ameth && e)
- ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
+ pkey_id = get_legacy_pkey_id(libctx, algname, e);
+ if (pkey_id != NID_undef)
+ ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
+ else
+ ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
- if (!ameth) {
- BIO_printf(bio_err, "Algorithm %s not found\n", algname);
- return 0;
- }
-
- ERR_clear_error();
-
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-#ifndef OPENSSL_NO_ENGINE
- if (tmpeng)
- ENGINE_finish(tmpeng);
-#endif
- ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-
- if (!ctx)
+ if (ctx == NULL)
goto err;
if (do_param) {
if (EVP_PKEY_paramgen_init(ctx) <= 0)
}
-static int genpkey_cb(EVP_PKEY_CTX *ctx)
-{
- char c = '*';
- BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
- int p;
- p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
- if (p == 0)
- c = '.';
- if (p == 1)
- c = '+';
- if (p == 2)
- c = '*';
- if (p == 3)
- c = '\n';
- BIO_write(b, &c, 1);
- (void)BIO_flush(b);
- return 1;
-}
projects / openssl.git / blobdiff