RFC4507 (including RFC4507bis) TLS stateless session resumption support

[openssl.git] / apps / req.c
diff --git a/apps/req.c b/apps/req.c

index 10879b066329ef77333f30e55fff40571dea4d4b..745ba7035f430d5ca688b98869bb07aaffe2bc67 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -144,9 +144,9 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
  static int genpkey_cb(EVP_PKEY_CTX *ctx);
  static int req_check_len(int len,int n_min,int n_max);
  static int check_end(const char *str, const char *end);
  static int genpkey_cb(EVP_PKEY_CTX *ctx);
  static int req_check_len(int len,int n_min,int n_max);
  static int check_end(const char *str, const char *end);
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
-                                       long *pkeylen, const char **palgnam,
-                                       ENGINE *e);
+static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
+                                       long *pkeylen, char **palgnam,
+                                       ENGINE *keygen_engine);
  #ifndef MONOLITH
  static char *default_config_file=NULL;
  #endif
  #ifndef MONOLITH
  static char *default_config_file=NULL;
  #endif
@@ -157,21 +157,17 @@ int MAIN(int, char **);
  
  int MAIN(int argc, char **argv)
         {
  
  int MAIN(int argc, char **argv)
         {
-       ENGINE *e = NULL;
-#ifndef OPENSSL_NO_DSA
-       DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-       EC_KEY *ec_params = NULL;
-#endif
+       ENGINE *e = NULL, *gen_eng = NULL;
         unsigned long nmflag = 0, reqflag = 0;
         int ex=1,x509=0,days=30;
         X509 *x509ss=NULL;
         X509_REQ *req=NULL;
         EVP_PKEY_CTX *genctx = NULL;
         unsigned long nmflag = 0, reqflag = 0;
         int ex=1,x509=0,days=30;
         X509 *x509ss=NULL;
         X509_REQ *req=NULL;
         EVP_PKEY_CTX *genctx = NULL;
-       const char *keyalgstr;
+       const char *keyalg = NULL;
+       char *keyalgstr = NULL;
+       STACK *pkeyopts = NULL;
         EVP_PKEY *pkey=NULL;
         EVP_PKEY *pkey=NULL;
-       int i=0,badops=0,newreq=0,verbose=0,pkey_type=EVP_PKEY_RSA;
+       int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
         long newkey = -1;
         BIO *in=NULL,*out=NULL;
         int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
         long newkey = -1;
         BIO *in=NULL,*out=NULL;
         int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
@@ -234,6 +230,16 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         engine= *(++argv);
                         }
                         if (--argc < 1) goto bad;
                         engine= *(++argv);
                         }
+               else if (strcmp(*argv,"-keygen_engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       gen_eng = ENGINE_by_id(*(++argv));
+                       if (gen_eng == NULL)
+                               {
+                               BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+                               goto end;
+                               }
+                       }
  #endif
                 else if (strcmp(*argv,"-key") == 0)
                         {
  #endif
                 else if (strcmp(*argv,"-key") == 0)
                         {
@@ -290,33 +296,19 @@ int MAIN(int argc, char **argv)
                         }
                 else if (strcmp(*argv,"-newkey") == 0)
                         {
                         }
                 else if (strcmp(*argv,"-newkey") == 0)
                         {
-
                         if (--argc < 1)
                                 goto bad;
                         if (--argc < 1)
                                 goto bad;
-
-                       genctx = set_keygen_ctx(bio_err, *(++argv), &newkey,
-                                                       &keyalgstr, e);
-
-                       if (!genctx)
-                               goto bad;
-
+                       keyalg = *(++argv);
                         newreq=1;
                         }
                 else if (strcmp(*argv,"-pkeyopt") == 0)
                         {
                         if (--argc < 1)
                                 goto bad;
                         newreq=1;
                         }
                 else if (strcmp(*argv,"-pkeyopt") == 0)
                         {
                         if (--argc < 1)
                                 goto bad;
-                       if (!genctx)
-                               {
-                               BIO_puts(bio_err, "No keytype specified\n");
+                       if (!pkeyopts)
+                               pkeyopts = sk_new_null();
+                       if (!pkeyopts || !sk_push(pkeyopts, *(++argv)))
                                 goto bad;
                                 goto bad;
-                               }
-                       else if (pkey_ctrl_string(genctx, *(++argv)) <= 0)
-                               {
-                               BIO_puts(bio_err, "parameter setting error\n");
-                               ERR_print_errors(bio_err);
-                               goto end;
-                               }
                         }
                 else if (strcmp(*argv,"-batch") == 0)
                         batch=1;
                         }
                 else if (strcmp(*argv,"-batch") == 0)
                         batch=1;
@@ -643,6 +635,14 @@ bad:
                 app_RAND_load_file(randfile, bio_err, 0);
                 if (inrand)
                         app_RAND_load_files(inrand);
                 app_RAND_load_file(randfile, bio_err, 0);
                 if (inrand)
                         app_RAND_load_files(inrand);
+
+               if (keyalg)
+                       {
+                       genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
+                                                       &keyalgstr, gen_eng);
+                       if (!genctx)
+                               goto end;
+                       }
         
                 if (newkey <= 0)
                         {
         
                 if (newkey <= 0)
                         {
@@ -659,12 +659,29 @@ bad:
  
                 if (!genctx)
                         {
  
                 if (!genctx)
                         {
-                       genctx = set_keygen_ctx(bio_err, NULL, &newkey,
-                                                       &keyalgstr, e);
+                       genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
+                                                       &keyalgstr, gen_eng);
                         if (!genctx)
                                 goto end;
                         }
  
                         if (!genctx)
                                 goto end;
                         }
  
+               if (pkeyopts)
+                       {
+                       char *genopt;
+                       for (i = 0; i < sk_num(pkeyopts); i++)
+                               {
+                               genopt = sk_value(pkeyopts, i);
+                               if (pkey_ctrl_string(genctx, genopt) <= 0)
+                                       {
+                                       BIO_printf(bio_err,
+                                               "parameter error \"%s\"\n",
+                                               genopt);
+                                       ERR_print_errors(bio_err);
+                                       goto end;
+                                       }
+                               }
+                       }
+
                 BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
                                 newkey, keyalgstr);
  
                 BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
                                 newkey, keyalgstr);
  
@@ -1008,7 +1025,7 @@ loop:
                         }
                 fprintf(stdout,"Modulus=");
  #ifndef OPENSSL_NO_RSA
                         }
                 fprintf(stdout,"Modulus=");
  #ifndef OPENSSL_NO_RSA
-               if (EVP_PKEY_base_id(tpubkey))
+               if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
                         BN_print(out,tpubkey->pkey.rsa->n);
                 else
  #endif
                         BN_print(out,tpubkey->pkey.rsa->n);
                 else
  #endif
@@ -1066,18 +1083,20 @@ end:
         EVP_PKEY_free(pkey);
         if (genctx)
                 EVP_PKEY_CTX_free(genctx);
         EVP_PKEY_free(pkey);
         if (genctx)
                 EVP_PKEY_CTX_free(genctx);
+       if (pkeyopts)
+               sk_free(pkeyopts);
+#ifndef OPENSSL_NO_ENGINE
+       if (gen_eng)
+               ENGINE_free(gen_eng);
+#endif
+       if (keyalgstr)
+               OPENSSL_free(keyalgstr);
         X509_REQ_free(req);
         X509_free(x509ss);
         ASN1_INTEGER_free(serial);
         if(passargin && passin) OPENSSL_free(passin);
         if(passargout && passout) OPENSSL_free(passout);
         OBJ_cleanup();
         X509_REQ_free(req);
         X509_free(x509ss);
         ASN1_INTEGER_free(serial);
         if(passargin && passin) OPENSSL_free(passin);
         if(passargout && passout) OPENSSL_free(passout);
         OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
-       if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-       if (ec_params != NULL) EC_KEY_free(ec_params);
-#endif
         apps_shutdown();
         OPENSSL_EXIT(ex);
         }
         apps_shutdown();
         OPENSSL_EXIT(ex);
         }
@@ -1551,25 +1570,24 @@ static int check_end(const char *str, const char *end)
         return strcmp(tmp, end);
  }
  
         return strcmp(tmp, end);
  }
  
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
-                                       long *pkeylen, const char **palgnam,
-                                       ENGINE *e)
+static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
+                                       long *pkeylen, char **palgnam,
+                                       ENGINE *keygen_engine)
         {
         EVP_PKEY_CTX *gctx = NULL;
         EVP_PKEY *param = NULL;
         long keylen = -1;
         {
         EVP_PKEY_CTX *gctx = NULL;
         EVP_PKEY *param = NULL;
         long keylen = -1;
-       int pkey_type = -1;
         BIO *pbio = NULL;
         const char *paramfile = NULL;
  
         if (gstr == NULL)
                 {
         BIO *pbio = NULL;
         const char *paramfile = NULL;
  
         if (gstr == NULL)
                 {
-               pkey_type = EVP_PKEY_RSA;
+               *pkey_type = EVP_PKEY_RSA;
                 keylen = *pkeylen;
                 }
         else if (gstr[0] >= '0' && gstr[0] <= '9')
                 {
                 keylen = *pkeylen;
                 }
         else if (gstr[0] >= '0' && gstr[0] <= '9')
                 {
-               pkey_type = EVP_PKEY_RSA;
+               *pkey_type = EVP_PKEY_RSA;
                 keylen = atol(gstr);
                 *pkeylen = keylen;
                 }
                 keylen = atol(gstr);
                 *pkeylen = keylen;
                 }
@@ -1579,14 +1597,18 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
                 {
                 const char *p = strchr(gstr, ':');
                 int len;
                 {
                 const char *p = strchr(gstr, ':');
                 int len;
+               ENGINE *tmpeng;
                 const EVP_PKEY_ASN1_METHOD *ameth;
  
                 if (p)
                         len = p - gstr;
                 else
                         len = strlen(gstr);
                 const EVP_PKEY_ASN1_METHOD *ameth;
  
                 if (p)
                         len = p - gstr;
                 else
                         len = strlen(gstr);
+               /* The lookup of a the string will cover all engines so
+                * keep a note of the implementation.
+                */
  
  
-               ameth = EVP_PKEY_asn1_find_str(gstr, len);
+               ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
  
                 if (!ameth)
                         {
  
                 if (!ameth)
                         {
@@ -1594,9 +1616,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
                         return NULL;
                         }
  
                         return NULL;
                         }
  
-               EVP_PKEY_asn1_get0_info(NULL, &pkey_type, NULL, NULL, NULL,
-                                               ameth);
-               if (pkey_type == EVP_PKEY_RSA)
+               EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
+                                                                       ameth);
+#ifndef OPENSSL_NO_ENGINE
+               if (tmpeng)
+                       ENGINE_finish(tmpeng);
+#endif
+               if (*pkey_type == EVP_PKEY_RSA)
                         {
                         if (p)
                                 {
                         {
                         if (p)
                                 {
@@ -1639,9 +1665,9 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
                                         paramfile);
                         return NULL;
                         }
                                         paramfile);
                         return NULL;
                         }
-               if (pkey_type == -1)
-                       pkey_type = EVP_PKEY_id(param);
-               else if (pkey_type != EVP_PKEY_base_id(param))
+               if (*pkey_type == -1)
+                       *pkey_type = EVP_PKEY_id(param);
+               else if (*pkey_type != EVP_PKEY_base_id(param))
                         {
                         BIO_printf(err, "Key Type does not match parameters\n");
                         EVP_PKEY_free(param);
                         {
                         BIO_printf(err, "Key Type does not match parameters\n");
                         EVP_PKEY_free(param);
@@ -1652,24 +1678,30 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
         if (palgnam)
                 {
                 const EVP_PKEY_ASN1_METHOD *ameth;
         if (palgnam)
                 {
                 const EVP_PKEY_ASN1_METHOD *ameth;
-               ameth = EVP_PKEY_asn1_find(pkey_type);
+               ENGINE *tmpeng;
+               const char *anam;
+               ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
                 if (!ameth)
                         {
                         BIO_puts(err, "Internal error: can't find key algorithm\n");
                         return NULL;
                         }
                 if (!ameth)
                         {
                         BIO_puts(err, "Internal error: can't find key algorithm\n");
                         return NULL;
                         }
-               EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, palgnam,
-                                               ameth);
+               EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+               *palgnam = BUF_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+               if (tmpeng)
+                       ENGINE_finish(tmpeng);
+#endif
                 }
  
         if (param)
                 {
                 }
  
         if (param)
                 {
-               gctx = EVP_PKEY_CTX_new(param, e);
+               gctx = EVP_PKEY_CTX_new(param, keygen_engine);
                 *pkeylen = EVP_PKEY_bits(param);
                 EVP_PKEY_free(param);
                 }
         else
                 *pkeylen = EVP_PKEY_bits(param);
                 EVP_PKEY_free(param);
                 }
         else
-               gctx = EVP_PKEY_CTX_new_id(pkey_type, e);
+               gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
  
         if (!gctx)
                 {
  
         if (!gctx)
                 {
@@ -1685,7 +1717,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
                 return NULL;
                 }
  
                 return NULL;
                 }
  
-       if ((pkey_type == EVP_PKEY_RSA) && (keylen != -1))
+       if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
                 {
                 if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
                         {
                 {
                 if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
                         {