X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpkey.c;h=0806b4e045bddd0f7a6e54f0f42cfa51295c0421;hp=f0930a74f0161598b2044601077b5566004927da;hb=909f1a2e510bb2909dc78efead432460c6ab50d2;hpb=b548a1f11c06ccdfa4f52a539912d22d77ee309e diff --git a/apps/pkey.c b/apps/pkey.c index f0930a74f0..0806b4e045 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -1,63 +1,16 @@ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006 - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -66,16 +19,16 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, - OPT_TEXT, OPT_NOOUT, OPT_MD + OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK } OPTION_CHOICE; -OPTIONS pkey_options[] = { +const OPTIONS pkey_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"}, + {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"}, {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"in", OPT_IN, '<', "Input file"}, + {"in", OPT_IN, 's', "Input key"}, {"out", OPT_OUT, '>', "Output file"}, {"pubin", OPT_PUBIN, '-', "Read public key from input (default is private key)"}, @@ -84,9 +37,13 @@ OPTIONS pkey_options[] = { {"text", OPT_TEXT, '-', "Output in plaintext as well"}, {"noout", OPT_NOOUT, '-', "Don't output the key"}, {"", OPT_MD, '-', "Any supported cipher"}, + {"traditional", OPT_TRADITIONAL, '-', + "Use traditional format for private keys"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"check", OPT_CHECK, '-', "Check key consistency"}, + {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"}, {NULL} }; @@ -101,6 +58,7 @@ int pkey_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1; + int private = 0, traditional = 0, check = 0, pub_check = 0; prog = opt_init(argc, argv, pkey_options); while ((o = opt_next()) != OPT_EOF) { @@ -115,7 +73,7 @@ int pkey_main(int argc, char **argv) ret = 0; goto end; case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) + if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) goto opthelp; break; case OPT_OUTFORM: @@ -152,20 +110,34 @@ int pkey_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; + case OPT_TRADITIONAL: + traditional = 1; + break; + case OPT_CHECK: + check = 1; + break; + case OPT_PUB_CHECK: + pub_check = 1; + break; case OPT_MD: if (!opt_cipher(opt_unknown(), &cipher)) goto opthelp; } } argc = opt_num_rest(); - argv = opt_rest(); + if (argc != 0) + goto opthelp; + + private = !noout && !pubout ? 1 : 0; + if (text && !pubtext) + private = 1; if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - out = bio_open_default(outfile, "wb"); + out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; @@ -173,39 +145,95 @@ int pkey_main(int argc, char **argv) pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(infile, informat, 1, passin, e, "key"); - if (!pkey) + if (pkey == NULL) goto end; + if (check || pub_check) { + int r; + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx == NULL) { + ERR_print_errors(bio_err); + goto end; + } + + if (check) + r = EVP_PKEY_check(ctx); + else + r = EVP_PKEY_public_check(ctx); + + if (r == 1) { + BIO_printf(out, "Key is valid\n"); + } else { + /* + * Note: at least for RSA keys if this function returns + * -1, there will be no error reasons. + */ + unsigned long err; + + BIO_printf(out, "Key is invalid\n"); + + while ((err = ERR_peek_error()) != 0) { + BIO_printf(out, "Detailed error: %s\n", + ERR_reason_error_string(err)); + ERR_get_error(); /* remove err from error stack */ + } + } + EVP_PKEY_CTX_free(ctx); + } + if (!noout) { if (outformat == FORMAT_PEM) { - if (pubout) - PEM_write_bio_PUBKEY(out, pkey); - else - PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout); + if (pubout) { + if (!PEM_write_bio_PUBKEY(out, pkey)) + goto end; + } else { + assert(private); + if (traditional) { + if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, + NULL, 0, NULL, + passout)) + goto end; + } else { + if (!PEM_write_bio_PrivateKey(out, pkey, cipher, + NULL, 0, NULL, passout)) + goto end; + } + } } else if (outformat == FORMAT_ASN1) { - if (pubout) - i2d_PUBKEY_bio(out, pkey); - else - i2d_PrivateKey_bio(out, pkey); + if (pubout) { + if (!i2d_PUBKEY_bio(out, pkey)) + goto end; + } else { + assert(private); + if (!i2d_PrivateKey_bio(out, pkey)) + goto end; + } } else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } - } if (text) { - if (pubtext) - EVP_PKEY_print_public(out, pkey, 0, NULL); - else - EVP_PKEY_print_private(out, pkey, 0, NULL); + if (pubtext) { + if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0) + goto end; + } else { + assert(private); + if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0) + goto end; + } } ret = 0; end: + if (ret != 0) + ERR_print_errors(bio_err); EVP_PKEY_free(pkey); + release_engine(e); BIO_free_all(out); BIO_free(in); OPENSSL_free(passin);