X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Freq.c;h=745ba7035f430d5ca688b98869bb07aaffe2bc67;hp=10879b066329ef77333f30e55fff40571dea4d4b;hb=6434abbfc6ac0d5cb882844ed10fef5821039cf6;hpb=959e8dfe06cccb3422d8b593a8e569b121d321ca diff --git a/apps/req.c b/apps/req.c index 10879b0663..745ba7035f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -144,9 +144,9 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, static int genpkey_cb(EVP_PKEY_CTX *ctx); static int req_check_len(int len,int n_min,int n_max); static int check_end(const char *str, const char *end); -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, - long *pkeylen, const char **palgnam, - ENGINE *e); +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine); #ifndef MONOLITH static char *default_config_file=NULL; #endif @@ -157,21 +157,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - ENGINE *e = NULL; -#ifndef OPENSSL_NO_DSA - DSA *dsa_params=NULL; -#endif -#ifndef OPENSSL_NO_ECDSA - EC_KEY *ec_params = NULL; -#endif + ENGINE *e = NULL, *gen_eng = NULL; unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; EVP_PKEY_CTX *genctx = NULL; - const char *keyalgstr; + const char *keyalg = NULL; + char *keyalgstr = NULL; + STACK *pkeyopts = NULL; EVP_PKEY *pkey=NULL; - int i=0,badops=0,newreq=0,verbose=0,pkey_type=EVP_PKEY_RSA; + int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; @@ -234,6 +230,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine= *(++argv); } + else if (strcmp(*argv,"-keygen_engine") == 0) + { + if (--argc < 1) goto bad; + gen_eng = ENGINE_by_id(*(++argv)); + if (gen_eng == NULL) + { + BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); + goto end; + } + } #endif else if (strcmp(*argv,"-key") == 0) { @@ -290,33 +296,19 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-newkey") == 0) { - if (--argc < 1) goto bad; - - genctx = set_keygen_ctx(bio_err, *(++argv), &newkey, - &keyalgstr, e); - - if (!genctx) - goto bad; - + keyalg = *(++argv); newreq=1; } else if (strcmp(*argv,"-pkeyopt") == 0) { if (--argc < 1) goto bad; - if (!genctx) - { - BIO_puts(bio_err, "No keytype specified\n"); + if (!pkeyopts) + pkeyopts = sk_new_null(); + if (!pkeyopts || !sk_push(pkeyopts, *(++argv))) goto bad; - } - else if (pkey_ctrl_string(genctx, *(++argv)) <= 0) - { - BIO_puts(bio_err, "parameter setting error\n"); - ERR_print_errors(bio_err); - goto end; - } } else if (strcmp(*argv,"-batch") == 0) batch=1; @@ -643,6 +635,14 @@ bad: app_RAND_load_file(randfile, bio_err, 0); if (inrand) app_RAND_load_files(inrand); + + if (keyalg) + { + genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, + &keyalgstr, gen_eng); + if (!genctx) + goto end; + } if (newkey <= 0) { @@ -659,12 +659,29 @@ bad: if (!genctx) { - genctx = set_keygen_ctx(bio_err, NULL, &newkey, - &keyalgstr, e); + genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, + &keyalgstr, gen_eng); if (!genctx) goto end; } + if (pkeyopts) + { + char *genopt; + for (i = 0; i < sk_num(pkeyopts); i++) + { + genopt = sk_value(pkeyopts, i); + if (pkey_ctrl_string(genctx, genopt) <= 0) + { + BIO_printf(bio_err, + "parameter error \"%s\"\n", + genopt); + ERR_print_errors(bio_err); + goto end; + } + } + } + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", newkey, keyalgstr); @@ -1008,7 +1025,7 @@ loop: } fprintf(stdout,"Modulus="); #ifndef OPENSSL_NO_RSA - if (EVP_PKEY_base_id(tpubkey)) + if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) BN_print(out,tpubkey->pkey.rsa->n); else #endif @@ -1066,18 +1083,20 @@ end: EVP_PKEY_free(pkey); if (genctx) EVP_PKEY_CTX_free(genctx); + if (pkeyopts) + sk_free(pkeyopts); +#ifndef OPENSSL_NO_ENGINE + if (gen_eng) + ENGINE_free(gen_eng); +#endif + if (keyalgstr) + OPENSSL_free(keyalgstr); X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); if(passargin && passin) OPENSSL_free(passin); if(passargout && passout) OPENSSL_free(passout); OBJ_cleanup(); -#ifndef OPENSSL_NO_DSA - if (dsa_params != NULL) DSA_free(dsa_params); -#endif -#ifndef OPENSSL_NO_ECDSA - if (ec_params != NULL) EC_KEY_free(ec_params); -#endif apps_shutdown(); OPENSSL_EXIT(ex); } @@ -1551,25 +1570,24 @@ static int check_end(const char *str, const char *end) return strcmp(tmp, end); } -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, - long *pkeylen, const char **palgnam, - ENGINE *e) +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine) { EVP_PKEY_CTX *gctx = NULL; EVP_PKEY *param = NULL; long keylen = -1; - int pkey_type = -1; BIO *pbio = NULL; const char *paramfile = NULL; if (gstr == NULL) { - pkey_type = EVP_PKEY_RSA; + *pkey_type = EVP_PKEY_RSA; keylen = *pkeylen; } else if (gstr[0] >= '0' && gstr[0] <= '9') { - pkey_type = EVP_PKEY_RSA; + *pkey_type = EVP_PKEY_RSA; keylen = atol(gstr); *pkeylen = keylen; } @@ -1579,14 +1597,18 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, { const char *p = strchr(gstr, ':'); int len; + ENGINE *tmpeng; const EVP_PKEY_ASN1_METHOD *ameth; if (p) len = p - gstr; else len = strlen(gstr); + /* The lookup of a the string will cover all engines so + * keep a note of the implementation. + */ - ameth = EVP_PKEY_asn1_find_str(gstr, len); + ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); if (!ameth) { @@ -1594,9 +1616,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, return NULL; } - EVP_PKEY_asn1_get0_info(NULL, &pkey_type, NULL, NULL, NULL, - ameth); - if (pkey_type == EVP_PKEY_RSA) + EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, + ameth); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif + if (*pkey_type == EVP_PKEY_RSA) { if (p) { @@ -1639,9 +1665,9 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, paramfile); return NULL; } - if (pkey_type == -1) - pkey_type = EVP_PKEY_id(param); - else if (pkey_type != EVP_PKEY_base_id(param)) + if (*pkey_type == -1) + *pkey_type = EVP_PKEY_id(param); + else if (*pkey_type != EVP_PKEY_base_id(param)) { BIO_printf(err, "Key Type does not match parameters\n"); EVP_PKEY_free(param); @@ -1652,24 +1678,30 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, if (palgnam) { const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_find(pkey_type); + ENGINE *tmpeng; + const char *anam; + ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); if (!ameth) { BIO_puts(err, "Internal error: can't find key algorithm\n"); return NULL; } - EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, palgnam, - ameth); + EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); + *palgnam = BUF_strdup(anam); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif } if (param) { - gctx = EVP_PKEY_CTX_new(param, e); + gctx = EVP_PKEY_CTX_new(param, keygen_engine); *pkeylen = EVP_PKEY_bits(param); EVP_PKEY_free(param); } else - gctx = EVP_PKEY_CTX_new_id(pkey_type, e); + gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); if (!gctx) { @@ -1685,7 +1717,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, return NULL; } - if ((pkey_type == EVP_PKEY_RSA) && (keylen != -1)) + if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {