/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE
+ OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
+ OPT_ENGINE, OPT_CHECK
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ {"check", OPT_CHECK, '-', "Check key param consistency"},
{NULL}
};
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
EVP_PKEY *pkey = NULL;
- int text = 0, noout = 0, ret = 1;
+ int text = 0, noout = 0, ret = 1, check = 0;
OPTION_CHOICE o;
char *infile = NULL, *outfile = NULL, *prog;
case OPT_NOOUT:
noout = 1;
break;
+ case OPT_CHECK:
+ check = 1;
+ break;
}
}
argc = opt_num_rest();
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters(in, NULL);
- if (!pkey) {
+ if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
}
+ if (check) {
+ int r;
+ EVP_PKEY_CTX *ctx;
+
+ ctx = EVP_PKEY_CTX_new(pkey, e);
+ if (ctx == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ r = EVP_PKEY_param_check(ctx);
+
+ if (r == 1) {
+ BIO_printf(out, "Parameters are valid\n");
+ } else {
+ /*
+ * Note: at least for RSA keys if this function returns
+ * -1, there will be no error reasons.
+ */
+ unsigned long err;
+
+ BIO_printf(out, "Parameters are invalid\n");
+
+ while ((err = ERR_peek_error()) != 0) {
+ BIO_printf(out, "Detailed error: %s\n",
+ ERR_reason_error_string(err));
+ ERR_get_error(); /* remove err from error stack */
+ }
+ }
+ EVP_PKEY_CTX_free(ctx);
+ }
+
if (!noout)
PEM_write_bio_Parameters(out, pkey);