| pkeyutl.c (256281) | pkeyutl.c (280304) |
|---|---|
| 1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2 * project 2006. | 1/* 2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 3 * 2006. |
| 3 */ 4/* ==================================================================== 5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright | 4 */ 5/* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright |
| 12 * notice, this list of conditions and the following disclaimer. | 13 * notice, this list of conditions and the following disclaimer. |
| 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * 3. All advertising materials mentioning features or use of this 20 * software must display the following acknowledgment: --- 29 unchanged lines hidden (view full) --- 50 * ==================================================================== 51 * 52 * This product includes cryptographic software written by Eric Young 53 * (eay@cryptsoft.com). This product includes software written by Tim 54 * Hudson (tjh@cryptsoft.com). 55 * 56 */ 57 | 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: --- 29 unchanged lines hidden (view full) --- 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 |
| 58 | |
| 59#include "apps.h" 60#include <string.h> 61#include <openssl/err.h> 62#include <openssl/pem.h> 63#include <openssl/evp.h> 64 | 59#include "apps.h" 60#include <string.h> 61#include <openssl/err.h> 62#include <openssl/pem.h> 63#include <openssl/evp.h> 64 |
| 65#define KEY_PRIVKEY 1 66#define KEY_PUBKEY 2 67#define KEY_CERT 3 | 65#define KEY_PRIVKEY 1 66#define KEY_PUBKEY 2 67#define KEY_CERT 3 |
| 68 69static void usage(void); 70 71#undef PROG 72 73#define PROG pkeyutl_main 74 75static EVP_PKEY_CTX *init_ctx(int *pkeysize, | 68 69static void usage(void); 70 71#undef PROG 72 73#define PROG pkeyutl_main 74 75static EVP_PKEY_CTX *init_ctx(int *pkeysize, |
| 76 char *keyfile, int keyform, int key_type, 77 char *passargin, int pkey_op, ENGINE *e); | 76 char *keyfile, int keyform, int key_type, 77 char *passargin, int pkey_op, ENGINE *e); |
| 78 79static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, | 78 79static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, |
| 80 const char *file); | 80 const char *file); |
| 81 82static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, | 81 82static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, |
| 83 unsigned char *out, size_t *poutlen, 84 unsigned char *in, size_t inlen); | 83 unsigned char *out, size_t *poutlen, 84 unsigned char *in, size_t inlen); |
| 85 86int MAIN(int argc, char **); 87 88int MAIN(int argc, char **argv) 89{ | 85 86int MAIN(int argc, char **); 87 88int MAIN(int argc, char **argv) 89{ |
| 90 BIO *in = NULL, *out = NULL; 91 char *infile = NULL, *outfile = NULL, *sigfile = NULL; 92 ENGINE *e = NULL; 93 int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; 94 int keyform = FORMAT_PEM, peerform = FORMAT_PEM; 95 char badarg = 0, rev = 0; 96 char hexdump = 0, asn1parse = 0; 97 EVP_PKEY_CTX *ctx = NULL; 98 char *passargin = NULL; 99 int keysize = -1; | 90 BIO *in = NULL, *out = NULL; 91 char *infile = NULL, *outfile = NULL, *sigfile = NULL; 92 ENGINE *e = NULL; 93 int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; 94 int keyform = FORMAT_PEM, peerform = FORMAT_PEM; 95 char badarg = 0, rev = 0; 96 char hexdump = 0, asn1parse = 0; 97 EVP_PKEY_CTX *ctx = NULL; 98 char *passargin = NULL; 99 int keysize = -1; |
| 100 | 100 |
| 101 unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; 102 size_t buf_outlen; 103 int buf_inlen = 0, siglen = -1; | 101 unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; 102 size_t buf_outlen; 103 int buf_inlen = 0, siglen = -1; |
| 104 | 104 |
| 105 int ret = 1, rv = -1; | 105 int ret = 1, rv = -1; |
| 106 | 106 |
| 107 argc--; 108 argv++; | 107 argc--; 108 argv++; |
| 109 | 109 |
| 110 if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); | 110 if (!bio_err) 111 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
| 111 | 112 |
| 112 if (!load_config(bio_err, NULL)) 113 goto end; 114 ERR_load_crypto_strings(); 115 OpenSSL_add_all_algorithms(); 116 117 while(argc >= 1) 118 { 119 if (!strcmp(*argv,"-in")) 120 { 121 if (--argc < 1) badarg = 1; 122 else infile= *(++argv); 123 } 124 else if (!strcmp(*argv,"-out")) 125 { 126 if (--argc < 1) badarg = 1; 127 else outfile= *(++argv); 128 } 129 else if (!strcmp(*argv,"-sigfile")) 130 { 131 if (--argc < 1) badarg = 1; 132 else sigfile= *(++argv); 133 } 134 else if(!strcmp(*argv, "-inkey")) 135 { 136 if (--argc < 1) 137 badarg = 1; 138 else 139 { 140 ctx = init_ctx(&keysize, 141 *(++argv), keyform, key_type, 142 passargin, pkey_op, e); 143 if (!ctx) 144 { 145 BIO_puts(bio_err, 146 "Error initializing context\n"); 147 ERR_print_errors(bio_err); 148 badarg = 1; 149 } 150 } 151 } 152 else if (!strcmp(*argv,"-peerkey")) 153 { 154 if (--argc < 1) 155 badarg = 1; 156 else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) 157 badarg = 1; 158 } 159 else if (!strcmp(*argv,"-passin")) 160 { 161 if (--argc < 1) badarg = 1; 162 else passargin= *(++argv); 163 } 164 else if (strcmp(*argv,"-peerform") == 0) 165 { 166 if (--argc < 1) badarg = 1; 167 else peerform=str2fmt(*(++argv)); 168 } 169 else if (strcmp(*argv,"-keyform") == 0) 170 { 171 if (--argc < 1) badarg = 1; 172 else keyform=str2fmt(*(++argv)); 173 } | 113 if (!load_config(bio_err, NULL)) 114 goto end; 115 ERR_load_crypto_strings(); 116 OpenSSL_add_all_algorithms(); 117 118 while (argc >= 1) { 119 if (!strcmp(*argv, "-in")) { 120 if (--argc < 1) 121 badarg = 1; 122 else 123 infile = *(++argv); 124 } else if (!strcmp(*argv, "-out")) { 125 if (--argc < 1) 126 badarg = 1; 127 else 128 outfile = *(++argv); 129 } else if (!strcmp(*argv, "-sigfile")) { 130 if (--argc < 1) 131 badarg = 1; 132 else 133 sigfile = *(++argv); 134 } else if (!strcmp(*argv, "-inkey")) { 135 if (--argc < 1) 136 badarg = 1; 137 else { 138 ctx = init_ctx(&keysize, 139 *(++argv), keyform, key_type, 140 passargin, pkey_op, e); 141 if (!ctx) { 142 BIO_puts(bio_err, "Error initializing context\n"); 143 ERR_print_errors(bio_err); 144 badarg = 1; 145 } 146 } 147 } else if (!strcmp(*argv, "-peerkey")) { 148 if (--argc < 1) 149 badarg = 1; 150 else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) 151 badarg = 1; 152 } else if (!strcmp(*argv, "-passin")) { 153 if (--argc < 1) 154 badarg = 1; 155 else 156 passargin = *(++argv); 157 } else if (strcmp(*argv, "-peerform") == 0) { 158 if (--argc < 1) 159 badarg = 1; 160 else 161 peerform = str2fmt(*(++argv)); 162 } else if (strcmp(*argv, "-keyform") == 0) { 163 if (--argc < 1) 164 badarg = 1; 165 else 166 keyform = str2fmt(*(++argv)); 167 } |
| 174#ifndef OPENSSL_NO_ENGINE | 168#ifndef OPENSSL_NO_ENGINE |
| 175 else if(!strcmp(*argv, "-engine")) 176 { 177 if (--argc < 1) 178 badarg = 1; 179 else 180 e = setup_engine(bio_err, *(++argv), 0); 181 } | 169 else if (!strcmp(*argv, "-engine")) { 170 if (--argc < 1) 171 badarg = 1; 172 else 173 e = setup_engine(bio_err, *(++argv), 0); 174 } |
| 182#endif | 175#endif |
| 183 else if(!strcmp(*argv, "-pubin")) 184 key_type = KEY_PUBKEY; 185 else if(!strcmp(*argv, "-certin")) 186 key_type = KEY_CERT; 187 else if(!strcmp(*argv, "-asn1parse")) 188 asn1parse = 1; 189 else if(!strcmp(*argv, "-hexdump")) 190 hexdump = 1; 191 else if(!strcmp(*argv, "-sign")) 192 pkey_op = EVP_PKEY_OP_SIGN; 193 else if(!strcmp(*argv, "-verify")) 194 pkey_op = EVP_PKEY_OP_VERIFY; 195 else if(!strcmp(*argv, "-verifyrecover")) 196 pkey_op = EVP_PKEY_OP_VERIFYRECOVER; 197 else if(!strcmp(*argv, "-rev")) 198 rev = 1; 199 else if(!strcmp(*argv, "-encrypt")) 200 pkey_op = EVP_PKEY_OP_ENCRYPT; 201 else if(!strcmp(*argv, "-decrypt")) 202 pkey_op = EVP_PKEY_OP_DECRYPT; 203 else if(!strcmp(*argv, "-derive")) 204 pkey_op = EVP_PKEY_OP_DERIVE; 205 else if (strcmp(*argv,"-pkeyopt") == 0) 206 { 207 if (--argc < 1) 208 badarg = 1; 209 else if (!ctx) 210 { 211 BIO_puts(bio_err, 212 "-pkeyopt command before -inkey\n"); 213 badarg = 1; 214 } 215 else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) 216 { 217 BIO_puts(bio_err, "parameter setting error\n"); 218 ERR_print_errors(bio_err); 219 goto end; 220 } 221 } 222 else badarg = 1; 223 if(badarg) 224 { 225 usage(); 226 goto end; 227 } 228 argc--; 229 argv++; 230 } | 176 else if (!strcmp(*argv, "-pubin")) 177 key_type = KEY_PUBKEY; 178 else if (!strcmp(*argv, "-certin")) 179 key_type = KEY_CERT; 180 else if (!strcmp(*argv, "-asn1parse")) 181 asn1parse = 1; 182 else if (!strcmp(*argv, "-hexdump")) 183 hexdump = 1; 184 else if (!strcmp(*argv, "-sign")) 185 pkey_op = EVP_PKEY_OP_SIGN; 186 else if (!strcmp(*argv, "-verify")) 187 pkey_op = EVP_PKEY_OP_VERIFY; 188 else if (!strcmp(*argv, "-verifyrecover")) 189 pkey_op = EVP_PKEY_OP_VERIFYRECOVER; 190 else if (!strcmp(*argv, "-rev")) 191 rev = 1; 192 else if (!strcmp(*argv, "-encrypt")) 193 pkey_op = EVP_PKEY_OP_ENCRYPT; 194 else if (!strcmp(*argv, "-decrypt")) 195 pkey_op = EVP_PKEY_OP_DECRYPT; 196 else if (!strcmp(*argv, "-derive")) 197 pkey_op = EVP_PKEY_OP_DERIVE; 198 else if (strcmp(*argv, "-pkeyopt") == 0) { 199 if (--argc < 1) 200 badarg = 1; 201 else if (!ctx) { 202 BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); 203 badarg = 1; 204 } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) { 205 BIO_puts(bio_err, "parameter setting error\n"); 206 ERR_print_errors(bio_err); 207 goto end; 208 } 209 } else 210 badarg = 1; 211 if (badarg) { 212 usage(); 213 goto end; 214 } 215 argc--; 216 argv++; 217 } |
| 231 | 218 |
| 232 if (!ctx) 233 { 234 usage(); 235 goto end; 236 } | 219 if (!ctx) { 220 usage(); 221 goto end; 222 } |
| 237 | 223 |
| 238 if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) 239 { 240 BIO_puts(bio_err, "Signature file specified for non verify\n"); 241 goto end; 242 } | 224 if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { 225 BIO_puts(bio_err, "Signature file specified for non verify\n"); 226 goto end; 227 } |
| 243 | 228 |
| 244 if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) 245 { 246 BIO_puts(bio_err, "No signature file specified for verify\n"); 247 goto end; 248 } | 229 if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) { 230 BIO_puts(bio_err, "No signature file specified for verify\n"); 231 goto end; 232 } |
| 249 250/* FIXME: seed PRNG only if needed */ | 233 234/* FIXME: seed PRNG only if needed */ |
| 251 app_RAND_load_file(NULL, bio_err, 0); | 235 app_RAND_load_file(NULL, bio_err, 0); |
| 252 | 236 |
| 253 if (pkey_op != EVP_PKEY_OP_DERIVE) 254 { 255 if(infile) 256 { 257 if(!(in = BIO_new_file(infile, "rb"))) 258 { 259 BIO_puts(bio_err, 260 "Error Opening Input File\n"); 261 ERR_print_errors(bio_err); 262 goto end; 263 } 264 } 265 else 266 in = BIO_new_fp(stdin, BIO_NOCLOSE); 267 } | 237 if (pkey_op != EVP_PKEY_OP_DERIVE) { 238 if (infile) { 239 if (!(in = BIO_new_file(infile, "rb"))) { 240 BIO_puts(bio_err, "Error Opening Input File\n"); 241 ERR_print_errors(bio_err); 242 goto end; 243 } 244 } else 245 in = BIO_new_fp(stdin, BIO_NOCLOSE); 246 } |
| 268 | 247 |
| 269 if(outfile) 270 { 271 if(!(out = BIO_new_file(outfile, "wb"))) 272 { 273 BIO_printf(bio_err, "Error Creating Output File\n"); 274 ERR_print_errors(bio_err); 275 goto end; 276 } 277 } 278 else 279 { 280 out = BIO_new_fp(stdout, BIO_NOCLOSE); | 248 if (outfile) { 249 if (!(out = BIO_new_file(outfile, "wb"))) { 250 BIO_printf(bio_err, "Error Creating Output File\n"); 251 ERR_print_errors(bio_err); 252 goto end; 253 } 254 } else { 255 out = BIO_new_fp(stdout, BIO_NOCLOSE); |
| 281#ifdef OPENSSL_SYS_VMS | 256#ifdef OPENSSL_SYS_VMS |
| 282 { 283 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 284 out = BIO_push(tmpbio, out); 285 } | 257 { 258 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 259 out = BIO_push(tmpbio, out); 260 } |
| 286#endif | 261#endif |
| 287 } | 262 } |
| 288 | 263 |
| 289 if (sigfile) 290 { 291 BIO *sigbio = BIO_new_file(sigfile, "rb"); 292 if (!sigbio) 293 { 294 BIO_printf(bio_err, "Can't open signature file %s\n", 295 sigfile); 296 goto end; 297 } 298 siglen = bio_to_mem(&sig, keysize * 10, sigbio); 299 BIO_free(sigbio); 300 if (siglen <= 0) 301 { 302 BIO_printf(bio_err, "Error reading signature data\n"); 303 goto end; 304 } 305 } 306 307 if (in) 308 { 309 /* Read the input data */ 310 buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); 311 if(buf_inlen <= 0) 312 { 313 BIO_printf(bio_err, "Error reading input Data\n"); 314 exit(1); 315 } 316 if(rev) 317 { 318 size_t i; 319 unsigned char ctmp; 320 size_t l = (size_t)buf_inlen; 321 for(i = 0; i < l/2; i++) 322 { 323 ctmp = buf_in[i]; 324 buf_in[i] = buf_in[l - 1 - i]; 325 buf_in[l - 1 - i] = ctmp; 326 } 327 } 328 } | 264 if (sigfile) { 265 BIO *sigbio = BIO_new_file(sigfile, "rb"); 266 if (!sigbio) { 267 BIO_printf(bio_err, "Can't open signature file %s\n", sigfile); 268 goto end; 269 } 270 siglen = bio_to_mem(&sig, keysize * 10, sigbio); 271 BIO_free(sigbio); 272 if (siglen <= 0) { 273 BIO_printf(bio_err, "Error reading signature data\n"); 274 goto end; 275 } 276 } |
| 329 | 277 |
| 330 if(pkey_op == EVP_PKEY_OP_VERIFY) 331 { 332 rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, 333 buf_in, (size_t)buf_inlen); 334 if (rv == 0) 335 BIO_puts(out, "Signature Verification Failure\n"); 336 else if (rv == 1) 337 BIO_puts(out, "Signature Verified Successfully\n"); 338 if (rv >= 0) 339 goto end; 340 } 341 else 342 { 343 rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, 344 buf_in, (size_t)buf_inlen); 345 if (rv > 0) 346 { 347 buf_out = OPENSSL_malloc(buf_outlen); 348 if (!buf_out) 349 rv = -1; 350 else 351 rv = do_keyop(ctx, pkey_op, 352 buf_out, (size_t *)&buf_outlen, 353 buf_in, (size_t)buf_inlen); 354 } 355 } | 278 if (in) { 279 /* Read the input data */ 280 buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); 281 if (buf_inlen <= 0) { 282 BIO_printf(bio_err, "Error reading input Data\n"); 283 exit(1); 284 } 285 if (rev) { 286 size_t i; 287 unsigned char ctmp; 288 size_t l = (size_t)buf_inlen; 289 for (i = 0; i < l / 2; i++) { 290 ctmp = buf_in[i]; 291 buf_in[i] = buf_in[l - 1 - i]; 292 buf_in[l - 1 - i] = ctmp; 293 } 294 } 295 } |
| 356 | 296 |
| 357 if(rv <= 0) 358 { 359 BIO_printf(bio_err, "Public Key operation error\n"); 360 ERR_print_errors(bio_err); 361 goto end; 362 } 363 ret = 0; 364 if(asn1parse) 365 { 366 if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) 367 ERR_print_errors(bio_err); 368 } 369 else if(hexdump) 370 BIO_dump(out, (char *)buf_out, buf_outlen); 371 else 372 BIO_write(out, buf_out, buf_outlen); | 297 if (pkey_op == EVP_PKEY_OP_VERIFY) { 298 rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, 299 buf_in, (size_t)buf_inlen); 300 if (rv == 0) 301 BIO_puts(out, "Signature Verification Failure\n"); 302 else if (rv == 1) 303 BIO_puts(out, "Signature Verified Successfully\n"); 304 if (rv >= 0) 305 goto end; 306 } else { 307 rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, 308 buf_in, (size_t)buf_inlen); 309 if (rv > 0) { 310 buf_out = OPENSSL_malloc(buf_outlen); 311 if (!buf_out) 312 rv = -1; 313 else 314 rv = do_keyop(ctx, pkey_op, 315 buf_out, (size_t *)&buf_outlen, 316 buf_in, (size_t)buf_inlen); 317 } 318 } |
| 373 | 319 |
| 374 end: 375 if (ctx) 376 EVP_PKEY_CTX_free(ctx); 377 BIO_free(in); 378 BIO_free_all(out); 379 if (buf_in) 380 OPENSSL_free(buf_in); 381 if (buf_out) 382 OPENSSL_free(buf_out); 383 if (sig) 384 OPENSSL_free(sig); 385 return ret; | 320 if (rv <= 0) { 321 BIO_printf(bio_err, "Public Key operation error\n"); 322 ERR_print_errors(bio_err); 323 goto end; 324 } 325 ret = 0; 326 if (asn1parse) { 327 if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) 328 ERR_print_errors(bio_err); 329 } else if (hexdump) 330 BIO_dump(out, (char *)buf_out, buf_outlen); 331 else 332 BIO_write(out, buf_out, buf_outlen); 333 334 end: 335 if (ctx) 336 EVP_PKEY_CTX_free(ctx); 337 BIO_free(in); 338 BIO_free_all(out); 339 if (buf_in) 340 OPENSSL_free(buf_in); 341 if (buf_out) 342 OPENSSL_free(buf_out); 343 if (sig) 344 OPENSSL_free(sig); 345 return ret; |
| 386} 387 388static void usage() 389{ | 346} 347 348static void usage() 349{ |
| 390 BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); 391 BIO_printf(bio_err, "-in file input file\n"); 392 BIO_printf(bio_err, "-out file output file\n"); 393 BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n"); 394 BIO_printf(bio_err, "-inkey file input key\n"); 395 BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); 396 BIO_printf(bio_err, "-pubin input is a public key\n"); 397 BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n"); 398 BIO_printf(bio_err, "-pkeyopt X:Y public key options\n"); 399 BIO_printf(bio_err, "-sign sign with private key\n"); 400 BIO_printf(bio_err, "-verify verify with public key\n"); 401 BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n"); 402 BIO_printf(bio_err, "-encrypt encrypt with public key\n"); 403 BIO_printf(bio_err, "-decrypt decrypt with private key\n"); 404 BIO_printf(bio_err, "-derive derive shared secret\n"); 405 BIO_printf(bio_err, "-hexdump hex dump output\n"); | 350 BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); 351 BIO_printf(bio_err, "-in file input file\n"); 352 BIO_printf(bio_err, "-out file output file\n"); 353 BIO_printf(bio_err, 354 "-sigfile file signature file (verify operation only)\n"); 355 BIO_printf(bio_err, "-inkey file input key\n"); 356 BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); 357 BIO_printf(bio_err, "-pubin input is a public key\n"); 358 BIO_printf(bio_err, 359 "-certin input is a certificate carrying a public key\n"); 360 BIO_printf(bio_err, "-pkeyopt X:Y public key options\n"); 361 BIO_printf(bio_err, "-sign sign with private key\n"); 362 BIO_printf(bio_err, "-verify verify with public key\n"); 363 BIO_printf(bio_err, 364 "-verifyrecover verify with public key, recover original data\n"); 365 BIO_printf(bio_err, "-encrypt encrypt with public key\n"); 366 BIO_printf(bio_err, "-decrypt decrypt with private key\n"); 367 BIO_printf(bio_err, "-derive derive shared secret\n"); 368 BIO_printf(bio_err, "-hexdump hex dump output\n"); |
| 406#ifndef OPENSSL_NO_ENGINE | 369#ifndef OPENSSL_NO_ENGINE |
| 407 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); | 370 BIO_printf(bio_err, 371 "-engine e use engine e, possibly a hardware device.\n"); |
| 408#endif | 372#endif |
| 409 BIO_printf(bio_err, "-passin arg pass phrase source\n"); | 373 BIO_printf(bio_err, "-passin arg pass phrase source\n"); |
| 410 411} 412 413static EVP_PKEY_CTX *init_ctx(int *pkeysize, | 374 375} 376 377static EVP_PKEY_CTX *init_ctx(int *pkeysize, |
| 414 char *keyfile, int keyform, int key_type, 415 char *passargin, int pkey_op, ENGINE *e) 416 { 417 EVP_PKEY *pkey = NULL; 418 EVP_PKEY_CTX *ctx = NULL; 419 char *passin = NULL; 420 int rv = -1; 421 X509 *x; 422 if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 423 || (pkey_op == EVP_PKEY_OP_DERIVE)) 424 && (key_type != KEY_PRIVKEY)) 425 { 426 BIO_printf(bio_err, "A private key is needed for this operation\n"); 427 goto end; 428 } 429 if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 430 { 431 BIO_printf(bio_err, "Error getting password\n"); 432 goto end; 433 } 434 switch(key_type) 435 { 436 case KEY_PRIVKEY: 437 pkey = load_key(bio_err, keyfile, keyform, 0, 438 passin, e, "Private Key"); 439 break; | 378 char *keyfile, int keyform, int key_type, 379 char *passargin, int pkey_op, ENGINE *e) 380{ 381 EVP_PKEY *pkey = NULL; 382 EVP_PKEY_CTX *ctx = NULL; 383 char *passin = NULL; 384 int rv = -1; 385 X509 *x; 386 if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 387 || (pkey_op == EVP_PKEY_OP_DERIVE)) 388 && (key_type != KEY_PRIVKEY)) { 389 BIO_printf(bio_err, "A private key is needed for this operation\n"); 390 goto end; 391 } 392 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 393 BIO_printf(bio_err, "Error getting password\n"); 394 goto end; 395 } 396 switch (key_type) { 397 case KEY_PRIVKEY: 398 pkey = load_key(bio_err, keyfile, keyform, 0, 399 passin, e, "Private Key"); 400 break; |
| 440 | 401 |
| 441 case KEY_PUBKEY: 442 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 443 NULL, e, "Public Key"); 444 break; | 402 case KEY_PUBKEY: 403 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 404 NULL, e, "Public Key"); 405 break; |
| 445 | 406 |
| 446 case KEY_CERT: 447 x = load_cert(bio_err, keyfile, keyform, 448 NULL, e, "Certificate"); 449 if(x) 450 { 451 pkey = X509_get_pubkey(x); 452 X509_free(x); 453 } 454 break; | 407 case KEY_CERT: 408 x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate"); 409 if (x) { 410 pkey = X509_get_pubkey(x); 411 X509_free(x); 412 } 413 break; |
| 455 | 414 |
| 456 } | 415 } |
| 457 | 416 |
| 458 *pkeysize = EVP_PKEY_size(pkey); | 417 *pkeysize = EVP_PKEY_size(pkey); |
| 459 | 418 |
| 460 if (!pkey) 461 goto end; | 419 if (!pkey) 420 goto end; |
| 462 | 421 |
| 463 ctx = EVP_PKEY_CTX_new(pkey, e); | 422 ctx = EVP_PKEY_CTX_new(pkey, e); |
| 464 | 423 |
| 465 EVP_PKEY_free(pkey); | 424 EVP_PKEY_free(pkey); |
| 466 | 425 |
| 467 if (!ctx) 468 goto end; | 426 if (!ctx) 427 goto end; |
| 469 | 428 |
| 470 switch(pkey_op) 471 { 472 case EVP_PKEY_OP_SIGN: 473 rv = EVP_PKEY_sign_init(ctx); 474 break; | 429 switch (pkey_op) { 430 case EVP_PKEY_OP_SIGN: 431 rv = EVP_PKEY_sign_init(ctx); 432 break; |
| 475 | 433 |
| 476 case EVP_PKEY_OP_VERIFY: 477 rv = EVP_PKEY_verify_init(ctx); 478 break; | 434 case EVP_PKEY_OP_VERIFY: 435 rv = EVP_PKEY_verify_init(ctx); 436 break; |
| 479 | 437 |
| 480 case EVP_PKEY_OP_VERIFYRECOVER: 481 rv = EVP_PKEY_verify_recover_init(ctx); 482 break; | 438 case EVP_PKEY_OP_VERIFYRECOVER: 439 rv = EVP_PKEY_verify_recover_init(ctx); 440 break; |
| 483 | 441 |
| 484 case EVP_PKEY_OP_ENCRYPT: 485 rv = EVP_PKEY_encrypt_init(ctx); 486 break; | 442 case EVP_PKEY_OP_ENCRYPT: 443 rv = EVP_PKEY_encrypt_init(ctx); 444 break; |
| 487 | 445 |
| 488 case EVP_PKEY_OP_DECRYPT: 489 rv = EVP_PKEY_decrypt_init(ctx); 490 break; | 446 case EVP_PKEY_OP_DECRYPT: 447 rv = EVP_PKEY_decrypt_init(ctx); 448 break; |
| 491 | 449 |
| 492 case EVP_PKEY_OP_DERIVE: 493 rv = EVP_PKEY_derive_init(ctx); 494 break; 495 } | 450 case EVP_PKEY_OP_DERIVE: 451 rv = EVP_PKEY_derive_init(ctx); 452 break; 453 } |
| 496 | 454 |
| 497 if (rv <= 0) 498 { 499 EVP_PKEY_CTX_free(ctx); 500 ctx = NULL; 501 } | 455 if (rv <= 0) { 456 EVP_PKEY_CTX_free(ctx); 457 ctx = NULL; 458 } |
| 502 | 459 |
| 503 end: | 460 end: |
| 504 | 461 |
| 505 if (passin) 506 OPENSSL_free(passin); | 462 if (passin) 463 OPENSSL_free(passin); |
| 507 | 464 |
| 508 return ctx; | 465 return ctx; |
| 509 | 466 |
| 467} |
|
| 510 | 468 |
| 511 } 512 | |
| 513static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, | 469static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, |
| 514 const char *file) 515 { 516 EVP_PKEY *peer = NULL; 517 int ret; 518 if (!ctx) 519 { 520 BIO_puts(err, "-peerkey command before -inkey\n"); 521 return 0; 522 } 523 524 peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); | 470 const char *file) 471{ 472 EVP_PKEY *peer = NULL; 473 int ret; 474 if (!ctx) { 475 BIO_puts(err, "-peerkey command before -inkey\n"); 476 return 0; 477 } |
| 525 | 478 |
| 526 if (!peer) 527 { 528 BIO_printf(bio_err, "Error reading peer key %s\n", file); 529 ERR_print_errors(err); 530 return 0; 531 } | 479 peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); |
| 532 | 480 |
| 533 ret = EVP_PKEY_derive_set_peer(ctx, peer); | 481 if (!peer) { 482 BIO_printf(bio_err, "Error reading peer key %s\n", file); 483 ERR_print_errors(err); 484 return 0; 485 } |
| 534 | 486 |
| 535 EVP_PKEY_free(peer); 536 if (ret <= 0) 537 ERR_print_errors(err); 538 return ret; 539 } | 487 ret = EVP_PKEY_derive_set_peer(ctx, peer); |
| 540 | 488 |
| 489 EVP_PKEY_free(peer); 490 if (ret <= 0) 491 ERR_print_errors(err); 492 return ret; 493} 494 |
|
| 541static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, | 495static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, |
| 542 unsigned char *out, size_t *poutlen, 543 unsigned char *in, size_t inlen) 544 { 545 int rv = 0; 546 switch(pkey_op) 547 { 548 case EVP_PKEY_OP_VERIFYRECOVER: 549 rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); 550 break; | 496 unsigned char *out, size_t *poutlen, 497 unsigned char *in, size_t inlen) 498{ 499 int rv = 0; 500 switch (pkey_op) { 501 case EVP_PKEY_OP_VERIFYRECOVER: 502 rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); 503 break; |
| 551 | 504 |
| 552 case EVP_PKEY_OP_SIGN: 553 rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); 554 break; | 505 case EVP_PKEY_OP_SIGN: 506 rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); 507 break; |
| 555 | 508 |
| 556 case EVP_PKEY_OP_ENCRYPT: 557 rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); 558 break; | 509 case EVP_PKEY_OP_ENCRYPT: 510 rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); 511 break; |
| 559 | 512 |
| 560 case EVP_PKEY_OP_DECRYPT: 561 rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); 562 break; | 513 case EVP_PKEY_OP_DECRYPT: 514 rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); 515 break; |
| 563 | 516 |
| 564 case EVP_PKEY_OP_DERIVE: 565 rv = EVP_PKEY_derive(ctx, out, poutlen); 566 break; | 517 case EVP_PKEY_OP_DERIVE: 518 rv = EVP_PKEY_derive(ctx, out, poutlen); 519 break; |
| 567 | 520 |
| 568 } 569 return rv; 570 } | 521 } 522 return rv; 523} |