X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fpkeyparam.c;h=41c3f532b3450fa55ac62d724fe7cec8c151cffc;hb=9b10d1bf77b734f15c4ed5d1b619cd598b7c13fc;hp=9ac247509a79357dc4a332a9099f785eda5daa92;hpb=2234212c3dde887e0b7fa08277d035cd132e2cce;p=oweals%2Fopenssl.git

diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index 9ac247509a..41c3f532b3 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,13 +10,15 @@
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
+#include "progs.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE
+    OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
+    OPT_ENGINE, OPT_CHECK
 } OPTION_CHOICE;
 
 const OPTIONS pkeyparam_options[] = {
@@ -28,6 +30,7 @@ const OPTIONS pkeyparam_options[] = {
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
 #endif
+    {"check", OPT_CHECK, '-', "Check key param consistency"},
     {NULL}
 };
 
@@ -36,7 +39,7 @@ int pkeyparam_main(int argc, char **argv)
     ENGINE *e = NULL;
     BIO *in = NULL, *out = NULL;
     EVP_PKEY *pkey = NULL;
-    int text = 0, noout = 0, ret = 1;
+    int text = 0, noout = 0, ret = 1, check = 0;
     OPTION_CHOICE o;
     char *infile = NULL, *outfile = NULL, *prog;
 
@@ -67,6 +70,9 @@ int pkeyparam_main(int argc, char **argv)
         case OPT_NOOUT:
             noout = 1;
             break;
+        case OPT_CHECK:
+            check = 1;
+            break;
         }
     }
     argc = opt_num_rest();
@@ -86,6 +92,38 @@ int pkeyparam_main(int argc, char **argv)
         goto end;
     }
 
+    if (check) {
+        int r;
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        r = EVP_PKEY_param_check(ctx);
+
+        if (r == 1) {
+            BIO_printf(out, "Parameters are valid\n");
+        } else {
+            /*
+             * Note: at least for RSA keys if this function returns
+             * -1, there will be no error reasons.
+             */
+            unsigned long err;
+
+            BIO_printf(out, "Parameters are invalid\n");
+
+            while ((err = ERR_peek_error()) != 0) {
+                BIO_printf(out, "Detailed error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        }
+        EVP_PKEY_CTX_free(ctx);
+    }
+
     if (!noout)
         PEM_write_bio_Parameters(out, pkey);