X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fpkeyutl.c;h=fe7f5861199d8af0c2da8ac374069263c045d7eb;hb=fd068d50c4e19b6e860a303a6bec1c1803f5465e;hp=5a2827b3997a96ee82061e0332d4e8bb10a9ca1c;hpb=a173a7ee3f51af71c27490247f9a65ff03553e2c;p=oweals%2Fopenssl.git diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 5a2827b399..fe7f586119 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -62,11 +62,12 @@ #include #include +#define KEY_NONE 0 #define KEY_PRIVKEY 1 #define KEY_PUBKEY 2 #define KEY_CERT 3 -static EVP_PKEY_CTX *init_ctx(int *pkeysize, +static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int impl); @@ -84,7 +85,7 @@ typedef enum OPTION_choice { OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT + OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN } OPTION_CHOICE; OPTIONS pkeyutl_options[] = { @@ -103,6 +104,8 @@ OPTIONS pkeyutl_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, + {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, {"inkey", OPT_INKEY, 's', "Input private key file"}, {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, @@ -135,6 +138,8 @@ int pkeyutl_main(int argc, char **argv) size_t buf_outlen; const char *inkey = NULL; const char *peerkey = NULL; + const char *kdfalg = NULL; + int kdflen = 0; STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; prog = opt_init(argc, argv, pkeyutl_options); @@ -211,13 +216,21 @@ int pkeyutl_main(int argc, char **argv) case OPT_DERIVE: pkey_op = EVP_PKEY_OP_DERIVE; break; + case OPT_KDF: + pkey_op = EVP_PKEY_OP_DERIVE; + key_type = KEY_NONE; + kdfalg = opt_arg(); + break; + case OPT_KDFLEN: + kdflen = atoi(opt_arg()); + break; case OPT_REV: rev = 1; break; case OPT_PKEYOPT: if ((pkeyopts == NULL && (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || - sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) { + sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) { BIO_puts(bio_err, "out of memory\n"); goto end; } @@ -225,13 +238,17 @@ int pkeyutl_main(int argc, char **argv) } } argc = opt_num_rest(); - argv = opt_rest(); - - if (inkey == NULL || - (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) + if (argc != 0) goto opthelp; - ctx = init_ctx(&keysize, inkey, keyform, key_type, + if (kdfalg != NULL) { + if (kdflen == 0) + goto opthelp; + } else if ((inkey == NULL) + || (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) { + goto opthelp; + } + ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, passinarg, pkey_op, e, engine_impl); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); @@ -325,15 +342,21 @@ int pkeyutl_main(int argc, char **argv) BIO_puts(out, "Signature Verification Failure\n"); goto end; } - rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); + if (kdflen != 0) { + buf_outlen = kdflen; + rv = 1; + } else { + rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, + buf_in, (size_t)buf_inlen); + } if (rv > 0 && buf_outlen != 0) { buf_out = app_malloc(buf_outlen, "buffer output"); rv = do_keyop(ctx, pkey_op, buf_out, (size_t *)&buf_outlen, buf_in, (size_t)buf_inlen); } - if (rv < 0) { + if (rv <= 0) { + BIO_puts(bio_err, "Public Key operation error\n"); ERR_print_errors(bio_err); goto end; } @@ -358,7 +381,7 @@ int pkeyutl_main(int argc, char **argv) return ret; } -static EVP_PKEY_CTX *init_ctx(int *pkeysize, +static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int engine_impl) @@ -371,7 +394,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, X509 *x; if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) || (pkey_op == EVP_PKEY_OP_DERIVE)) - && (key_type != KEY_PRIVKEY)) { + && (key_type != KEY_PRIVKEY && kdfalg == NULL)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } @@ -389,28 +412,35 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, break; case KEY_CERT: - x = load_cert(keyfile, keyform, NULL, e, "Certificate"); + x = load_cert(keyfile, keyform, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); } break; - } - - *pkeysize = EVP_PKEY_size(pkey); + case KEY_NONE: + break; - if (!pkey) - goto end; + } #ifndef OPENSSL_NO_ENGINE if (engine_impl) impl = e; #endif - - ctx = EVP_PKEY_CTX_new(pkey, impl); - EVP_PKEY_free(pkey); + if (kdfalg) { + int kdfnid = OBJ_sn2nid(kdfalg); + if (kdfnid == NID_undef) + goto end; + ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + } else { + if (pkey == NULL) + goto end; + *pkeysize = EVP_PKEY_size(pkey); + ctx = EVP_PKEY_CTX_new(pkey, impl); + EVP_PKEY_free(pkey); + } if (ctx == NULL) goto end;