Add help for pkeyopt values for the genpkey commandline app.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/19931)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index dcb9ad1dd8303fec397c8ac2a59dd010eab2d3d6..52d1b44edbb9587da8150ee845b9e79784fac5fa 100644 (file)
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -57,6 +57,50 @@ const OPTIONS genpkey_options[] = {
     {NULL}
 };
 
+static const char *param_datatype_2name(unsigned int type, int *ishex)
+{
+    *ishex = 0;
+
+    switch (type) {
+    case OSSL_PARAM_INTEGER: return "int";
+    case OSSL_PARAM_UNSIGNED_INTEGER: return "uint";
+    case OSSL_PARAM_REAL: return "float";
+    case OSSL_PARAM_OCTET_STRING: *ishex = 1; return "string";
+    case OSSL_PARAM_UTF8_STRING: return "string";
+    default:
+        return NULL;
+    }
+}
+
+static void show_gen_pkeyopt(const char *algname, OSSL_LIB_CTX *libctx, const char *propq)
+{
+    EVP_PKEY_CTX *ctx = NULL;
+    const OSSL_PARAM *params;
+    int i, ishex = 0;
+
+    if (algname == NULL)
+        return;
+    ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
+    if (ctx == NULL)
+        return;
+
+    if (EVP_PKEY_keygen_init(ctx) <= 0)
+        goto cleanup;
+    params = EVP_PKEY_CTX_settable_params(ctx);
+    if (params == NULL)
+        goto cleanup;
+
+    BIO_printf(bio_err, "\nThe possible -pkeyopt arguments are:\n");
+    for (i = 0; params[i].key != NULL; ++i) {
+        const char *name = param_datatype_2name(params[i].data_type, &ishex);
+
+        if (name != NULL)
+            BIO_printf(bio_err, "    %s%s:%s\n", ishex ? "hex" : "", params[i].key, name);
+    }
+cleanup:
+    EVP_PKEY_CTX_free(ctx);
+}
+
 int genpkey_main(int argc, char **argv)
 {
     CONF *conf = NULL;
@@ -88,6 +132,7 @@ int genpkey_main(int argc, char **argv)
         case OPT_HELP:
             ret = 0;
             opt_help(genpkey_options);
+            show_gen_pkeyopt(algname, libctx, app_get0_propq());
             goto end;
         case OPT_OUTFORM:
             if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))

diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in
index f107f4a4115a35f84586a55c1ec1621c79894567..a1e0c51f4d6ec7a5043aeee48d47c406997dcbc9 100644 (file)
--- a/doc/man1/openssl-genpkey.pod.in
+++ b/doc/man1/openssl-genpkey.pod.in
@@ -92,6 +92,9 @@ options supported depends on the public key algorithm used and its
 implementation. See L</KEY GENERATION OPTIONS> and
 L</PARAMETER GENERATION OPTIONS> below for more details.
 
+To list the possible I<opt> values for an algorithm use:
+B<openssl> B<genpkey> -algorithm XXX -help
+
 =item B<-genparam>
 
 Generate a set of parameters instead of a private key. If used this option must

diff --git a/test/recipes/15-test_genpkey.t b/test/recipes/15-test_genpkey.t
new file mode 100644 (file)
index 0000000..6df2df5
--- /dev/null
+++ b/test/recipes/15-test_genpkey.t
@@ -0,0 +1,31 @@
+#! /usr/bin/env perl
+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT/;
+use OpenSSL::Test::Utils;
+
+setup("test_genpkey");
+
+my @algs = ();
+push @algs, qw(RSA) unless disabled("rsa");
+push @algs, qw(DSA) unless disabled("dsa");
+push @algs, qw(DH DHX) unless disabled("dh");
+push @algs, qw(EC X25519 X448) unless disabled("ec");
+push @algs, qw(SM2) unless disabled("sm2");
+
+plan tests => scalar(@algs);
+
+foreach (@algs) {
+    my $alg = $_;
+
+    ok(run(app([ 'openssl', 'genpkey', '-algorithm', $alg, '-help'])),
+       "show genpkey pkeyopt values for $alg");
+}