APPS: Implement load_keyparams() to load key parameters

'openssl dsaparam' is affected as an obvious usage example.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13191)

diff --git a/apps/cmp.c b/apps/cmp.c
index e52eff3c28408ca2afa9516af6dc099ad952eaf5..a30c9f1684584b46f78ba000ed956e57262b11c6 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -724,7 +724,7 @@ static int load_cert_certs(const char *uri,
         return ret;
     }
     pass_string = get_passwd(pass, desc);
-    ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL,
+    ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
                               pcert, pcerts, NULL, NULL);
     clear_free(pass_string);
 

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 5fd906a0693772b977474003df3704d4b1ecba42..7e374eb6ad68205306d842206bc5a57a898a057e 100644 (file)
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -66,7 +66,7 @@ const OPTIONS dsaparam_options[] = {
 int dsaparam_main(int argc, char **argv)
 {
     ENGINE *e = NULL;
-    BIO *in = NULL, *out = NULL;
+    BIO *out = NULL;
     EVP_PKEY *params = NULL, *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
     int numbits = -1, num = 0, genkey = 0;
@@ -140,9 +140,6 @@ int dsaparam_main(int argc, char **argv)
     }
     private = genkey ? 1 : 0;
 
-    in = bio_open_default(infile, 'r', informat);
-    if (in == NULL)
-        goto end;
     out = bio_open_owner(outfile, outformat, private);
     if (out == NULL)
         goto end;
@@ -181,10 +178,12 @@ int dsaparam_main(int argc, char **argv)
             BIO_printf(bio_err, "Error, DSA key generation failed\n");
             goto end;
         }
-    } else if (informat == FORMAT_ASN1) {
-        params = d2i_KeyParams_bio(EVP_PKEY_DSA, NULL, in);
     } else {
-        params = PEM_read_bio_Parameters(in, NULL);
+        params = load_keyparams(infile, 1, "DSA parameters");
+        if (!EVP_PKEY_is_a(params, "DSA")) {
+            EVP_PKEY_free(params);
+            params = NULL;
+        }
     }
     if (params == NULL) {
         BIO_printf(bio_err, "Error, unable to load DSA parameters\n");
@@ -276,7 +275,6 @@ int dsaparam_main(int argc, char **argv)
  end:
     if (ret != 0)
         ERR_print_errors(bio_err);
-    BIO_free(in);
     BIO_free_all(out);
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_free(pkey);

diff --git a/apps/include/apps.h b/apps/include/apps.h
index 195f226910e1fe9821c3e294f9b8476e49e942af..8bb92e07db7a7c496f0cb7404a28dd225991e5aa 100644 (file)
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -116,6 +116,7 @@ EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
                    const char *pass, ENGINE *e, const char *desc);
 EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
                       const char *pass, ENGINE *e, const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc);
 int load_certs(const char *uri, STACK_OF(X509) **certs,
                const char *pass, const char *desc);
 int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
@@ -123,6 +124,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
 int load_key_certs_crls(const char *uri, int maybe_stdin,
                         const char *pass, const char *desc,
                         EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+                        EVP_PKEY **pparams,
                         X509 **pcert, STACK_OF(X509) **pcerts,
                         X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
 int load_key_cert_crl(const char *uri, int maybe_stdin,

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index d90ef6a1926e7819c52cd3ee61b0ba41c8296dff..d100ce42dd10f8fb87b925586743dc05c797e354 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -476,7 +476,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
     if (desc == NULL)
         desc = "certificate";
     (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
-                              NULL, NULL, &cert, NULL, NULL, NULL);
+                              NULL, NULL, NULL, &cert, NULL, NULL, NULL);
     if (cert == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
         ERR_print_errors(bio_err);
@@ -492,7 +492,7 @@ X509_CRL *load_crl(const char *uri, int format, const char *desc)
     if (desc == NULL)
         desc = "CRL";
     (void)load_key_certs_crls(uri, 0, NULL, desc,
-                              NULL,  NULL, NULL, NULL, &crl, NULL);
+                              NULL, NULL,  NULL, NULL, NULL, &crl, NULL);
     if (crl == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
         ERR_print_errors(bio_err);
@@ -559,7 +559,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
         }
     } else {
         (void)load_key_certs_crls(uri, may_stdin, pass, desc,
-                                  &pkey, NULL, NULL, NULL, NULL, NULL);
+                                  &pkey, NULL, NULL, NULL, NULL, NULL, NULL);
     }
 
     if (pkey == NULL) {
@@ -589,7 +589,7 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
         }
     } else {
         (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
-                                  NULL, &pkey, NULL, NULL, NULL, NULL);
+                                  NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
     }
     if (pkey == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
@@ -598,6 +598,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
     return pkey;
 }
 
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
+{
+    EVP_PKEY *params = NULL;
+
+    if (desc == NULL)
+        desc = "key parameters";
+
+    (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+                              NULL, NULL, &params, NULL, NULL, NULL, NULL);
+    if (params == NULL) {
+        BIO_printf(bio_err, "Unable to load %s\n", desc);
+        ERR_print_errors(bio_err);
+    }
+    return params;
+}
+
 void app_bail_out(char *fmt, ...)
 {
     va_list args;
@@ -627,7 +643,7 @@ int load_certs(const char *uri, STACK_OF(X509) **certs,
                const char *pass, const char *desc)
 {
     int was_NULL = *certs == NULL;
-    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
                                   NULL, certs, NULL, NULL);
 
     if (!ret && was_NULL) {
@@ -645,7 +661,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
               const char *pass, const char *desc)
 {
     int was_NULL = *crls == NULL;
-    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL,
+    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
                                   NULL, NULL, NULL, crls);
 
     if (!ret && was_NULL) {
@@ -671,6 +687,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
 int load_key_certs_crls(const char *uri, int maybe_stdin,
                         const char *pass, const char *desc,
                         EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+                        EVP_PKEY **pparams,
                         X509 **pcert, STACK_OF(X509) **pcerts,
                         X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls)
 {
@@ -761,6 +778,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
             if (ppubkey != NULL && *ppubkey == NULL)
                 ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL);
             break;
+        case OSSL_STORE_INFO_PARAMS:
+            if (pparams != NULL && *pparams == NULL)
+                ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL);
+            break;
         case OSSL_STORE_INFO_CERT:
             if (pcert != NULL && *pcert == NULL)
                 ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL;
@@ -794,8 +815,11 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
     if (failed == NULL) {
         int any = 0;
 
-        if (ppkey != NULL && *ppkey == NULL) {
+        if ((ppkey != NULL && *ppkey == NULL)
+            || (ppubkey != NULL && *ppubkey == NULL)) {
             failed = "key";
+        } else if (pparams != NULL && *pparams == NULL) {
+            failed = "params";
         } else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
             if (pcert == NULL)
                 any = 1;

diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index 0e6e6cb6de2474ca65822caa21cee4ca255669a2..d7431b05074292572af6e3f93cd3ff9555328183 100644 (file)
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -40,7 +40,7 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
 
-The input and formats; the default is B<PEM>.
+This option has become obsolete.
 See L<openssl(1)/Format Options> for details.
 
 Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>.