mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-24 10:34:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

dsa: apps deprecation changes

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
This commit is contained in:
Pauli 2020-10-20 13:32:26 +10:00 committed by Richard Levitte
parent 575b36ecef
commit 47422549da
5 changed files with 97 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/dhparam.c
View File

@ -47,8 +47,10 @@ const OPTIONS dhparam_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"check", OPT_CHECK, '-', "Check the DH parameters"},
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif

132
apps/dsa.c
View File

@ -22,6 +22,15 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#include <openssl/encoder.h>
#include <openssl/core_names.h>
#include <openssl/core_dispatch.h>
#ifndef OPENSSL_NO_RC4
# define DEFAULT_PVK_ENCR_STRENGTH 2
#else
# define DEFAULT_PVK_ENCR_STRENGTH 0
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -68,7 +77,6 @@ const OPTIONS dsa_options[] = {
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
DSA *dsa = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
const EVP_CIPHER *enc = NULL;
@ -76,11 +84,13 @@ int dsa_main(int argc, char **argv)
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
#endif
int modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
int private = 0;
const char *output_type = NULL;
const char *output_structure = NULL;
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
@ -171,14 +181,15 @@ int dsa_main(int argc, char **argv)
else
pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL)
dsa = EVP_PKEY_get1_DSA(pkey);
if (dsa == NULL) {
if (pkey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (!EVP_PKEY_is_a(pkey, "DSA")) {
BIO_printf(bio_err, "Not a DSA key\n");
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
@ -195,11 +206,16 @@ int dsa_main(int argc, char **argv)
}
if (modulus) {
const BIGNUM *pub_key = NULL;
DSA_get0_key(dsa, &pub_key, NULL);
BIGNUM *pub_key = NULL;
if (!EVP_PKEY_get_bn_param(pkey, "pub", &pub_key)) {
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(out, "Public Key=");
BN_print(out, pub_key);
BIO_printf(out, "\n");
BN_free(pub_key);
}
if (noout) {
@ -208,64 +224,68 @@ int dsa_main(int argc, char **argv)
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout) {
i = i2d_DSA_PUBKEY_bio(out, dsa);
} else {
assert(private);
i = i2d_DSAPrivateKey_bio(out, dsa);
}
output_type = "DER";
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout) {
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
} else {
assert(private);
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
}
#ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
BIO_printf(bio_err, "PVK form impossible with public key input\n");
EVP_PKEY_free(pk);
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
output_type = "PEM";
} else if (outformat == FORMAT_MSBLOB) {
output_type = "MSBLOB";
} else if (outformat == FORMAT_PVK) {
if (pubin) {
BIO_printf(bio_err, "PVK form impossible with public key input\n");
goto end;
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
assert(private);
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
#endif
output_type = "PVK";
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) {
if (pubout || pubin)
output_structure = "SubjectPublicKeyInfo";
else
output_structure = "type-specific";
}
/* Select what you want in the output */
if (pubout || pubin) {
selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
} else {
assert(private);
selection = (OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
}
/* Perform the encoding */
ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, output_type,
output_structure, NULL);
if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
BIO_printf(bio_err, "%s format not supported\n", output_type);
goto end;
}
/* PVK requires a bit more */
if (outformat == FORMAT_PVK) {
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr);
if (!OSSL_ENCODER_CTX_set_params(ectx, params)) {
BIO_printf(bio_err, "invalid PVK encryption level\n");
goto end;
}
}
if (!OSSL_ENCODER_to_bio(ectx, out)) {
BIO_printf(bio_err, "unable to write key\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
OSSL_ENCODER_CTX_free(ectx);
BIO_free_all(out);
EVP_PKEY_free(pkey);
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);

28
apps/gendsa.c
View File

@ -54,7 +54,6 @@ int gendsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *enc = NULL;
@ -117,38 +116,18 @@ int gendsa_main(int argc, char **argv)
goto end;
}
in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
if (in == NULL)
goto end2;
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end2;
DSA_get0_pqg(dsa, &p, NULL, NULL);
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
if (EVP_PKEY_bits(pkey) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_bits(pkey));
pkey = EVP_PKEY_new();
if (pkey == NULL) {
BIO_printf(bio_err, "unable to allocate PKEY\n");
goto end;
}
if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
BIO_printf(bio_err, "unable to associate DSA parameters with PKEY\n");
goto end;
}
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (ctx == NULL) {
BIO_printf(bio_err, "unable to create PKEY context\n");
@ -179,7 +158,6 @@ int gendsa_main(int argc, char **argv)
end2:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
release_engine(e);

10
apps/rsa.c
View File

@ -30,6 +30,12 @@
*/
#include <openssl/core_dispatch.h>
#ifndef OPENSSL_NO_RC4
# define DEFAULT_PVK_ENCR_STRENGTH 2
#else
# define DEFAULT_PVK_ENCR_STRENGTH 0
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
@ -69,10 +75,12 @@ const OPTIONS rsa_options[] = {
{"traditional", OPT_TRADITIONAL, '-',
"Use traditional format for private keys"},
#ifndef OPENSSL_NO_RC4
OPT_SECTION("PVK"),
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
#endif
OPT_PROV_OPTIONS,
{NULL}
@ -90,7 +98,7 @@ int rsa_main(int argc, char **argv)
int private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = 2;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
OPTION_CHOICE o;
int traditional = 0;
const char *output_type = NULL;

17
apps/x509.c
View File

@ -755,7 +755,6 @@ int x509_main(int argc, char **argv)
goto end;
}
BIO_printf(out, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_is_a(pkey, "RSA")) {
BIGNUM *n;
@ -763,16 +762,14 @@ int x509_main(int argc, char **argv)
EVP_PKEY_get_bn_param(pkey, "n", &n);
BN_print(out, n);
BN_free(n);
} else
#endif
#ifndef OPENSSL_NO_DSA
if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
const BIGNUM *dsapub = NULL;
DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
} else if (EVP_PKEY_is_a(pkey, "DSA")) {
BIGNUM *dsapub;
/* Every DSA key has an 'pub' */
EVP_PKEY_get_bn_param(pkey, "pub", &dsapub);
BN_print(out, dsapub);
} else
#endif
{
BN_free(dsapub);
} else {
BIO_printf(out, "Wrong Algorithm type");
}
BIO_printf(out, "\n");