mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
021410ea3f
Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
293 lines
8.4 KiB
C
293 lines
8.4 KiB
C
/*
|
|
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/opensslconf.h>
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include "apps.h"
|
|
#include "progs.h"
|
|
#include <openssl/bio.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/pem.h>
|
|
|
|
static OPT_PAIR conv_forms[] = {
|
|
{"compressed", POINT_CONVERSION_COMPRESSED},
|
|
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
|
|
{"hybrid", POINT_CONVERSION_HYBRID},
|
|
{NULL}
|
|
};
|
|
|
|
static OPT_PAIR param_enc[] = {
|
|
{"named_curve", OPENSSL_EC_NAMED_CURVE},
|
|
{"explicit", 0},
|
|
{NULL}
|
|
};
|
|
|
|
typedef enum OPTION_choice {
|
|
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
|
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
|
|
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
|
|
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
|
|
OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM
|
|
} OPTION_CHOICE;
|
|
|
|
const OPTIONS ec_options[] = {
|
|
OPT_SECTION("General"),
|
|
{"help", OPT_HELP, '-', "Display this summary"},
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
|
#endif
|
|
|
|
OPT_SECTION("Input"),
|
|
{"in", OPT_IN, 's', "Input file"},
|
|
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
|
|
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
|
|
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
|
{"check", OPT_CHECK, '-', "check key consistency"},
|
|
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
|
{"param_enc", OPT_PARAM_ENC, 's',
|
|
"Specifies the way the ec parameters are encoded"},
|
|
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
|
|
|
|
OPT_SECTION("Output"),
|
|
{"out", OPT_OUT, '>', "Output file"},
|
|
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
|
|
{"noout", OPT_NOOUT, '-', "Don't print key out"},
|
|
{"text", OPT_TEXT, '-', "Print the key"},
|
|
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
|
|
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
|
|
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
|
|
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
|
|
|
OPT_PROV_OPTIONS,
|
|
{NULL}
|
|
};
|
|
|
|
int ec_main(int argc, char **argv)
|
|
{
|
|
BIO *in = NULL, *out = NULL;
|
|
ENGINE *e = NULL;
|
|
EC_KEY *eckey = NULL;
|
|
const EC_GROUP *group;
|
|
const EVP_CIPHER *enc = NULL;
|
|
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
|
char *infile = NULL, *outfile = NULL, *prog;
|
|
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
|
OPTION_CHOICE o;
|
|
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
|
|
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
|
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
|
|
int no_public = 0, check = 0;
|
|
|
|
prog = opt_init(argc, argv, ec_options);
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
switch (o) {
|
|
case OPT_EOF:
|
|
case OPT_ERR:
|
|
opthelp:
|
|
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
|
goto end;
|
|
case OPT_HELP:
|
|
opt_help(ec_options);
|
|
ret = 0;
|
|
goto end;
|
|
case OPT_INFORM:
|
|
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
|
|
goto opthelp;
|
|
break;
|
|
case OPT_IN:
|
|
infile = opt_arg();
|
|
break;
|
|
case OPT_OUTFORM:
|
|
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
|
|
goto opthelp;
|
|
break;
|
|
case OPT_OUT:
|
|
outfile = opt_arg();
|
|
break;
|
|
case OPT_NOOUT:
|
|
noout = 1;
|
|
break;
|
|
case OPT_TEXT:
|
|
text = 1;
|
|
break;
|
|
case OPT_PARAM_OUT:
|
|
param_out = 1;
|
|
break;
|
|
case OPT_PUBIN:
|
|
pubin = 1;
|
|
break;
|
|
case OPT_PUBOUT:
|
|
pubout = 1;
|
|
break;
|
|
case OPT_PASSIN:
|
|
passinarg = opt_arg();
|
|
break;
|
|
case OPT_PASSOUT:
|
|
passoutarg = opt_arg();
|
|
break;
|
|
case OPT_ENGINE:
|
|
e = setup_engine(opt_arg(), 0);
|
|
break;
|
|
case OPT_CIPHER:
|
|
if (!opt_cipher(opt_unknown(), &enc))
|
|
goto opthelp;
|
|
break;
|
|
case OPT_CONV_FORM:
|
|
if (!opt_pair(opt_arg(), conv_forms, &i))
|
|
goto opthelp;
|
|
new_form = 1;
|
|
form = i;
|
|
break;
|
|
case OPT_PARAM_ENC:
|
|
if (!opt_pair(opt_arg(), param_enc, &i))
|
|
goto opthelp;
|
|
new_asn1_flag = 1;
|
|
asn1_flag = i;
|
|
break;
|
|
case OPT_NO_PUBLIC:
|
|
no_public = 1;
|
|
break;
|
|
case OPT_CHECK:
|
|
check = 1;
|
|
break;
|
|
case OPT_PROV_CASES:
|
|
if (!opt_provider(o))
|
|
goto end;
|
|
break;
|
|
}
|
|
}
|
|
|
|
/* No extra arguments. */
|
|
argc = opt_num_rest();
|
|
if (argc != 0)
|
|
goto opthelp;
|
|
|
|
private = param_out || pubin || pubout ? 0 : 1;
|
|
if (text && !pubin)
|
|
private = 1;
|
|
|
|
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
|
BIO_printf(bio_err, "Error getting passwords\n");
|
|
goto end;
|
|
}
|
|
|
|
if (informat != FORMAT_ENGINE) {
|
|
in = bio_open_default(infile, 'r', informat);
|
|
if (in == NULL)
|
|
goto end;
|
|
}
|
|
|
|
BIO_printf(bio_err, "read EC key\n");
|
|
if (informat == FORMAT_ASN1) {
|
|
if (pubin)
|
|
eckey = d2i_EC_PUBKEY_bio(in, NULL);
|
|
else
|
|
eckey = d2i_ECPrivateKey_bio(in, NULL);
|
|
} else if (informat == FORMAT_ENGINE) {
|
|
EVP_PKEY *pkey;
|
|
if (pubin)
|
|
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
|
|
else
|
|
pkey = load_key(infile, informat, 1, passin, e, "private key");
|
|
if (pkey != NULL) {
|
|
eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
|
EVP_PKEY_free(pkey);
|
|
}
|
|
} else {
|
|
if (pubin)
|
|
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
|
|
else
|
|
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
|
|
}
|
|
if (eckey == NULL) {
|
|
BIO_printf(bio_err, "unable to load Key\n");
|
|
ERR_print_errors(bio_err);
|
|
goto end;
|
|
}
|
|
|
|
out = bio_open_owner(outfile, outformat, private);
|
|
if (out == NULL)
|
|
goto end;
|
|
|
|
group = EC_KEY_get0_group(eckey);
|
|
|
|
if (new_form)
|
|
EC_KEY_set_conv_form(eckey, form);
|
|
|
|
if (new_asn1_flag)
|
|
EC_KEY_set_asn1_flag(eckey, asn1_flag);
|
|
|
|
if (no_public)
|
|
EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
|
|
|
|
if (text) {
|
|
assert(pubin || private);
|
|
if (!EC_KEY_print(out, eckey, 0)) {
|
|
perror(outfile);
|
|
ERR_print_errors(bio_err);
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
if (check) {
|
|
if (EC_KEY_check_key(eckey) == 1) {
|
|
BIO_printf(bio_err, "EC Key valid.\n");
|
|
} else {
|
|
BIO_printf(bio_err, "EC Key Invalid!\n");
|
|
ERR_print_errors(bio_err);
|
|
}
|
|
}
|
|
|
|
if (noout) {
|
|
ret = 0;
|
|
goto end;
|
|
}
|
|
|
|
BIO_printf(bio_err, "writing EC key\n");
|
|
if (outformat == FORMAT_ASN1) {
|
|
if (param_out) {
|
|
i = i2d_ECPKParameters_bio(out, group);
|
|
} else if (pubin || pubout) {
|
|
i = i2d_EC_PUBKEY_bio(out, eckey);
|
|
} else {
|
|
assert(private);
|
|
i = i2d_ECPrivateKey_bio(out, eckey);
|
|
}
|
|
} else {
|
|
if (param_out) {
|
|
i = PEM_write_bio_ECPKParameters(out, group);
|
|
} else if (pubin || pubout) {
|
|
i = PEM_write_bio_EC_PUBKEY(out, eckey);
|
|
} else {
|
|
assert(private);
|
|
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
|
|
NULL, 0, NULL, passout);
|
|
}
|
|
}
|
|
|
|
if (!i) {
|
|
BIO_printf(bio_err, "unable to write private key\n");
|
|
ERR_print_errors(bio_err);
|
|
} else {
|
|
ret = 0;
|
|
}
|
|
end:
|
|
BIO_free(in);
|
|
BIO_free_all(out);
|
|
EC_KEY_free(eckey);
|
|
release_engine(e);
|
|
OPENSSL_free(passin);
|
|
OPENSSL_free(passout);
|
|
return ret;
|
|
}
|