diff options
Diffstat (limited to 'crypto/openssl/apps/dhparam.c')
| -rw-r--r-- | crypto/openssl/apps/dhparam.c | 159 |
1 files changed, 86 insertions, 73 deletions
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index 600b7ed2b5bc..f8838abe63d0 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -36,47 +36,59 @@ static int verbose = 1; typedef enum OPTION_choice { OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, OPT_VERBOSE, OPT_QUIET, - OPT_R_ENUM, OPT_PROV_ENUM + OPT_INFORM, + OPT_OUTFORM, + OPT_IN, + OPT_OUT, + OPT_ENGINE, + OPT_CHECK, + OPT_TEXT, + OPT_NOOUT, + OPT_DSAPARAM, + OPT_2, + OPT_3, + OPT_5, + OPT_VERBOSE, + OPT_QUIET, + OPT_R_ENUM, + OPT_PROV_ENUM } OPTION_CHOICE; const OPTIONS dhparam_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"}, + { OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n" }, OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"check", OPT_CHECK, '-', "Check the DH parameters"}, + { "help", OPT_HELP, '-', "Display this summary" }, + { "check", OPT_CHECK, '-', "Check the DH parameters" }, #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) - {"dsaparam", OPT_DSAPARAM, '-', - "Read or generate DSA parameters, convert to DH"}, + { "dsaparam", OPT_DSAPARAM, '-', + "Read or generate DSA parameters, convert to DH" }, #endif #ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"}, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format, DER or PEM" }, OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"}, - {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, - {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, - {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, - {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, - {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"quiet", OPT_QUIET, '-', "Terse output"}, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format, DER or PEM" }, + { "text", OPT_TEXT, '-', "Print a text form of the DH parameters" }, + { "noout", OPT_NOOUT, '-', "Don't output any DH parameters" }, + { "2", OPT_2, '-', "Generate parameters using 2 as the generator value" }, + { "3", OPT_3, '-', "Generate parameters using 3 as the generator value" }, + { "5", OPT_5, '-', "Generate parameters using 5 as the generator value" }, + { "verbose", OPT_VERBOSE, '-', "Verbose output" }, + { "quiet", OPT_QUIET, '-', "Terse output" }, OPT_R_OPTIONS, OPT_PROV_OPTIONS, OPT_PARAMETERS(), - {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, - {NULL} + { "numbits", 0, 0, "Number of bits if generating parameters (optional)" }, + { NULL } }; int dhparam_main(int argc, char **argv) @@ -96,7 +108,7 @@ int dhparam_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: - opthelp: + opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -175,7 +187,7 @@ int dhparam_main(int argc, char **argv) if (dsaparam && g) { BIO_printf(bio_err, - "Error, generator may not be chosen for DSA parameters\n"); + "Error, generator may not be chosen for DSA parameters\n"); goto end; } @@ -193,22 +205,22 @@ int dhparam_main(int argc, char **argv) ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, - "Error, %s param generation context allocation failed\n", - alg); + "Error, %s param generation context allocation failed\n", + alg); goto end; } EVP_PKEY_CTX_set_app_data(ctx, bio_err); if (verbose) { EVP_PKEY_CTX_set_cb(ctx, progress_cb); BIO_printf(bio_err, - "Generating %s parameters, %d bit long %sprime\n", - alg, num, dsaparam ? "" : "safe "); + "Generating %s parameters, %d bit long %sprime\n", + alg, num, dsaparam ? "" : "safe "); } if (EVP_PKEY_paramgen_init(ctx) <= 0) { BIO_printf(bio_err, - "Error, unable to initialise %s parameters\n", - alg); + "Error, unable to initialise %s parameters\n", + alg); goto end; } @@ -258,32 +270,34 @@ int dhparam_main(int argc, char **argv) */ done = 1; /* - * We set NULL for the keytype to allow any key type. We don't know - * if we're going to get DH or DHX (or DSA in the event of dsaparam). - * We check that we got one of those key types afterwards. - */ + * We set NULL for the keytype to allow any key type. We don't know + * if we're going to get DH or DHX (or DSA in the event of dsaparam). + * We check that we got one of those key types afterwards. + */ decoderctx = OSSL_DECODER_CTX_new_for_pkey(&tmppkey, - (informat == FORMAT_ASN1) - ? "DER" : "PEM", - NULL, - (informat == FORMAT_ASN1) - ? keytype : NULL, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - NULL, NULL); + (informat == FORMAT_ASN1) + ? "DER" + : "PEM", + NULL, + (informat == FORMAT_ASN1) + ? keytype + : NULL, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + NULL, NULL); if (decoderctx != NULL - && !OSSL_DECODER_from_bio(decoderctx, in) - && informat == FORMAT_ASN1 - && strcmp(keytype, "DH") == 0) { + && !OSSL_DECODER_from_bio(decoderctx, in) + && informat == FORMAT_ASN1 + && strcmp(keytype, "DH") == 0) { /* - * When reading DER we explicitly state the expected keytype - * because, unlike PEM, there is no header to declare what - * the contents of the DER file are. The decoders just try - * and guess. Unfortunately with DHX key types they may guess - * wrong and think we have a DSA keytype. Therefore, we try - * both DH and DHX sequentially. - */ + * When reading DER we explicitly state the expected keytype + * because, unlike PEM, there is no header to declare what + * the contents of the DER file are. The decoders just try + * and guess. Unfortunately with DHX key types they may guess + * wrong and think we have a DSA keytype. Therefore, we try + * both DH and DHX sequentially. + */ keytype = "DHX"; /* * BIO_reset() returns 0 for success for file BIOs only!!! @@ -309,7 +323,7 @@ int dhparam_main(int argc, char **argv) goto end; } else { if (!EVP_PKEY_is_a(tmppkey, "DH") - && !EVP_PKEY_is_a(tmppkey, "DHX")) { + && !EVP_PKEY_is_a(tmppkey, "DHX")) { BIO_printf(bio_err, "Error, unable to load DH parameters\n"); goto end; } @@ -339,12 +353,12 @@ int dhparam_main(int argc, char **argv) } if (!noout) { - OSSL_ENCODER_CTX *ectx = - OSSL_ENCODER_CTX_new_for_pkey(pkey, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 - ? "DER" : "PEM", - NULL, NULL); + OSSL_ENCODER_CTX *ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + outformat == FORMAT_ASN1 + ? "DER" + : "PEM", + NULL, NULL); if (ectx == NULL || !OSSL_ENCODER_to_bio(ectx, out)) { OSSL_ENCODER_CTX_free(ectx); @@ -354,7 +368,7 @@ int dhparam_main(int argc, char **argv) OSSL_ENCODER_CTX_free(ectx); } ret = 0; - end: +end: if (ret != 0) ERR_print_errors(bio_err); BIO_free(in); @@ -380,33 +394,33 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh) EVP_PKEY *pkey = NULL; if (!EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_P, &bn_p) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) { + || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q) + || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, - bn_p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, - bn_q) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, - bn_g) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, + bn_p) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, + bn_q) + || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, + bn_g) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq()); if (ctx == NULL - || EVP_PKEY_fromdata_init(ctx) <= 0 - || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { + || EVP_PKEY_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { BIO_printf(bio_err, "Error, failed to set DH parameters\n"); goto err; } - err: +err: EVP_PKEY_CTX_free(ctx); OSSL_PARAM_free(params); OSSL_PARAM_BLD_free(tmpl); @@ -415,4 +429,3 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh) BN_free(bn_g); return pkey; } - |