This allows setting the ML-KEM and ML-DSA output formats.
At the same fixing surprising lack of password encryption
of PKCS#8 private keys in DER output form in the CLI apps.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29324)
typedef enum OPTION_choice {
OPT_COMMON,
OPT_OUTFORM,
+ OPT_ENCOPT,
OPT_OUT,
OPT_PASS,
OPT_PARAMFILE,
{ "out", OPT_OUT, '>', "Output (private key) file" },
{ "outpubkey", OPT_OUTPUBKEY, '>', "Output public key file" },
{ "outform", OPT_OUTFORM, 'F', "output format (DER or PEM)" },
+ { "encopt", OPT_ENCOPT, 's', "Private key encoder parameter" },
{ "pass", OPT_PASS, 's', "Output file pass phrase source" },
{ "genparam", OPT_GENPARAM, '-', "Generate parameters, not key" },
{ "text", OPT_TEXT, '-', "Print the private key in text" },
OPTION_CHOICE o;
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int private = 0, i;
+ STACK_OF(OPENSSL_STRING) *encopt = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
STACK_OF(OPENSSL_STRING) *keyopt = NULL;
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
+ case OPT_ENCOPT:
+ if (encopt == NULL)
+ encopt = sk_OPENSSL_STRING_new_null();
+ if (!sk_OPENSSL_STRING_push(encopt, opt_arg()))
+ goto end;
+ break;
case OPT_OUT:
outfile = opt_arg();
break;
rv = PEM_write_bio_Parameters(mem_out, pkey);
} else if (outformat == FORMAT_PEM) {
assert(private);
- rv = PEM_write_bio_PrivateKey(mem_out, pkey, cipher, NULL, 0, NULL, pass);
+ rv = encode_private_key(mem_out, "PEM", pkey, encopt, cipher, pass);
if (rv > 0 && mem_outpubkey != NULL)
rv = PEM_write_bio_PUBKEY(mem_outpubkey, pkey);
} else if (outformat == FORMAT_ASN1) {
assert(private);
- rv = i2d_PrivateKey_bio(mem_out, pkey);
+ rv = encode_private_key(mem_out, "DER", pkey, encopt, cipher, pass);
if (rv > 0 && mem_outpubkey != NULL)
rv = i2d_PUBKEY_bio(mem_outpubkey, pkey);
} else {
outfile, strerror(errno));
}
}
+ sk_OPENSSL_STRING_free(encopt);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
EVP_CIPHER_free(cipher);
int progress_cb(EVP_PKEY_CTX *ctx);
void dump_cert_text(BIO *out, X509 *x);
+int encode_private_key(
+ BIO *out, const char *output_type, const EVP_PKEY *pkey,
+ const STACK_OF(OPENSSL_STRING) *encopt, const EVP_CIPHER *cipher,
+ const char *pass);
void print_name(BIO *out, const char *title, const X509_NAME *nm);
void print_bignum_var(BIO *, const BIGNUM *, const char *,
int, unsigned char *);
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/core_names.h>
+#include <openssl/encoder.h>
#include "s_apps.h"
#include "apps.h"
return rv;
}
+static int
+encoder_ctrl_string(OSSL_ENCODER_CTX *ctx, const char *value)
+{
+ int rv = 0;
+ char *stmp, *vtmp = NULL;
+
+ stmp = OPENSSL_strdup(value);
+ if (stmp == NULL)
+ return -1;
+ vtmp = strchr(stmp, ':');
+ if (vtmp == NULL) {
+ BIO_printf(bio_err,
+ "Missing encoder option value: %s\n", value);
+ goto end;
+ }
+
+ *vtmp = 0;
+ vtmp++;
+ rv = OSSL_ENCODER_CTX_ctrl_string(ctx, stmp, vtmp);
+
+end:
+ OPENSSL_free(stmp);
+ return rv;
+}
+
+int encode_private_key(BIO *out, const char *output_type, const EVP_PKEY *pkey,
+ const STACK_OF(OPENSSL_STRING) *encopt,
+ const EVP_CIPHER *cipher, const char *pass)
+{
+ int ret = 0;
+ OSSL_ENCODER_CTX *ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PRIVATE_KEY,
+ output_type, "PrivateKeyInfo", NULL);
+
+ if (ectx == NULL)
+ return 0;
+
+ if (cipher != NULL)
+ if (!OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(cipher), NULL)
+ || !OSSL_ENCODER_CTX_set_passphrase(ectx, (const unsigned char *)pass,
+ strlen(pass)))
+ goto end;
+
+ if (encopt != NULL) {
+ int i, n = sk_OPENSSL_STRING_num(encopt);
+
+ for (i = 0; i < n; ++i) {
+ const char *opt = sk_OPENSSL_STRING_value(encopt, i);
+
+ if (encoder_ctrl_string(ectx, opt) <= 0)
+ goto end;
+ }
+ }
+
+ ret = OSSL_ENCODER_to_bio(ectx, out);
+end:
+ OSSL_ENCODER_CTX_free(ectx);
+ return ret;
+}
+
static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
{
X509_POLICY_NODE *node;
#include "ec_common.h"
#include <openssl/pem.h>
#include <openssl/err.h>
+#include <openssl/encoder.h>
#include <openssl/evp.h>
#include <openssl/core_names.h>
OPT_COMMON,
OPT_INFORM,
OPT_OUTFORM,
+ OPT_ENCOPT,
OPT_PASSIN,
OPT_PASSOUT,
OPT_IN,
OPT_SECTION("Output"),
{ "out", OPT_OUT, '>', "Output file for encoded and/or text output" },
{ "outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)" },
+ { "encopt", OPT_ENCOPT, 's', "Private key encoder parameter" },
{ "", OPT_CIPHER, '-', "Any supported cipher to be used for encryption" },
{ "passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source" },
{ "traditional", OPT_TRADITIONAL, '-',
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
+ STACK_OF(OPENSSL_STRING) *encopt = NULL;
#ifndef OPENSSL_NO_EC
char *asn1_encoding = NULL;
char *point_format = NULL;
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
+ case OPT_ENCOPT:
+ if (encopt == NULL)
+ encopt = sk_OPENSSL_STRING_new_null();
+ if (!sk_OPENSSL_STRING_push(encopt, opt_arg()))
+ goto end;
+ break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
if (passoutarg != NULL)
BIO_printf(bio_err,
"Warning: The -passout option is ignored without a cipher option\n");
+ } else if (noout) {
+ EVP_CIPHER_free(cipher);
+ cipher = NULL;
} else {
- if (noout || outformat != FORMAT_PEM) {
+ switch (outformat) {
+ case FORMAT_PEM:
+ break;
+ case FORMAT_ASN1:
+ if (!traditional)
+ break;
+ /* FALLTHROUGH */
+ default:
BIO_printf(bio_err,
- "Error: Cipher options are supported only for PEM output\n");
+ "Error: Cipher options are supported only in PEM "
+ "and non-traditional DER output forms\n");
goto end;
}
}
passout))
goto end;
} else {
- if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
- NULL, 0, NULL, passout))
+ if (!encode_private_key(out, "PEM", pkey, encopt, cipher, passout))
goto end;
}
}
if (!i2d_PrivateKey_bio(out, pkey))
goto end;
} else {
- if (!i2d_PKCS8PrivateKey_bio(out, pkey, NULL, NULL, 0,
- NULL, NULL))
+ if (!encode_private_key(out, "DER", pkey, encopt, cipher, passout))
goto end;
}
}
end:
if (ret != 0)
ERR_print_errors(bio_err);
+ sk_OPENSSL_STRING_free(encopt);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
EVP_CIPHER_free(cipher);
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA OSSL_ENCODER_str_reasons[] = {
+ { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_BAD_PARAMETER_VALUE),
+ "bad parameter value" },
{ ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_ENCODER_NOT_FOUND),
"encoder not found" },
{ ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY),
"incorrect property query" },
{ ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_MISSING_GET_PARAMS),
"missing get params" },
+ { ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_UNKNOWN_PARAMETER_NAME),
+ "unknown parameter name" },
{ 0, NULL }
};
#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/encoder.h>
+#include <openssl/encodererr.h>
#include <openssl/ui.h>
#include "internal/core.h"
#include "internal/namemap.h"
return ok;
}
+int OSSL_ENCODER_CTX_ctrl_string(OSSL_ENCODER_CTX *ctx,
+ const char *name, const char *value)
+{
+ const OSSL_PARAM *settable = NULL;
+ int i, n, ok = 0;
+
+ if (!ossl_assert(ctx != NULL)) {
+ ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (ctx->encoder_insts == NULL)
+ return 1;
+
+ n = OSSL_ENCODER_CTX_get_num_encoders(ctx);
+ for (i = 0; i < n; i++) {
+ OSSL_ENCODER_INSTANCE *encoder_inst = sk_OSSL_ENCODER_INSTANCE_value(ctx->encoder_insts, i);
+ OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
+ void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ int good = 0;
+
+ if (encoderctx == NULL || encoder->set_ctx_params == NULL)
+ continue;
+
+ settable = OSSL_ENCODER_settable_ctx_params(encoder);
+ if (settable == NULL)
+ continue;
+ if (!OSSL_PARAM_allocate_from_text(params, settable, name, value,
+ strlen(value), &good)) {
+ if (!good)
+ continue;
+ ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_BAD_PARAMETER_VALUE,
+ "bad encoder parameter value: %s:%s", name, value);
+ return 0;
+ }
+ good = encoder->set_ctx_params(encoderctx, params);
+ OPENSSL_free(params[0].data);
+ if (!good)
+ return 0;
+ ++ok;
+ }
+ if (!ok) {
+ ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_UNKNOWN_PARAMETER_NAME,
+ "unknown encoder parameter name: %s", name);
+ }
+ return ok;
+}
+
void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx)
{
if (ctx != NULL) {
OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT:101:could not decode object
OSSL_DECODER_R_DECODER_NOT_FOUND:102:decoder not found
OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params
+OSSL_ENCODER_R_BAD_PARAMETER_VALUE:103:bad parameter value
OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found
OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
OSSL_ENCODER_R_MISSING_GET_PARAMS:102:missing get params
+OSSL_ENCODER_R_UNKNOWN_PARAMETER_NAME:104:unknown parameter name
OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
[B<-pkeyopt> I<opt>:I<value>]
+[B<-encopt> I<opt>:I<value>]
[B<-genparam>]
[B<-text>]
{- $OpenSSL::safe::opt_r_synopsis -}
=item B<-pkeyopt> I<opt>:I<value>
-Set the public key algorithm option I<opt> to I<value>. The precise set of
-options supported depends on the public key algorithm used and its
+Set the public key algorithm option I<opt> to I<value>.
+The precise set of
+supported options depends on the public key algorithm used and its
implementation. See L</KEY GENERATION OPTIONS> and
L</PARAMETER GENERATION OPTIONS> below for more details.
To list the possible I<opt> values for an algorithm use:
B<openssl> B<genpkey> -algorithm XXX -help
+=item B<-encopt> I<opt>:I<value>
+
+Set the private key encoder parameter I<opt> to I<value>.
+In order to set multiple parameters, multiple B<-encopt> options can be
+specified, each specifying a single parameter.
+The precise set of supported parameters depends on the public key algorithm
+involved and its implementation.
+This is primarily applicable to B<ML-DSA> and B<ML-KEM>, whose private key
+encoding to a B<PKCS#8> object can take a number of different forms.
+The C<output_formats> parameter can be used to select the preferred output
+forms.
+See L<EVP_PKEY-ML-DSA(7)> and L<EVP_PKEY-ML-KEM(7)> for details.
+
=item B<-genparam>
Generate a set of parameters instead of a private key. If used this option must
The B<-engine> option was removed in OpenSSL 4.0.
+The B<-encopt> option was added in OpenSSL 4.0.
+
+As of OpenSSL 4.0 the B<-pass> and B<-I<cipher>> options apply when
+private keys are output in either B<DER> or B<PEM> form.
+Previously, these private key encryption options were ignored in B<DER> form.
+
=head1 COPYRIGHT
Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
[B<-pubin>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
+[B<-encopt> I<opt>:I<value>]
[B<-I<cipher>>]
[B<-passout> I<arg>]
[B<-traditional>]
The key output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
+=item B<-encopt> I<opt>:I<value>
+
+Set the private key encoder parameter I<opt> to I<value>.
+In order to set multiple parameters, multiple B<-encopt> options can be
+specified, each specifying a single parameter.
+The precise set of supported parameters depends on the public key algorithm
+involved and its implementation.
+This is primarily applicable to B<ML-DSA> and B<ML-KEM>, whose private key
+encoding to a B<PKCS#8> object can take a number of different forms.
+The C<output_formats> parameter can be used to select the preferred output
+forms.
+See L<EVP_PKEY-ML-DSA(7)> and L<EVP_PKEY-ML-KEM(7)> for details.
+
=item B<-I<cipher>>
Encrypt the PEM encoded private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<aes128>.
-Encryption is not supported for DER output.
+In B<DER> output form encryption is supported only in the default B<PKCS#8>
+form and and is not available when the B<-traditional> option is used.
=item B<-passout> I<arg>
=item B<-traditional>
Normally a private key is written using standard format: this is PKCS#8 form
-with the appropriate encryption algorithm (if any). If the B<-traditional>
-option is specified then the older "traditional" format is used instead.
+with the appropriate encryption algorithm (if any).
+If the B<-traditional> option is specified then the older "traditional" format
+is used instead, and in B<DER> output form encryption is not available.
=item B<-pubout>
The B<-engine> option was removed in OpenSSL 4.0.
+The B<-encopt> option was added in OpenSSL 4.0.
+
+As of OpenSSL 4.0 the B<-pass> and B<-I<cipher>> options apply when private
+keys are output in both B<PEM> and B<DER> (except with B<-traditional>) forms.
+Previously, these private key encryption options were rejected in combination
+with the B<DER> output form.
+
=head1 COPYRIGHT
Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
OSSL_ENCODER_CTX_new,
OSSL_ENCODER_settable_ctx_params,
OSSL_ENCODER_CTX_set_params,
+OSSL_ENCODER_CTX_ctrl_string,
OSSL_ENCODER_CTX_free,
OSSL_ENCODER_CTX_set_selection,
OSSL_ENCODER_CTX_set_output_type,
const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder);
int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx,
const OSSL_PARAM params[]);
+ int OSSL_ENCODER_CTX_ctrl_string(OSSL_ENCODER_CTX *ctx,
+ const char *name, const char *val);
void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx);
int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection);
with an L<OSSL_PARAM(3)> array I<params>. Parameters that the
implementation doesn't recognise should be ignored.
+OSSL_ENCODER_CTX_ctrl_string() attempts to set a single parameter named I<name>
+by parsing the specified string I<value> to the type of a settable parameter
+associated with one of the underlying encoders.
+An error is reported if no parameter named I<name> is a settable in any of the
+underlying encoders, the I<value> fails to parse, or the encoder implementation
+rejects the parsed value.
+
OSSL_ENCODER_CTX_free() frees the given context I<ctx>.
If the argument is NULL, nothing is done.
valid, or 0 if one of them was invalid or caused some other failure in the
implementation.
+OSSL_ENCODER_CTX_ctrl_string() returns 1 on success and 0 on error.
+
OSSL_ENCODER_CTX_add_encoder(),
OSSL_ENCODER_CTX_add_extra(),
OSSL_ENCODER_CTX_set_cleanup(),
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(void);
int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx,
const OSSL_PARAM params[]);
+int OSSL_ENCODER_CTX_ctrl_string(OSSL_ENCODER_CTX *ctx,
+ const char *name, const char *val);
void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx);
/* Utilities that help set specific parameters */
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/*
* OSSL_ENCODER reason codes.
*/
+#define OSSL_ENCODER_R_BAD_PARAMETER_VALUE 103
#define OSSL_ENCODER_R_ENCODER_NOT_FOUND 101
#define OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY 100
#define OSSL_ENCODER_R_MISSING_GET_PARAMS 102
+#define OSSL_ENCODER_R_UNKNOWN_PARAMETER_NAME 104
#endif
my $pem = sprintf("prv-%s-%s.%d.pem", $alg, $f, $i++);
ok(run(app(['openssl', 'genpkey', '-out', $pem,
'-pkeyopt', "hexseed:$seed", '-algorithm', "ml-dsa-$alg",
- '-provparam', "ml-dsa.output_formats=$f"])));
+ '-encopt', "output_formats:$f"])));
ok(!compare_text($in, $pem),
sprintf("prvkey PEM match: %s, %s", $alg, $f));
my $pem = sprintf("prv-%s-%s.%d.pem", $alg, $f, $i++);
ok(run(app(['openssl', 'genpkey', '-out', $pem,
'-pkeyopt', "hexseed:$seed", '-algorithm', "ml-kem-$alg",
- '-provparam', "ml-kem.output_formats=$f"])));
+ '-encopt', "output_formats:$f"])));
ok(!compare_text($in, $pem),
sprintf("prvkey PEM match: %s, %s", $alg, $f));
EVP_SIGNATURE_has_message_update ? 4_0_0 EXIST::FUNCTION:
EVP_MD_CTX_serialize ? 4_0_0 EXIST::FUNCTION:
EVP_MD_CTX_deserialize ? 4_0_0 EXIST::FUNCTION:
+OSSL_ENCODER_CTX_ctrl_string ? 4_0_0 EXIST::FUNCTION:
projects / 0xmirror / openssl.git / commitdiff