Add help for pkeyopt values for the genpkey commandline app.

[slontis]

Checklist

• documentation is added or updated
• tests are added or updated

[slontis]

Example output for

openssl genpkey -algorithm DHX -help

Usage: genpkey [options]

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device
 -paramfile infile   Parameters file
 -algorithm val      The public key algorithm
 -verbose            Output status while generating keys
 -quiet              Do not output status while generating keys
 -pkeyopt val        Set the public key algorithm option as opt:value
 -config infile      Load a configuration file (this may load modules)

Output options:
 -out outfile        Output file
 -outform PEM|DER    output format (DER or PEM)
 -pass val           Output file pass phrase source
 -genparam           Generate parameters, not key
 -text               Print the in text
 -*                  Cipher to use to encrypt the key

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
Order of options may be important!  See the documentation.

pkeyopt values are
    type:string
    group:string
    priv_len:int
    pbits:uint
    qbits:uint
    digest:string
    properties:string
    gindex:int
    hexseed:string
    pcounter:int
    hindex:int

[hlandau]

Should we not have some kind of output in the event of error (or at least a process exit code)?

[hlandau]

This would print e.g. hexpropname:string... this seems confusing?

Perhaps propname:string (hex) / propname:string?

[slontis]

I think it still needs the hex in front of the name as that is what you do to parse hex format.

[paulidale]

Should the output be checked for minimal sanity?

E.g. the string "pkeyopt values are" appears. Perhaps an option as well.

[levitte]

You do know, I hope, that you're kinda sorta reinventing the wheel? Have a look at apps/include/app_params.h and apps/lib/app_params.c. (openssl list uses those functions)

Of course, the output from those functions is bit more verbose, but I suspect it wouldn't be too hard to add a verbosity parameter.

Also, I would expect that this sort of help will find its way to all the other commands that use these sorts of opts too... not asking for it in this PR, but I'd really like it if that was the intent, at least.

[slontis]

You do know, I hope, that you're kinda sorta reinventing the wheel?.

This is NOT trying to print out every possible param value like the list does.. Only ones that are actually usable by the command (e.g. OSSL_PARAM_UTF8_PTR is not something you can set from here).

[slontis]

Also, I would expect that this sort of help will find its way to all the other commands that use these sorts of opts too... not asking for it in this PR, but I'd really like it if that was the intent, at least.

Is there really that many of them? This particular one is the one I keep on looking up all the time.

[levitte]

Also, I would expect that this sort of help will find its way to all the other commands that use these sorts of opts too... not asking for it in this PR, but I'd really like it if that was the intent, at least.

Is there really that many of them? This particular one is the one I keep on looking up all the time.

I haven't looked thoroughly, but I suspect that all pkey commands (openssl pkeyutl, openssl pkeyparam, openssl pkey) do, and I'm pretty sure that the newer operation commands (openssl mac, openssl kdf) do. Also, for example openssl dgst has things like -sigopt and -macopt, although I'm unsure how relevant that is.

[paulidale]

Having the command I want to run produce a list is useful IMO.

Knowing that list can also produce such (but in a less convenient verbosity) isn't a totally natural step. It ought to be but it isn't.

[openssl-machine]

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

[tmshort]

@hlandau ?

[openssl-machine]

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

stale

[tmshort]

As @hlandau removed their stale review, this has passed the 24 hour threshold.

[tmshort]

Merged to master. Thank you for your contribution!