#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - PEM private key file\n",
+" -keyfile arg - private key file\n",
+" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n",
" -in file - The input PEM encoded certificate request(s)\n",
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
char *policy=NULL;
char *keyfile=NULL;
char *certfile=NULL;
+ int keyform=FORMAT_PEM;
char *infile=NULL;
char *spkac_file=NULL;
char *ss_cert_file=NULL;
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+ char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
bad:
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto err;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
BIO_printf(bio_err,"Error getting password\n");
goto err;
}
- if (BIO_read_filename(in,keyfile) <= 0)
+ if (keyform == FORMAT_ENGINE)
{
- perror(keyfile);
- BIO_printf(bio_err,"trying to load CA private key\n");
- goto err;
+ if (!e)
+ {
+ BIO_printf(bio_err,"no engine specified\n");
+ goto err;
+ }
+ pkey = ENGINE_load_private_key(e, keyfile, key);
}
+ else if (keyform == FORMAT_PEM)
+ {
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ BIO_printf(bio_err,"trying to load CA private key\n");
+ goto err;
+ }
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- if(key) memset(key,0,strlen(key));
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key file\n");
+ goto err;
+ }
+ if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
if (verbose)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+#ifdef VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
TXT_DB_write(out,db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
db->data->num);
}
}
else
+ {
BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ Sout = BIO_push(tmpbio, Sout);
+ }
+#endif
+ }
}
if (req)
#endif
BIO_free(in);
- BIO_free(out);
+ BIO_free_all(out);
in=NULL;
out=NULL;
if (rename(serialfile,buf[2]) < 0)
ret=0;
err:
BIO_free(hex);
- BIO_free(Cout);
- BIO_free(Sout);
- BIO_free(out);
+ BIO_free_all(Cout);
+ BIO_free_all(Sout);
+ BIO_free_all(out);
BIO_free(in);
sk_X509_pop_free(cert_sk,X509_free);
BIO_puts(out,"\n");
ret=1;
err:
- if (out != NULL) BIO_free(out);
+ if (out != NULL) BIO_free_all(out);
if (ai != NULL) ASN1_INTEGER_free(ai);
return(ret);
}
projects / oweals / openssl.git / blobdiff