applications.
return(x);
}
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_private_key(e, file, pass);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
return(pkey);
}
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+ if (format == FORMAT_ENGINE)
+ {
+ if (!e)
+ BIO_printf(bio_err,"no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file, NULL);
+ goto end;
+ }
key=BIO_new(BIO_s_file());
if (key == NULL)
{
#include <openssl/x509.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
+#include <openssl/engine.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_UNDEF 0
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - PEM private key file\n",
+" -keyfile arg - private key file\n",
+" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n",
" -in file - The input PEM encoded certificate request(s)\n",
char *policy=NULL;
char *keyfile=NULL;
char *certfile=NULL;
+ int keyform=FORMAT_PEM;
char *infile=NULL;
char *spkac_file=NULL;
char *ss_cert_file=NULL;
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err,"Error getting password\n");
goto err;
}
- if (BIO_read_filename(in,keyfile) <= 0)
+ if (keyform == FORMAT_ENGINE)
{
- perror(keyfile);
- BIO_printf(bio_err,"trying to load CA private key\n");
- goto err;
+ if (!e)
+ {
+ BIO_printf(bio_err,"no engine specified\n");
+ goto err;
+ }
+ pkey = ENGINE_load_private_key(e, keyfile, key);
}
+ else if (keyform == FORMAT_PEM)
+ {
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ BIO_printf(bio_err,"trying to load CA private key\n");
+ goto err;
+ }
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- if(key) memset(key,0,strlen(key));
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key file\n");
+ goto err;
+ }
+ if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
char pname[PROG_NAME_SIZE];
int separator=0;
int debug=0;
+ int keyform=FORMAT_PEM;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
char out_bin = -1, want_pub = 0, do_verify = 0;
if (--argc < 1) break;
sigfile=*(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) break;
+ keyform=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
+ BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
goto end;
}
- if(keyfile) {
- BIO *keybio;
- keybio = BIO_new_file(keyfile, "r");
- if(!keybio) {
- BIO_printf(bio_err, "Error opening key file %s\n",
- keyfile);
- ERR_print_errors(bio_err);
+ if(keyfile)
+ {
+ if (keyform == FORMAT_PEM)
+ {
+ BIO *keybio;
+ keybio = BIO_new_file(keyfile, "r");
+ if(!keybio)
+ {
+ BIO_printf(bio_err,
+ "Error opening key file %s\n",
+ keyfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if(want_pub)
+ sigkey = PEM_read_bio_PUBKEY(keybio,
+ NULL, NULL, NULL);
+ else
+ sigkey = PEM_read_bio_PrivateKey(keybio,
+ NULL, NULL, NULL);
+ BIO_free(keybio);
+ }
+ else if (keyform == FORMAT_ENGINE)
+ {
+ if (!e)
+ {
+ BIO_printf(bio_err,"no engine specified\n");
+ goto end;
+ }
+ if (want_pub)
+ sigkey = ENGINE_load_public_key(e, keyfile, NULL);
+ else
+ sigkey = ENGINE_load_private_key(e, keyfile, NULL);
+ }
+ else
+ {
+ BIO_printf(bio_err,
+ "bad input format specified for key file\n");
goto end;
- }
+ }
- if(want_pub)
- sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
- else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
- BIO_free(keybio);
if(!sigkey) {
BIO_printf(bio_err, "Error reading key file %s\n",
keyfile);
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
+ char *engine = NULL;
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
+ } else if(!strcmp(*argv, "-engine")) {
+ if (--argc < 1) badarg = 1;
+ engine = *(++argv);
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
goto end;
}
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto end;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) {
case KEY_PRIVKEY:
- pkey = load_key(bio_err, keyfile, keyform, NULL);
+ pkey = load_key(bio_err, keyfile, keyform, NULL, e);
break;
case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, keyfile, keyform);
+ pkey = load_pubkey(bio_err, keyfile, keyform, e);
break;
case KEY_CERT:
} else keyfile = NULL;
if(keyfile) {
- if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
+ if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
ERR_print_errors(bio_err);
goto end;
if (Upkey == NULL)
{
Upkey=load_key(bio_err,
- keyfile,keyformat, passin);
+ keyfile,keyformat, passin, e);
if (Upkey == NULL) goto end;
}
#ifndef NO_DSA
if (CAkeyfile != NULL)
{
CApkey=load_key(bio_err,
- CAkeyfile,CAkeyformat, passin);
+ CAkeyfile,CAkeyformat, passin,
+ e);
if (CApkey == NULL) goto end;
}
#ifndef NO_DSA
else
{
pk=load_key(bio_err,
- keyfile,FORMAT_PEM, passin);
+ keyfile,FORMAT_PEM, passin, e);
if (pk == NULL) goto end;
}