From: Richard Levitte Date: Sat, 28 Oct 2000 22:40:40 +0000 (+0000) Subject: Add the possibility to use keys handled by engines in more X-Git-Tag: rsaref~45 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=32d862ede4540acfdc8fe7f56bf583f7a2be3dbb;p=oweals%2Fopenssl.git Add the possibility to use keys handled by engines in more applications. --- diff --git a/apps/apps.c b/apps/apps.c index 0190d71ee2..a04f871d0a 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -553,7 +553,7 @@ end: return(x); } -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) +EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e) { BIO *key=NULL; EVP_PKEY *pkey=NULL; @@ -563,6 +563,14 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) BIO_printf(err,"no keyfile specified\n"); goto end; } + if (format == FORMAT_ENGINE) + { + if (!e) + BIO_printf(bio_err,"no engine specified\n"); + else + pkey = ENGINE_load_private_key(e, file, pass); + goto end; + } key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -602,7 +610,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) return(pkey); } -EVP_PKEY *load_pubkey(BIO *err, char *file, int format) +EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e) { BIO *key=NULL; EVP_PKEY *pkey=NULL; @@ -612,6 +620,14 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format) BIO_printf(err,"no keyfile specified\n"); goto end; } + if (format == FORMAT_ENGINE) + { + if (!e) + BIO_printf(bio_err,"no engine specified\n"); + else + pkey = ENGINE_load_public_key(e, file, NULL); + goto end; + } key=BIO_new(BIO_s_file()); if (key == NULL) { diff --git a/apps/apps.h b/apps/apps.h index 7a834f9d89..e8272a3973 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -67,6 +67,7 @@ #include #include #include +#include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); int app_RAND_write_file(const char *file, BIO *bio_e); @@ -152,8 +153,8 @@ int set_name_ex(unsigned long *flags, const char *arg); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(BIO *err, LHASH *conf); X509 *load_cert(BIO *err, char *file, int format); -EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass); -EVP_PKEY *load_pubkey(BIO *err, char *file, int format); +EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e); +EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e); STACK_OF(X509) *load_certs(BIO *err, char *file, int format); #define FORMAT_UNDEF 0 diff --git a/apps/ca.c b/apps/ca.c index 2ab0c4db51..8184f2efca 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -153,7 +153,8 @@ static char *ca_usage[]={ " -days arg - number of days to certify the certificate for\n", " -md arg - md to use, one of md2, md5, sha or sha1\n", " -policy arg - The CA 'policy' to support\n", -" -keyfile arg - PEM private key file\n", +" -keyfile arg - private key file\n", +" -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", " -in file - The input PEM encoded certificate request(s)\n", @@ -236,6 +237,7 @@ int MAIN(int argc, char **argv) char *policy=NULL; char *keyfile=NULL; char *certfile=NULL; + int keyform=FORMAT_PEM; char *infile=NULL; char *spkac_file=NULL; char *ss_cert_file=NULL; @@ -337,6 +339,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; keyfile= *(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) goto bad; + keyform=str2fmt(*(++argv)); + } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; @@ -563,14 +570,31 @@ bad: BIO_printf(bio_err,"Error getting password\n"); goto err; } - if (BIO_read_filename(in,keyfile) <= 0) + if (keyform == FORMAT_ENGINE) { - perror(keyfile); - BIO_printf(bio_err,"trying to load CA private key\n"); - goto err; + if (!e) + { + BIO_printf(bio_err,"no engine specified\n"); + goto err; + } + pkey = ENGINE_load_private_key(e, keyfile, key); } + else if (keyform == FORMAT_PEM) + { + if (BIO_read_filename(in,keyfile) <= 0) + { + perror(keyfile); + BIO_printf(bio_err,"trying to load CA private key\n"); + goto err; + } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - if(key) memset(key,0,strlen(key)); + } + else + { + BIO_printf(bio_err,"bad input format specified for key file\n"); + goto err; + } + if(key) memset(key,0,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); diff --git a/apps/dgst.c b/apps/dgst.c index ab3e2dbb02..8500f6c7e6 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -93,6 +93,7 @@ int MAIN(int argc, char **argv) char pname[PROG_NAME_SIZE]; int separator=0; int debug=0; + int keyform=FORMAT_PEM; const char *outfile = NULL, *keyfile = NULL; const char *sigfile = NULL, *randfile = NULL; char out_bin = -1, want_pub = 0, do_verify = 0; @@ -157,6 +158,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; sigfile=*(++argv); } + else if (strcmp(*argv,"-keyform") == 0) + { + if (--argc < 1) break; + keyform=str2fmt(*(++argv)); + } else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; @@ -196,6 +202,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); + BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); @@ -280,20 +287,47 @@ int MAIN(int argc, char **argv) goto end; } - if(keyfile) { - BIO *keybio; - keybio = BIO_new_file(keyfile, "r"); - if(!keybio) { - BIO_printf(bio_err, "Error opening key file %s\n", - keyfile); - ERR_print_errors(bio_err); + if(keyfile) + { + if (keyform == FORMAT_PEM) + { + BIO *keybio; + keybio = BIO_new_file(keyfile, "r"); + if(!keybio) + { + BIO_printf(bio_err, + "Error opening key file %s\n", + keyfile); + ERR_print_errors(bio_err); + goto end; + } + if(want_pub) + sigkey = PEM_read_bio_PUBKEY(keybio, + NULL, NULL, NULL); + else + sigkey = PEM_read_bio_PrivateKey(keybio, + NULL, NULL, NULL); + BIO_free(keybio); + } + else if (keyform == FORMAT_ENGINE) + { + if (!e) + { + BIO_printf(bio_err,"no engine specified\n"); + goto end; + } + if (want_pub) + sigkey = ENGINE_load_public_key(e, keyfile, NULL); + else + sigkey = ENGINE_load_private_key(e, keyfile, NULL); + } + else + { + BIO_printf(bio_err, + "bad input format specified for key file\n"); goto end; - } + } - if(want_pub) - sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL); - else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); - BIO_free(keybio); if(!sigkey) { BIO_printf(bio_err, "Error reading key file %s\n", keyfile); diff --git a/apps/rsautl.c b/apps/rsautl.c index de231b0456..1bbf33d5d9 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -62,6 +62,7 @@ #include #include #include +#include #define RSA_SIGN 1 #define RSA_VERIFY 2 @@ -82,8 +83,10 @@ int MAIN(int argc, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; + char *engine = NULL; char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -117,6 +120,9 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if(!strcmp(*argv, "-engine")) { + if (--argc < 1) badarg = 1; + engine = *(++argv); } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -151,16 +157,34 @@ int MAIN(int argc, char **argv) goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); switch(key_type) { case KEY_PRIVKEY: - pkey = load_key(bio_err, keyfile, keyform, NULL); + pkey = load_key(bio_err, keyfile, keyform, NULL, e); break; case KEY_PUBKEY: - pkey = load_pubkey(bio_err, keyfile, keyform); + pkey = load_pubkey(bio_err, keyfile, keyform, e); break; case KEY_CERT: diff --git a/apps/smime.c b/apps/smime.c index 16b940084b..0a16bbc4dd 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -399,7 +399,7 @@ int MAIN(int argc, char **argv) } else keyfile = NULL; if(keyfile) { - if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) { + if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) { BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); ERR_print_errors(bio_err); goto end; diff --git a/apps/x509.c b/apps/x509.c index ea5b0b8526..de25790145 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -853,7 +853,7 @@ bad: if (Upkey == NULL) { Upkey=load_key(bio_err, - keyfile,keyformat, passin); + keyfile,keyformat, passin, e); if (Upkey == NULL) goto end; } #ifndef NO_DSA @@ -871,7 +871,8 @@ bad: if (CAkeyfile != NULL) { CApkey=load_key(bio_err, - CAkeyfile,CAkeyformat, passin); + CAkeyfile,CAkeyformat, passin, + e); if (CApkey == NULL) goto end; } #ifndef NO_DSA @@ -898,7 +899,7 @@ bad: else { pk=load_key(bio_err, - keyfile,FORMAT_PEM, passin); + keyfile,FORMAT_PEM, passin, e); if (pk == NULL) goto end; }