generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add the possibility to use keys handled by engines in more

Browse Source 
applications.
This commit is contained in:
Richard Levitte 2000-10-28 22:40:40 +00:00
parent a44f26d5c9
commit 32d862ede4
7 changed files with 128 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/apps.c
View File

@ -553,7 +553,7 @@ end:
return(x); return(x);
} }
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
{ {
BIO *key=NULL; BIO *key=NULL;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey=NULL;
@ -563,6 +563,14 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
BIO_printf(err,"no keyfile specified\n"); BIO_printf(err,"no keyfile specified\n");
goto end; goto end;
} }
if (format == FORMAT_ENGINE)
{
if (!e)
BIO_printf(bio_err,"no engine specified\n");
else
pkey = ENGINE_load_private_key(e, file, pass);
goto end;
}
key=BIO_new(BIO_s_file()); key=BIO_new(BIO_s_file());
if (key == NULL) if (key == NULL)
{ {
@ -602,7 +610,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
return(pkey); return(pkey);
} }
EVP_PKEY *load_pubkey(BIO *err, char *file, int format) EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
{ {
BIO *key=NULL; BIO *key=NULL;
EVP_PKEY *pkey=NULL; EVP_PKEY *pkey=NULL;
@ -612,6 +620,14 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
BIO_printf(err,"no keyfile specified\n"); BIO_printf(err,"no keyfile specified\n");
goto end; goto end;
} }
if (format == FORMAT_ENGINE)
{
if (!e)
BIO_printf(bio_err,"no engine specified\n");
else
pkey = ENGINE_load_public_key(e, file, NULL);
goto end;
}
key=BIO_new(BIO_s_file()); key=BIO_new(BIO_s_file());
if (key == NULL) if (key == NULL)
{ {

5
apps/apps.h
View File

@ -67,6 +67,7 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/lhash.h> #include <openssl/lhash.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/engine.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e); int app_RAND_write_file(const char *file, BIO *bio_e);
@ -152,8 +153,8 @@ int set_name_ex(unsigned long *flags, const char *arg);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf); int add_oid_section(BIO *err, LHASH *conf);
X509 *load_cert(BIO *err, char *file, int format); X509 *load_cert(BIO *err, char *file, int format);
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass); EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
EVP_PKEY *load_pubkey(BIO *err, char *file, int format); EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
STACK_OF(X509) *load_certs(BIO *err, char *file, int format); STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_UNDEF 0 #define FORMAT_UNDEF 0

36
apps/ca.c
View File

@ -153,7 +153,8 @@ static char *ca_usage[]={
" -days arg - number of days to certify the certificate for\n", " -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n", " -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n", " -policy arg - The CA 'policy' to support\n",
" -keyfile arg - PEM private key file\n", " -keyfile arg - private key file\n",
" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n", " -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n", " -cert file - The CA certificate\n",
" -in file - The input PEM encoded certificate request(s)\n", " -in file - The input PEM encoded certificate request(s)\n",
@ -236,6 +237,7 @@ int MAIN(int argc, char **argv)
char *policy=NULL; char *policy=NULL;
char *keyfile=NULL; char *keyfile=NULL;
char *certfile=NULL; char *certfile=NULL;
int keyform=FORMAT_PEM;
char *infile=NULL; char *infile=NULL;
char *spkac_file=NULL; char *spkac_file=NULL;
char *ss_cert_file=NULL; char *ss_cert_file=NULL;
@ -337,6 +339,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
keyfile= *(++argv); keyfile= *(++argv);
} }
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
keyform=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-passin") == 0) else if (strcmp(*argv,"-passin") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@ -563,14 +570,31 @@ bad:
BIO_printf(bio_err,"Error getting password\n"); BIO_printf(bio_err,"Error getting password\n");
goto err; goto err;
} }
if (BIO_read_filename(in,keyfile) <= 0) if (keyform == FORMAT_ENGINE)
{ {
perror(keyfile); if (!e)
BIO_printf(bio_err,"trying to load CA private key\n"); {
BIO_printf(bio_err,"no engine specified\n");
goto err;
}
pkey = ENGINE_load_private_key(e, keyfile, key);
}
else if (keyform == FORMAT_PEM)
{
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
BIO_printf(bio_err,"trying to load CA private key\n");
goto err;
}
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
}
else
{
BIO_printf(bio_err,"bad input format specified for key file\n");
goto err; goto err;
} }
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); if(key) memset(key,0,strlen(key));
if(key) memset(key,0,strlen(key));
if (pkey == NULL) if (pkey == NULL)
{ {
BIO_printf(bio_err,"unable to load CA private key\n"); BIO_printf(bio_err,"unable to load CA private key\n");

58
apps/dgst.c
View File

@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
char pname[PROG_NAME_SIZE]; char pname[PROG_NAME_SIZE];
int separator=0; int separator=0;
int debug=0; int debug=0;
int keyform=FORMAT_PEM;
const char *outfile = NULL, *keyfile = NULL; const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL; const char *sigfile = NULL, *randfile = NULL;
char out_bin = -1, want_pub = 0, do_verify = 0; char out_bin = -1, want_pub = 0, do_verify = 0;
@ -157,6 +158,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break; if (--argc < 1) break;
sigfile=*(++argv); sigfile=*(++argv);
} }
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) break;
keyform=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-engine") == 0) else if (strcmp(*argv,"-engine") == 0)
{ {
if (--argc < 1) break; if (--argc < 1) break;
@ -196,6 +202,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n"); BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
@ -280,20 +287,47 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
if(keyfile) { if(keyfile)
BIO *keybio; {
keybio = BIO_new_file(keyfile, "r"); if (keyform == FORMAT_PEM)
if(!keybio) { {
BIO_printf(bio_err, "Error opening key file %s\n", BIO *keybio;
keyfile); keybio = BIO_new_file(keyfile, "r");
ERR_print_errors(bio_err); if(!keybio)
{
BIO_printf(bio_err,
"Error opening key file %s\n",
keyfile);
ERR_print_errors(bio_err);
goto end;
}
if(want_pub)
sigkey = PEM_read_bio_PUBKEY(keybio,
NULL, NULL, NULL);
else
sigkey = PEM_read_bio_PrivateKey(keybio,
NULL, NULL, NULL);
BIO_free(keybio);
}
else if (keyform == FORMAT_ENGINE)
{
if (!e)
{
BIO_printf(bio_err,"no engine specified\n");
goto end;
}
if (want_pub)
sigkey = ENGINE_load_public_key(e, keyfile, NULL);
else
sigkey = ENGINE_load_private_key(e, keyfile, NULL);
}
else
{
BIO_printf(bio_err,
"bad input format specified for key file\n");
goto end; goto end;
} }
if(want_pub)
sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
BIO_free(keybio);
if(!sigkey) { if(!sigkey) {
BIO_printf(bio_err, "Error reading key file %s\n", BIO_printf(bio_err, "Error reading key file %s\n",
keyfile); keyfile);

28
apps/rsautl.c
View File

@ -62,6 +62,7 @@
#include <string.h> #include <string.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/engine.h>
#define RSA_SIGN 1 #define RSA_SIGN 1
#define RSA_VERIFY 2 #define RSA_VERIFY 2
@ -82,8 +83,10 @@ int MAIN(int argc, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL; BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL; char *infile = NULL, *outfile = NULL;
char *engine = NULL;
char *keyfile = NULL; char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM; int keyform = FORMAT_PEM;
@ -117,6 +120,9 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) { } else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1; if (--argc < 1) badarg = 1;
keyfile = *(++argv); keyfile = *(++argv);
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1) badarg = 1;
engine = *(++argv);
} else if(!strcmp(*argv, "-pubin")) { } else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY; key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) { } else if(!strcmp(*argv, "-certin")) {
@ -151,16 +157,34 @@ int MAIN(int argc, char **argv)
goto end; goto end;
} }
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/* FIXME: seed PRNG only if needed */ /* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) { switch(key_type) {
case KEY_PRIVKEY: case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, NULL); pkey = load_key(bio_err, keyfile, keyform, NULL, e);
break; break;
case KEY_PUBKEY: case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform); pkey = load_pubkey(bio_err, keyfile, keyform, e);
break; break;
case KEY_CERT: case KEY_CERT:

2
apps/smime.c
View File

@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
} else keyfile = NULL; } else keyfile = NULL;
if(keyfile) { if(keyfile) {
if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) { if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;

7
apps/x509.c
View File

@ -853,7 +853,7 @@ bad:
if (Upkey == NULL) if (Upkey == NULL)
{ {
Upkey=load_key(bio_err, Upkey=load_key(bio_err,
keyfile,keyformat, passin); keyfile,keyformat, passin, e);
if (Upkey == NULL) goto end; if (Upkey == NULL) goto end;
} }
#ifndef NO_DSA #ifndef NO_DSA
@ -871,7 +871,8 @@ bad:
if (CAkeyfile != NULL) if (CAkeyfile != NULL)
{ {
CApkey=load_key(bio_err, CApkey=load_key(bio_err,
CAkeyfile,CAkeyformat, passin); CAkeyfile,CAkeyformat, passin,
e);
if (CApkey == NULL) goto end; if (CApkey == NULL) goto end;
} }
#ifndef NO_DSA #ifndef NO_DSA
@ -898,7 +899,7 @@ bad:
else else
{ {
pk=load_key(bio_err, pk=load_key(bio_err,
keyfile,FORMAT_PEM, passin); keyfile,FORMAT_PEM, passin, e);
if (pk == NULL) goto end; if (pk == NULL) goto end;
} }