From 80bb905d3dddc1fb1ba34c03f656f00e7f3707cf Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 25 Jan 2002 19:43:52 +0000
Subject: [PATCH] Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
---
CHANGES | 10 +++++++
Configure | 1 +
apps/apps.c | 61 +++++++++++++++++++++++++++++++++++++++++++
apps/apps.h | 2 ++
apps/rsa.c | 75 ++++++++++++-----------------------------------------
5 files changed, 91 insertions(+), 58 deletions(-)
diff --git a/CHANGES b/CHANGES
index a8fd754bf..59e2e545c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,16 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Add the configuration target debug-linux-ppro.
+ Make 'openssl rsa' use the general key loading routines
+ implemented in apps.c, and make those routines able to
+ handle the key format FORMAT_NETSCAPE and the variant
+ FORMAT_IISSGC.
+ [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+) Add -keyform to rsautl, and document -engine.
[Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
diff --git a/Configure b/Configure
index 3a3ab76df..700034b8b 100755
--- a/Configure
+++ b/Configure
@@ -370,6 +370,7 @@ my %table=(
"linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
diff --git a/apps/apps.c b/apps/apps.c
index dc89fc0a8..7864e792e 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -147,6 +147,13 @@ static UI_METHOD *ui_method = NULL;
static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+#ifndef OPENSSL_NO_RC4
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
+#endif
+
int app_init(long mesgwin);
#ifdef undef /* never finished - probably never will be :-) */
int args_from_file(char *file, int *argc, char **argv[])
@@ -828,6 +835,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
pkey=PEM_read_bio_PrivateKey(key,NULL,
(pem_password_cb *)password_callback, &cb_data);
}
+#ifndef OPENSSL_NO_RC4
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
@@ -893,6 +904,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
pkey=PEM_read_bio_PUBKEY(key,NULL,
(pem_password_cb *)password_callback, &cb_data);
}
+#ifndef OPENSSL_NO_RC4
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
else
{
BIO_printf(err,"bad input format specified for key file\n");
@@ -905,6 +920,52 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
return(pkey);
}
+#ifndef OPENSSL_NO_RC4
+EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+ {
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf=BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;)
+ {
+ if (!BUF_MEM_grow(buf,size+1024*10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024*10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0)
+ {
+ BIO_printf(err, "Error reading %s %s",
+ key_descrip, file);
+ goto error;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+#endif /* ndef OPENSSL_NO_RC4 */
+
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
{
diff --git a/apps/apps.h b/apps/apps.h
index c60b28a7e..db75538a0 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -257,6 +257,8 @@ int make_serial_index(TXT_DB *db);
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
#define FORMAT_ENGINE 7
+#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
#define EXT_COPY_NONE 0
#define EXT_COPY_ADD 1
diff --git a/apps/rsa.c b/apps/rsa.c
index 8ae67bbac..863159d83 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
const EVP_CIPHER *enc=NULL;
- BIO *in=NULL,*out=NULL;
+ BIO *out=NULL;
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
@@ -220,69 +220,29 @@ bad:
goto end;
}
- in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
+ {
+ EVP_PKEY *pkey;
- BIO_printf(bio_err,"read RSA key\n");
- if (informat == FORMAT_ASN1) {
- if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
- else rsa=d2i_RSAPrivateKey_bio(in,NULL);
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat),
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat),
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
}
-#ifndef OPENSSL_NO_RC4
- else if (informat == FORMAT_NETSCAPE)
- {
- BUF_MEM *buf=NULL;
- const unsigned char *p;
- int size=0;
- buf=BUF_MEM_new();
- for (;;)
- {
- if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
- goto end;
- i=BIO_read(in,&(buf->data[size]),1024*10);
- size+=i;
- if (i == 0) break;
- if (i < 0)
- {
- perror("reading private key");
- BUF_MEM_free(buf);
- goto end;
- }
- }
- p=(unsigned char *)buf->data;
- rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
- BUF_MEM_free(buf);
- }
-#endif
- else if (informat == FORMAT_PEM) {
- if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
- else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
- }
- else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
if (rsa == NULL)
{
- BIO_printf(bio_err,"unable to load key\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -394,7 +354,6 @@ bad:
else
ret=0;
end:
- if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);