Add the possibility to use keys handled by engines in more
authorRichard Levitte <levitte@openssl.org>
Sat, 28 Oct 2000 22:40:40 +0000 (22:40 +0000)
committerRichard Levitte <levitte@openssl.org>
Sat, 28 Oct 2000 22:40:40 +0000 (22:40 +0000)
applications.

apps/apps.c
apps/apps.h
apps/ca.c
apps/dgst.c
apps/rsautl.c
apps/smime.c
apps/x509.c

index 0190d71..a04f871 100644 (file)
@@ -553,7 +553,7 @@ end:
        return(x);
        }
 
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
        {
        BIO *key=NULL;
        EVP_PKEY *pkey=NULL;
@@ -563,6 +563,14 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
                BIO_printf(err,"no keyfile specified\n");
                goto end;
                }
+       if (format == FORMAT_ENGINE)
+               {
+               if (!e)
+                       BIO_printf(bio_err,"no engine specified\n");
+               else
+                       pkey = ENGINE_load_private_key(e, file, pass);
+               goto end;
+               }
        key=BIO_new(BIO_s_file());
        if (key == NULL)
                {
@@ -602,7 +610,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
        return(pkey);
        }
 
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
        {
        BIO *key=NULL;
        EVP_PKEY *pkey=NULL;
@@ -612,6 +620,14 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
                BIO_printf(err,"no keyfile specified\n");
                goto end;
                }
+       if (format == FORMAT_ENGINE)
+               {
+               if (!e)
+                       BIO_printf(bio_err,"no engine specified\n");
+               else
+                       pkey = ENGINE_load_public_key(e, file, NULL);
+               goto end;
+               }
        key=BIO_new(BIO_s_file());
        if (key == NULL)
                {
index 7a834f9..e8272a3 100644 (file)
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
+#include <openssl/engine.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -152,8 +153,8 @@ int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 
 #define FORMAT_UNDEF    0
index 2ab0c4d..8184f2e 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -153,7 +153,8 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - PEM private key file\n",
+" -keyfile arg    - private key file\n",
+" -keyform arg    - private key file format (PEM or ENGINE)\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -236,6 +237,7 @@ int MAIN(int argc, char **argv)
        char *policy=NULL;
        char *keyfile=NULL;
        char *certfile=NULL;
+       int keyform=FORMAT_PEM;
        char *infile=NULL;
        char *spkac_file=NULL;
        char *ss_cert_file=NULL;
@@ -337,6 +339,11 @@ EF_ALIGNMENT=0;
                        if (--argc < 1) goto bad;
                        keyfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-keyform") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       keyform=str2fmt(*(++argv));
+                       }
                else if (strcmp(*argv,"-passin") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -563,14 +570,31 @@ bad:
                BIO_printf(bio_err,"Error getting password\n");
                goto err;
                }
-       if (BIO_read_filename(in,keyfile) <= 0)
+       if (keyform == FORMAT_ENGINE)
                {
-               perror(keyfile);
-               BIO_printf(bio_err,"trying to load CA private key\n");
-               goto err;
+               if (!e)
+                       {
+                       BIO_printf(bio_err,"no engine specified\n");
+                       goto err;
+                       }
+               pkey = ENGINE_load_private_key(e, keyfile, key);
                }
+       else if (keyform == FORMAT_PEM)
+               {
+               if (BIO_read_filename(in,keyfile) <= 0)
+                       {
+                       perror(keyfile);
+                       BIO_printf(bio_err,"trying to load CA private key\n");
+                       goto err;
+                       }
                pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-               if(key) memset(key,0,strlen(key));
+               }
+       else
+               {
+               BIO_printf(bio_err,"bad input format specified for key file\n");
+               goto err;
+               }
+       if(key) memset(key,0,strlen(key));
        if (pkey == NULL)
                {
                BIO_printf(bio_err,"unable to load CA private key\n");
index ab3e2db..8500f6c 100644 (file)
@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
        char pname[PROG_NAME_SIZE];
        int separator=0;
        int debug=0;
+       int keyform=FORMAT_PEM;
        const char *outfile = NULL, *keyfile = NULL;
        const char *sigfile = NULL, *randfile = NULL;
        char out_bin = -1, want_pub = 0, do_verify = 0;
@@ -157,6 +158,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) break;
                        sigfile=*(++argv);
                        }
+               else if (strcmp(*argv,"-keyform") == 0)
+                       {
+                       if (--argc < 1) break;
+                       keyform=str2fmt(*(++argv));
+                       }
                else if (strcmp(*argv,"-engine") == 0)
                        {
                        if (--argc < 1) break;
@@ -196,6 +202,7 @@ int MAIN(int argc, char **argv)
                BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
                BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
                BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+               BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
                BIO_printf(bio_err,"-signature file signature to verify\n");
                BIO_printf(bio_err,"-binary         output in binary form\n");
                BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
@@ -280,20 +287,47 @@ int MAIN(int argc, char **argv)
                goto end;
        }
 
-       if(keyfile) {
-               BIO *keybio;
-               keybio = BIO_new_file(keyfile, "r");
-               if(!keybio) {
-                       BIO_printf(bio_err, "Error opening key file %s\n",
-                                                               keyfile);
-                       ERR_print_errors(bio_err);
+       if(keyfile)
+               {
+               if (keyform == FORMAT_PEM)
+                       {
+                       BIO *keybio;
+                       keybio = BIO_new_file(keyfile, "r");
+                       if(!keybio)
+                               {
+                               BIO_printf(bio_err,
+                                       "Error opening key file %s\n",
+                                       keyfile);
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+                       if(want_pub) 
+                               sigkey = PEM_read_bio_PUBKEY(keybio,
+                                       NULL, NULL, NULL);
+                       else
+                               sigkey = PEM_read_bio_PrivateKey(keybio,
+                                       NULL, NULL, NULL);
+                       BIO_free(keybio);
+                       }
+               else if (keyform == FORMAT_ENGINE)
+                       {
+                       if (!e)
+                               {
+                               BIO_printf(bio_err,"no engine specified\n");
+                               goto end;
+                               }
+                       if (want_pub)
+                               sigkey = ENGINE_load_public_key(e, keyfile, NULL);
+                       else
+                               sigkey = ENGINE_load_private_key(e, keyfile, NULL);
+                       }
+               else
+                       {
+                       BIO_printf(bio_err,
+                               "bad input format specified for key file\n");
                        goto end;
-               }
+                       }
                
-               if(want_pub) 
-                       sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
-               else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
-               BIO_free(keybio);
                if(!sigkey) {
                        BIO_printf(bio_err, "Error reading key file %s\n",
                                                                keyfile);
index de231b0..1bbf33d 100644 (file)
@@ -62,6 +62,7 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define RSA_SIGN       1
 #define RSA_VERIFY     2
@@ -82,8 +83,10 @@ int MAIN(int argc, char **);
 
 int MAIN(int argc, char **argv)
 {
+       ENGINE *e = NULL;
        BIO *in = NULL, *out = NULL;
        char *infile = NULL, *outfile = NULL;
+       char *engine = NULL;
        char *keyfile = NULL;
        char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
        int keyform = FORMAT_PEM;
@@ -117,6 +120,9 @@ int MAIN(int argc, char **argv)
                } else if(!strcmp(*argv, "-inkey")) {
                        if (--argc < 1) badarg = 1;
                        keyfile = *(++argv);
+               } else if(!strcmp(*argv, "-engine")) {
+                       if (--argc < 1) badarg = 1;
+                       engine = *(++argv);
                } else if(!strcmp(*argv, "-pubin")) {
                        key_type = KEY_PUBKEY;
                } else if(!strcmp(*argv, "-certin")) {
@@ -151,16 +157,34 @@ int MAIN(int argc, char **argv)
                goto end;
        }
 
+       if (engine != NULL)
+               {
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
+
 /* FIXME: seed PRNG only if needed */
        app_RAND_load_file(NULL, bio_err, 0);
        
        switch(key_type) {
                case KEY_PRIVKEY:
-               pkey = load_key(bio_err, keyfile, keyform, NULL);
+               pkey = load_key(bio_err, keyfile, keyform, NULL, e);
                break;
 
                case KEY_PUBKEY:
-               pkey = load_pubkey(bio_err, keyfile, keyform);
+               pkey = load_pubkey(bio_err, keyfile, keyform, e);
                break;
 
                case KEY_CERT:
index 16b9400..0a16bbc 100644 (file)
@@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
        } else keyfile = NULL;
 
        if(keyfile) {
-               if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
+               if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
                        BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
                        ERR_print_errors(bio_err);
                        goto end;
index ea5b0b8..de25790 100644 (file)
@@ -853,7 +853,7 @@ bad:
                                if (Upkey == NULL)
                                        {
                                        Upkey=load_key(bio_err,
-                                               keyfile,keyformat, passin);
+                                               keyfile,keyformat, passin, e);
                                        if (Upkey == NULL) goto end;
                                        }
 #ifndef NO_DSA
@@ -871,7 +871,8 @@ bad:
                                if (CAkeyfile != NULL)
                                        {
                                        CApkey=load_key(bio_err,
-                                               CAkeyfile,CAkeyformat, passin);
+                                               CAkeyfile,CAkeyformat, passin,
+                                               e);
                                        if (CApkey == NULL) goto end;
                                        }
 #ifndef NO_DSA
@@ -898,7 +899,7 @@ bad:
                                else
                                        {
                                        pk=load_key(bio_err,
-                                               keyfile,FORMAT_PEM, passin);
+                                               keyfile,FORMAT_PEM, passin, e);
                                        if (pk == NULL) goto end;
                                        }