static EVP_PKEY_CTX *init_ctx(int *pkeysize,
const char *keyfile, int keyform, int key_type,
- char *passinarg, int pkey_op, ENGINE *e);
+ char *passinarg, int pkey_op, ENGINE *e,
+ const int impl);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_ENGINE, OPT_IN, OPT_OUT,
+ OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPTIONS pkeyutl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Input file"},
- {"out", OPT_OUT, '>', "Output file"},
+ {"in", OPT_IN, '<', "Input file - default stdin"},
+ {"out", OPT_OUT, '>', "Output file - default stdout"},
{"pubin", OPT_PUBIN, '-', "Input is a public key"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
- {"sign", OPT_SIGN, '-', "Sign with private key"},
+ {"sign", OPT_SIGN, '-', "Sign input data with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
- {"rev", OPT_REV, '-', "Reverse the input buffer"},
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+ {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+ {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+ {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
- {"inkey", OPT_INKEY, 's', "Input key"},
+ {"inkey", OPT_INKEY, 's', "Input private key file"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+ {"engine_impl", OPT_ENGINE_IMPL, '-',
+ "Also use engine given by -engine for crypto operations"},
#endif
{NULL}
};
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform =
FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+ int engine_impl = 0;
int ret = 1, rv = -1;
size_t buf_outlen;
const char *inkey = NULL;
case OPT_SIGFILE:
sigfile = opt_arg();
break;
+ case OPT_ENGINE_IMPL:
+ engine_impl = 1;
+ break;
case OPT_INKEY:
inkey = opt_arg();
break;
goto opthelp;
ctx = init_ctx(&keysize, inkey, keyform, key_type,
- passinarg, pkey_op, e);
+ passinarg, pkey_op, e, engine_impl);
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
ERR_print_errors(bio_err);
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
const char *keyfile, int keyform, int key_type,
- char *passinarg, int pkey_op, ENGINE *e)
+ char *passinarg, int pkey_op, ENGINE *e,
+ const int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
+ ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
if (!pkey)
goto end;
- ctx = EVP_PKEY_CTX_new(pkey, e);
+#ifndef OPENSSL_NO_ENGINE
+ if (engine_impl)
+ impl = e;
+#endif
+
+ ctx = EVP_PKEY_CTX_new(pkey, impl);
EVP_PKEY_free(pkey);