Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
authorRichard Levitte <levitte@openssl.org>
Fri, 25 Jan 2002 19:43:52 +0000 (19:43 +0000)
committerRichard Levitte <levitte@openssl.org>
Fri, 25 Jan 2002 19:43:52 +0000 (19:43 +0000)
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.

CHANGES
Configure
apps/apps.c
apps/apps.h
apps/rsa.c

diff --git a/CHANGES b/CHANGES
index a8fd754..59e2e54 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
   +) Add -keyform to rsautl, and document -engine.
      [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
 
index 3a3ab76..700034b 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -370,6 +370,7 @@ my %table=(
 "linux-pentium",       "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppro",  "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-k6",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",  "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
index dc89fc0..7864e79 100644 (file)
@@ -147,6 +147,13 @@ static UI_METHOD *ui_method = NULL;
 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
 static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
 
+#ifndef OPENSSL_NO_RC4
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+               const char *key_descrip, int format);
+#endif
+
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -828,6 +835,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
                pkey=PEM_read_bio_PrivateKey(key,NULL,
                        (pem_password_cb *)password_callback, &cb_data);
                }
+#ifndef OPENSSL_NO_RC4
+       else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+               pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
        else if (format == FORMAT_PKCS12)
                {
                PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
@@ -893,6 +904,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
                pkey=PEM_read_bio_PUBKEY(key,NULL,
                        (pem_password_cb *)password_callback, &cb_data);
                }
+#ifndef OPENSSL_NO_RC4
+       else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+               pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
        else
                {
                BIO_printf(err,"bad input format specified for key file\n");
@@ -905,6 +920,52 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
        return(pkey);
        }
 
+#ifndef OPENSSL_NO_RC4
+EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+               const char *key_descrip, int format)
+       {
+       EVP_PKEY *pkey;
+       BUF_MEM *buf;
+       RSA     *rsa;
+       const unsigned char *p;
+       int size, i;
+
+       buf=BUF_MEM_new();
+       pkey = EVP_PKEY_new();
+       size = 0;
+       if (buf == NULL || pkey == NULL)
+               goto error;
+       for (;;)
+               {
+               if (!BUF_MEM_grow(buf,size+1024*10))
+                       goto error;
+               i = BIO_read(key, &(buf->data[size]), 1024*10);
+               size += i;
+               if (i == 0)
+                       break;
+               if (i < 0)
+                       {
+                               BIO_printf(err, "Error reading %s %s",
+                                       key_descrip, file);
+                               goto error;
+                       }
+               }
+       p=(unsigned char *)buf->data;
+       rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+               (format == FORMAT_IISSGC ? 1 : 0));
+       if (rsa == NULL)
+               goto error;
+       BUF_MEM_free(buf);
+       EVP_PKEY_set1_RSA(pkey, rsa);
+       return pkey;
+error:
+       BUF_MEM_free(buf);
+       EVP_PKEY_free(pkey);
+       return NULL;
+       }
+#endif /* ndef OPENSSL_NO_RC4 */
+
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *cert_descrip)
        {
index c60b28a..db75538 100644 (file)
@@ -257,6 +257,8 @@ int make_serial_index(TXT_DB *db);
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
 #define FORMAT_ENGINE   7
+#define FORMAT_IISSGC  8       /* XXX this stupid macro helps us to avoid
+                                * adding yet another param to load_*key() */
 
 #define EXT_COPY_NONE  0
 #define EXT_COPY_ADD   1
index 8ae67bb..863159d 100644 (file)
@@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
        RSA *rsa=NULL;
        int i,badops=0, sgckey=0;
        const EVP_CIPHER *enc=NULL;
-       BIO *in=NULL,*out=NULL;
+       BIO *out=NULL;
        int informat,outformat,text=0,check=0,noout=0;
        int pubin = 0, pubout = 0;
        char *infile,*outfile,*prog;
@@ -220,69 +220,29 @@ bad:
                goto end;
        }
 
-       in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
-       if ((in == NULL) || (out == NULL))
-               {
-               ERR_print_errors(bio_err);
-               goto end;
-               }
 
-       if (infile == NULL)
-               BIO_set_fp(in,stdin,BIO_NOCLOSE);
-       else
-               {
-               if (BIO_read_filename(in,infile) <= 0)
-                       {
-                       perror(infile);
-                       goto end;
-                       }
-               }
+       {
+               EVP_PKEY        *pkey;
 
-       BIO_printf(bio_err,"read RSA key\n");
-       if      (informat == FORMAT_ASN1) {
-               if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
-               else rsa=d2i_RSAPrivateKey_bio(in,NULL);
-       }
-#ifndef OPENSSL_NO_RC4
-       else if (informat == FORMAT_NETSCAPE)
-               {
-               BUF_MEM *buf=NULL;
-               const unsigned char *p;
-               int size=0;
+               if (pubin)
+                       pkey = load_pubkey(bio_err, infile,
+                               (informat == FORMAT_NETSCAPE && sgckey ?
+                                       FORMAT_IISSGC : informat),
+                               passin, e, "Public Key");
+               else
+                       pkey = load_key(bio_err, infile,
+                               (informat == FORMAT_NETSCAPE && sgckey ?
+                                       FORMAT_IISSGC : informat),
+                               passin, e, "Private Key");
 
-               buf=BUF_MEM_new();
-               for (;;)
-                       {
-                       if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-                               goto end;
-                       i=BIO_read(in,&(buf->data[size]),1024*10);
-                       size+=i;
-                       if (i == 0) break;
-                       if (i < 0)
-                               {
-                               perror("reading private key");
-                               BUF_MEM_free(buf);
-                               goto end;
-                               }
-                       }
-               p=(unsigned char *)buf->data;
-               rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
-               BUF_MEM_free(buf);
-               }
-#endif
-       else if (informat == FORMAT_PEM) {
-               if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
-               else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
+               if (pkey != NULL)
+               rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+               EVP_PKEY_free(pkey);
        }
-       else
-               {
-               BIO_printf(bio_err,"bad input format specified for key\n");
-               goto end;
-               }
+
        if (rsa == NULL)
                {
-               BIO_printf(bio_err,"unable to load key\n");
                ERR_print_errors(bio_err);
                goto end;
                }
@@ -394,7 +354,6 @@ bad:
        else
                ret=0;
 end:
-       if(in != NULL) BIO_free(in);
        if(out != NULL) BIO_free_all(out);
        if(rsa != NULL) RSA_free(rsa);
        if(passin) OPENSSL_free(passin);