Hi,
Implementation of common option processing for OpenSSL commands broke
ENGINE key
format.
The patches attached to this email are only for tested command.
1) dgst command (see 0003-dgst-cmd-restore-keys-from-engine.patch)
Key form is described as any but value type of input ('<') is too
restrictive - change input to string type.
2) rsa command (see 0004-rsa-cmd-restore-keys-from-engine.patch)
Similar as dgst.
3) dsa command (see 0005-dsa-cmd-implement-keys-from-engine.patch)
New.
Implementation of engine format is simple with common command processing.
4) ec command (see 0006-ec-cmd-implement-keys-from-engine.patch)
New.
Implementation of engine format requires specific load of input to be
replaced to use load_pubkey or load_key functions.
Then modification is similar as dsa.
5) rsautl command (see 0007-rsautl-cmd-restore-keys-from-engine.patch)
Key form input type 'f'(any) instead 'F' and input is from string type.
6) pkeyutl command (see 0008-pkeyutl-cmd-restore-keys-from-engine.patch)
Use key form input type 'f' instead 'F' .
Other commands are not tested yet.
Regards,
Roumen
>From 252430f0e1d0148b710caaa96de224384c5f8832 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:00:00 +0200
Subject: [PATCH 03/15] dgst cmd: restore keys from engine
---
apps/dgst.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/apps/dgst.c b/apps/dgst.c
index fb09a45..24c1f28 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -94,11 +94,11 @@ OPTIONS dgst_options[] = {
{"rand", OPT_RAND, 's'},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's'},
- {"sign", OPT_SIGN, '<', "Sign digest using private key in file"},
- {"verify", OPT_VERIFY, '<',
- "Verify a signature using public key in file"},
- {"prverify", OPT_PRVERIFY, '<',
- "Verify a signature using private key in file"},
+ {"sign", OPT_SIGN, 's', "Sign digest using private key in val"},
+ {"verify", OPT_VERIFY, 's',
+ "Verify a signature using public key in val"},
+ {"prverify", OPT_PRVERIFY, 's',
+ "Verify a signature using private key in val"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
--
1.8.4
>From 1a02cfbf0a67583cc98377aa59c5b13f48219f05 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:02:57 +0200
Subject: [PATCH 04/15] rsa cmd: restore keys from engine
---
apps/rsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/rsa.c b/apps/rsa.c
index cafa6f4..810713f 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -130,7 +130,7 @@ OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
- {"in", OPT_IN, '<', "Input file"},
+ {"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output a public key"},
--
1.8.4
>From 942553a7d2e38297b57d0fa6a0c57b62c9d1507f Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:03:43 +0200
Subject: [PATCH 05/15] dsa cmd: implement keys from engine
---
apps/dsa.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/apps/dsa.c b/apps/dsa.c
index 992d4e4..a2acd86 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -80,9 +80,9 @@ typedef enum OPTION_choice {
OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
+ {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
- {"in", OPT_IN, '<', "Input file"},
+ {"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
@@ -131,7 +131,7 @@ int dsa_main(int argc, char **argv)
goto end;
case OPT_INFORM:
if (!opt_format
- (opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat))
+ (opt_arg(), OPT_FMT_ANY | OPT_FMT_PVK, &informat))
goto opthelp;
break;
case OPT_IN:
--
1.8.4
>From 35fe2da1bab1d1ca993d860128a12f1c4cb566a6 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Fri, 11 Dec 2015 22:46:02 +0200
Subject: [PATCH 06/15] ec cmd: implement keys from engine
---
apps/ec.c | 46 ++++++++++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 20 deletions(-)
diff --git a/apps/ec.c b/apps/ec.c
index 8800cdf..7e8ca4e 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -88,8 +88,8 @@ typedef enum OPTION_choice {
OPTIONS ec_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Input file"},
- {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+ {"in", OPT_IN, 's', "Input file"},
+ {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
@@ -111,7 +111,8 @@ OPTIONS ec_options[] = {
int ec_main(int argc, char **argv)
{
- BIO *in = NULL, *out = NULL;
+ ENGINE *e = NULL;
+ BIO *out = NULL;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
const EVP_CIPHER *enc = NULL;
@@ -136,7 +137,7 @@ int ec_main(int argc, char **argv)
ret = 0;
goto end;
case OPT_INFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
@@ -171,7 +172,7 @@ int ec_main(int argc, char **argv)
passoutarg = opt_arg();
break;
case OPT_ENGINE:
- (void)setup_engine(opt_arg(), 0);
+ e = setup_engine(opt_arg(), 0);
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
@@ -202,22 +203,28 @@ int ec_main(int argc, char **argv)
goto end;
}
- in = bio_open_default(infile, 'r', informat);
- if (in == NULL)
- goto end;
+ {
+ EVP_PKEY *pkey;
- BIO_printf(bio_err, "read EC key\n");
- if (informat == FORMAT_ASN1) {
- if (pubin)
- eckey = d2i_EC_PUBKEY_bio(in, NULL);
- else
- eckey = d2i_ECPrivateKey_bio(in, NULL);
- } else {
- if (pubin)
- eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
- else
- eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
+ if (pubin) {
+ int tmpformat = -1;
+ if (pubin == 2) {
+ if (informat == FORMAT_PEM)
+ tmpformat = FORMAT_PEMRSA;
+ else if (informat == FORMAT_ASN1)
+ tmpformat = FORMAT_ASN1RSA;
+ } else
+ tmpformat = informat;
+
+ pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+ } else
+ pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+
+ if (pkey != NULL)
+ eckey = EVP_PKEY_get1_EC_KEY(pkey);
+ EVP_PKEY_free(pkey);
}
+
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
@@ -278,7 +285,6 @@ int ec_main(int argc, char **argv)
} else
ret = 0;
end:
- BIO_free(in);
BIO_free_all(out);
EC_KEY_free(eckey);
OPENSSL_free(passin);
--
1.8.4
>From 491e8bc8541f7315830303147c0130e8152d7fd7 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:05:48 +0200
Subject: [PATCH 07/15] rsautl cmd: restore keys from engine
---
apps/rsautl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 5d6bdc0..01b662c 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -86,8 +86,8 @@ OPTIONS rsautl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
- {"inkey", OPT_INKEY, '<', "Input key"},
- {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+ {"inkey", OPT_INKEY, 's', "Input key"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"},
{"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
{"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
{"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
@@ -137,7 +137,7 @@ int rsautl_main(int argc, char **argv)
ret = 0;
goto end;
case OPT_KEYFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
goto opthelp;
break;
case OPT_IN:
--
1.8.4
>From 7bf8945f84373f2eccfa82c09a1aa76a3fb31a31 Mon Sep 17 00:00:00 2001
From: Roumen Petrov <open...@roumenpetrov.info>
Date: Sun, 15 Nov 2015 11:12:23 +0200
Subject: [PATCH 08/15] pkeyutl cmd: restore keys from engine
---
apps/pkeyutl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 362415e..d94f774 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -106,7 +106,7 @@ OPTIONS pkeyutl_options[] = {
{"peerkey", OPT_PEERKEY, 's'},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
{"peerform", OPT_PEERFORM, 'F'},
- {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@@ -171,7 +171,7 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp;
break;
case OPT_KEYFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform))
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
--
1.8.4
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
