req.c (and many of the other apps) appear to have lost the ability to use an engine. The attached diff is against the github.com verison using Tag OpenSSL_1_1-pre2 In the req_options[] table: OPT_KEY is set to "S" so pre- checking of the parameters does not drop the string passed to the engine. OPT_KEY_FORM is set to "f" so pre-checking will allow engine
The engine is saved: e = setup_engine(opt_arg(), 1); (I turned on debug, may want that off. ) to allow the theOPT_KEY_FORM to be an engine: if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform)) This was tested with a modified version of OpenSC using ECDSA key on card to generate a self signed certificate. openssl req -config /tmp/genreq.6156.openssl.conf -engine pkcs11 -keyform e -sha256 -new -key slot_1-id_2 -out /tmp/selfsigned.pem -x509 -text P.S. The EC_KEY_* functions appear to be working too (#4225) Have not tried the ECDH yet. -- Douglas E. Engert <deeng...@gmail.com>
diff --git a/apps/req.c b/apps/req.c index a0da788..05109b7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -136,8 +136,8 @@ OPTIONS req_options[] = { {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, - {"key", OPT_KEY, '<', "Use the private key contained in file"}, - {"keyform", OPT_KEYFORM, 'F', "Key file format"}, + {"key", OPT_KEY, 's', "Use the private key contained in file"}, /* might be engine parms */ + {"keyform", OPT_KEYFORM, 'f', "Key file format"}, /* accept any here */ {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"new", OPT_NEW, '-', "New request"}, {"config", OPT_CONFIG, '<', "Request template file"}, @@ -235,7 +235,7 @@ int req_main(int argc, char **argv) goto opthelp; break; case OPT_ENGINE: - (void)setup_engine(opt_arg(), 0); + e = setup_engine(opt_arg(), 1); break; case OPT_KEYGEN_ENGINE: #ifndef OPENSSL_NO_ENGINE @@ -259,7 +259,7 @@ int req_main(int argc, char **argv) template = opt_arg(); break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform)) + if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform)) goto opthelp; break; case OPT_IN:
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev