[openssl-dev] [openssl.org #4266] OpenSSL-1.1-pre2 cms can not use engine with parameters to sign cms msg

Fri, 22 Jan 2016 17:29:58 -0800 

The inkey parameter of the cms command does not does not accept parameters for 
an engine to sign the message.

P.S. Also attached are the changes for req.c. to use the key  to hold engine 
parameters. See  #4226

-- 

  Douglas E. Engert  <[email protected]>
  



diff --git a/apps/cms.c b/apps/cms.c
index 8cf99de..bee8bfa 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -206,7 +206,7 @@ OPTIONS cms_options[] = {
     {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
     {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
     {"md", OPT_MD, 's'},
-    {"inkey", OPT_INKEY, '<',
+    {"inkey", OPT_INKEY, 's',
      "Input private key (if not signer or recipient)"},
     {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
     {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
diff --git a/apps/req.c b/apps/req.c
index a0da788..009583e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -136,8 +136,8 @@ OPTIONS req_options[] = {
     {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
-    {"key", OPT_KEY, '<', "Use the private key contained in file"},
-    {"keyform", OPT_KEYFORM, 'F', "Key file format"},
+    {"key", OPT_KEY, 's', "Use the private key contained in file"}, /* might be engine parms */
+    {"keyform", OPT_KEYFORM, 'f', "Key file format"}, /* accept any  here */
     {"pubkey", OPT_PUBKEY, '-', "Output public key"},
     {"new", OPT_NEW, '-', "New request"},
     {"config", OPT_CONFIG, '<', "Request template file"},
@@ -235,7 +235,7 @@ int req_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_ENGINE:
-            (void)setup_engine(opt_arg(), 0);
+            e = setup_engine(opt_arg(), 0);
             break;
         case OPT_KEYGEN_ENGINE:
 #ifndef OPENSSL_NO_ENGINE
@@ -259,7 +259,7 @@ int req_main(int argc, char **argv)
             template = opt_arg();
             break;
         case OPT_KEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform))
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform))
                 goto opthelp;
             break;
         case OPT_IN:

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to