diff options
author | Richard Levitte <levitte@openssl.org> | 2002-01-25 19:43:52 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-01-25 19:43:52 +0000 |
commit | 80bb905d3dddc1fb1ba34c03f656f00e7f3707cf (patch) | |
tree | 9a9787d1a94ae8013f9ce6a789d4d135179df242 | |
parent | a297985f4252e076cb32bf92b117e0caddce3c2c (diff) | |
download | openssl-new-80bb905d3dddc1fb1ba34c03f656f00e7f3707cf.tar.gz |
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
-rw-r--r-- | CHANGES | 10 | ||||
-rwxr-xr-x | Configure | 1 | ||||
-rw-r--r-- | apps/apps.c | 61 | ||||
-rw-r--r-- | apps/apps.h | 2 | ||||
-rw-r--r-- | apps/rsa.c | 75 |
5 files changed, 91 insertions, 58 deletions
@@ -12,6 +12,16 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Add the configuration target debug-linux-ppro. + Make 'openssl rsa' use the general key loading routines + implemented in apps.c, and make those routines able to + handle the key format FORMAT_NETSCAPE and the variant + FORMAT_IISSGC. + [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] + + *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] + +) Add -keyform to rsautl, and document -engine. [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>] @@ -370,6 +370,7 @@ my %table=( "linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", diff --git a/apps/apps.c b/apps/apps.c index dc89fc0a81..7864e792e3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -147,6 +147,13 @@ static UI_METHOD *ui_method = NULL; static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); +#ifndef OPENSSL_NO_RC4 +/* Looks like this stuff is worth moving into separate function */ +static EVP_PKEY * +load_netscape_key(BIO *err, BIO *key, const char *file, + const char *key_descrip, int format); +#endif + int app_init(long mesgwin); #ifdef undef /* never finished - probably never will be :-) */ int args_from_file(char *file, int *argc, char **argv[]) @@ -828,6 +835,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, pkey=PEM_read_bio_PrivateKey(key,NULL, (pem_password_cb *)password_callback, &cb_data); } +#ifndef OPENSSL_NO_RC4 + else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) + pkey = load_netscape_key(err, key, file, key_descrip, format); +#endif else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); @@ -893,6 +904,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, pkey=PEM_read_bio_PUBKEY(key,NULL, (pem_password_cb *)password_callback, &cb_data); } +#ifndef OPENSSL_NO_RC4 + else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) + pkey = load_netscape_key(err, key, file, key_descrip, format); +#endif else { BIO_printf(err,"bad input format specified for key file\n"); @@ -905,6 +920,52 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, return(pkey); } +#ifndef OPENSSL_NO_RC4 +EVP_PKEY * +load_netscape_key(BIO *err, BIO *key, const char *file, + const char *key_descrip, int format) + { + EVP_PKEY *pkey; + BUF_MEM *buf; + RSA *rsa; + const unsigned char *p; + int size, i; + + buf=BUF_MEM_new(); + pkey = EVP_PKEY_new(); + size = 0; + if (buf == NULL || pkey == NULL) + goto error; + for (;;) + { + if (!BUF_MEM_grow(buf,size+1024*10)) + goto error; + i = BIO_read(key, &(buf->data[size]), 1024*10); + size += i; + if (i == 0) + break; + if (i < 0) + { + BIO_printf(err, "Error reading %s %s", + key_descrip, file); + goto error; + } + } + p=(unsigned char *)buf->data; + rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL, + (format == FORMAT_IISSGC ? 1 : 0)); + if (rsa == NULL) + goto error; + BUF_MEM_free(buf); + EVP_PKEY_set1_RSA(pkey, rsa); + return pkey; +error: + BUF_MEM_free(buf); + EVP_PKEY_free(pkey); + return NULL; + } +#endif /* ndef OPENSSL_NO_RC4 */ + STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) { diff --git a/apps/apps.h b/apps/apps.h index c60b28a7e0..db75538a03 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -257,6 +257,8 @@ int make_serial_index(TXT_DB *db); #define FORMAT_PKCS12 5 #define FORMAT_SMIME 6 #define FORMAT_ENGINE 7 +#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid + * adding yet another param to load_*key() */ #define EXT_COPY_NONE 0 #define EXT_COPY_ADD 1 diff --git a/apps/rsa.c b/apps/rsa.c index 8ae67bbac5..863159d83a 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -95,7 +95,7 @@ int MAIN(int argc, char **argv) RSA *rsa=NULL; int i,badops=0, sgckey=0; const EVP_CIPHER *enc=NULL; - BIO *in=NULL,*out=NULL; + BIO *out=NULL; int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; @@ -220,69 +220,29 @@ bad: goto end; } - in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - if (infile == NULL) - BIO_set_fp(in,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(in,infile) <= 0) - { - perror(infile); - goto end; - } - } + { + EVP_PKEY *pkey; - BIO_printf(bio_err,"read RSA key\n"); - if (informat == FORMAT_ASN1) { - if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL); - else rsa=d2i_RSAPrivateKey_bio(in,NULL); - } -#ifndef OPENSSL_NO_RC4 - else if (informat == FORMAT_NETSCAPE) - { - BUF_MEM *buf=NULL; - const unsigned char *p; - int size=0; + if (pubin) + pkey = load_pubkey(bio_err, infile, + (informat == FORMAT_NETSCAPE && sgckey ? + FORMAT_IISSGC : informat), + passin, e, "Public Key"); + else + pkey = load_key(bio_err, infile, + (informat == FORMAT_NETSCAPE && sgckey ? + FORMAT_IISSGC : informat), + passin, e, "Private Key"); - buf=BUF_MEM_new(); - for (;;) - { - if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) - goto end; - i=BIO_read(in,&(buf->data[size]),1024*10); - size+=i; - if (i == 0) break; - if (i < 0) - { - perror("reading private key"); - BUF_MEM_free(buf); - goto end; - } - } - p=(unsigned char *)buf->data; - rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey); - BUF_MEM_free(buf); - } -#endif - else if (informat == FORMAT_PEM) { - if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL); - else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin); + if (pkey != NULL) + rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_free(pkey); } - else - { - BIO_printf(bio_err,"bad input format specified for key\n"); - goto end; - } + if (rsa == NULL) { - BIO_printf(bio_err,"unable to load key\n"); ERR_print_errors(bio_err); goto end; } @@ -394,7 +354,6 @@ bad: else ret=0; end: - if(in != NULL) BIO_free(in); if(out != NULL) BIO_free_all(out); if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); |