Add the possibility to use keys handled by engines in more

applications.

apps/apps.c

@@ -553,7 +553,7 @@ end:
 	return(x);
 	}
 
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -563,6 +563,14 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_private_key(e, file, pass);
+		goto end;
+		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -602,7 +610,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 	return(pkey);
 	}
 
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -612,6 +620,14 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_public_key(e, file, NULL);
+		goto end;
+		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{

apps/apps.h

@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
+#include <openssl/engine.h>
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -152,8 +153,8 @@ int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 
 #define FORMAT_UNDEF    0

apps/ca.c

@@ -153,7 +153,8 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - PEM private key file\n",
+" -keyfile arg    - private key file\n",
+" -keyform arg    - private key file format (PEM or ENGINE)\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -236,6 +237,7 @@ int MAIN(int argc, char **argv)
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
+	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
@@ -337,6 +339,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyform=str2fmt(*(++argv));
+			}
 		else if (strcmp(*argv,"-passin") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -563,14 +570,31 @@ bad:
 		BIO_printf(bio_err,"Error getting password\n");
 		goto err;
 		}
-	if (BIO_read_filename(in,keyfile) <= 0)
+	if (keyform == FORMAT_ENGINE)
 		{
-		perror(keyfile);
-		BIO_printf(bio_err,"trying to load CA private key\n");
-		goto err;
+		if (!e)
+			{
+			BIO_printf(bio_err,"no engine specified\n");
+			goto err;
+			}
+		pkey = ENGINE_load_private_key(e, keyfile, key);
 		}
+	else if (keyform == FORMAT_PEM)
+		{
+		if (BIO_read_filename(in,keyfile) <= 0)
+			{
+			perror(keyfile);
+			BIO_printf(bio_err,"trying to load CA private key\n");
+			goto err;
+			}
 		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		if(key) memset(key,0,strlen(key));
+		}
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key file\n");
+		goto err;
+		}
+	if(key) memset(key,0,strlen(key));
 	if (pkey == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA private key\n");

apps/dgst.c

@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
 	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
+	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
 	char out_bin = -1, want_pub = 0, do_verify = 0;
@@ -157,6 +158,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) break;
+			keyform=str2fmt(*(++argv));
+			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
@@ -196,6 +202,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
@@ -280,20 +287,47 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
-	if(keyfile) {
-		BIO *keybio;
-		keybio = BIO_new_file(keyfile, "r");
-		if(!keybio) {
-			BIO_printf(bio_err, "Error opening key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
+	if(keyfile)
+		{
+		if (keyform == FORMAT_PEM)
+			{
+			BIO *keybio;
+			keybio = BIO_new_file(keyfile, "r");
+			if(!keybio)
+				{
+				BIO_printf(bio_err,
+					"Error opening key file %s\n",
+					keyfile);
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			if(want_pub) 
+				sigkey = PEM_read_bio_PUBKEY(keybio,
+					NULL, NULL, NULL);
+			else
+				sigkey = PEM_read_bio_PrivateKey(keybio,
+					NULL, NULL, NULL);
+			BIO_free(keybio);
+			}
+		else if (keyform == FORMAT_ENGINE)
+			{
+			if (!e)
+				{
+				BIO_printf(bio_err,"no engine specified\n");
+				goto end;
+				}
+			if (want_pub)
+				sigkey = ENGINE_load_public_key(e, keyfile, NULL);
+			else
+				sigkey = ENGINE_load_private_key(e, keyfile, NULL);
+			}
+		else
+			{
+			BIO_printf(bio_err,
+				"bad input format specified for key file\n");
 			goto end;
-		}
+			}
 		
-		if(want_pub) 
-			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
-		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
-		BIO_free(keybio);
 		if(!sigkey) {
 			BIO_printf(bio_err, "Error reading key file %s\n",
 								keyfile);

apps/rsautl.c

@@ -62,6 +62,7 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -82,8 +83,10 @@ int MAIN(int argc, char **);
 
 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
+	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -117,6 +120,9 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
+		} else if(!strcmp(*argv, "-engine")) {
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -151,16 +157,34 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL);
+		pkey = load_key(bio_err, keyfile, keyform, NULL, e);
 		break;
 
 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform);
+		pkey = load_pubkey(bio_err, keyfile, keyform, e);
 		break;
 
 		case KEY_CERT:

apps/smime.c

@@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;
 
 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
+		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;

apps/x509.c

@@ -853,7 +853,7 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin);
+						keyfile,keyformat, passin, e);
 					if (Upkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -871,7 +871,8 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin);
+						CAkeyfile,CAkeyformat, passin,
+						e);
 					if (CApkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -898,7 +899,7 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin);
+						keyfile,FORMAT_PEM, passin, e);
 					if (pk == NULL) goto end;
 					}