Complete EVP_PKEY_ASN1_METHOD ENGINE support.

author: Dr. Stephen Henson <steve@openssl.org> 2006-06-05 11:52:46 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2006-06-05 11:52:46 +0000
commit: 01b8b3c7d2d8f835257ac1cb2512273aa27bfba8 (patch)
tree: fb224473dca22be551086f10ed34240c802c6335 /apps
parent: 8fecd4b4f1bd6f066ba0a9f96387f00ac0dd99bf (diff)
2 files changed, 74 insertions, 35 deletions
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 8468fb20b3..70e2e31971 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -61,6 +61,9 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 
 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 				const char *file, ENGINE *e);
@@ -85,7 +88,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY_CTX *ctx = NULL;
 	char *pass = NULL;
 	int badarg = 0;
-	int ret = 1;
+	int ret = 1, rv;
 
 	int do_param = 0;
 
@@ -204,7 +207,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
-		return 1;
+		goto end;
 		}
 
 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
@@ -256,25 +259,36 @@ int MAIN(int argc, char **argv)
 		}
 
 	if (do_param)
-		PEM_write_bio_Parameters(out, pkey);
+		rv = PEM_write_bio_Parameters(out, pkey);
 	else if (outformat == FORMAT_PEM) 
-		PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
+		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
 								NULL, pass);
 	else if (outformat == FORMAT_ASN1)
-		i2d_PrivateKey_bio(out, pkey);
+		rv = i2d_PrivateKey_bio(out, pkey);
 	else
 		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 		goto end;
 		}
 
+	if (rv <= 0)
+		{
+		BIO_puts(bio_err, "Error writing key\n");
+		ERR_print_errors(bio_err);
+		}
 
 	if (text)
 		{
 		if (do_param)
-			EVP_PKEY_print_params(out, pkey, 0, NULL);
+			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
 		else
-			EVP_PKEY_print_private(out, pkey, 0, NULL);
+			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
+
+		if (rv <= 0)
+			{
+			BIO_puts(bio_err, "Error printing key\n");
+			ERR_print_errors(bio_err);
+			}
 		}
 
 	ret = 0;
@@ -346,14 +360,16 @@ static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 	{
 	EVP_PKEY_CTX *ctx = NULL;
 	const EVP_PKEY_ASN1_METHOD *ameth;
+	ENGINE *tmpeng = NULL;
 	int pkey_id;
+
 	if (*pctx)
 		{
 		BIO_puts(err, "Algorithm already set!\n");
 		return 0;
 		}
+	ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
 
-	ameth = EVP_PKEY_asn1_find_str(algname, -1);
 	if (!ameth)
 		{
 		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
@@ -361,6 +377,10 @@ static int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 		}
 
 	EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+	if (tmpeng)
+		ENGINE_finish(tmpeng);
+#endif
 	ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
 
 	if (!ctx)
diff --git a/apps/req.c b/apps/req.c
index de1b182fc7..a0eca519af 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -145,8 +145,8 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx);
 static int req_check_len(int len,int n_min,int n_max);
 static int check_end(const char *str, const char *end);
 static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
-					long *pkeylen, const char **palgnam,
-					ENGINE *e);
+					long *pkeylen, char **palgnam,
+					ENGINE *keygen_engine);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 #endif
@@ -157,19 +157,14 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
-#ifndef OPENSSL_NO_DSA
-	DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EC_KEY *ec_params = NULL;
-#endif
+	ENGINE *e = NULL, *gen_eng = NULL;
 	unsigned long nmflag = 0, reqflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY_CTX *genctx = NULL;
-	const char *keyalg = NULL, *keyalgstr;
+	const char *keyalg = NULL;
+	char *keyalgstr = NULL;
 	STACK *pkeyopts = NULL;
 	EVP_PKEY *pkey=NULL;
 	int i=0,badops=0,newreq=0,verbose=0,pkey_type=EVP_PKEY_RSA;
@@ -235,6 +230,16 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
+		else if (strcmp(*argv,"-keygen_engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			gen_eng = ENGINE_by_id(*(++argv));
+			if (gen_eng == NULL)
+				{
+				BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+				goto end;
+				}
+			}
 #endif
 		else if (strcmp(*argv,"-key") == 0)
 			{
@@ -634,7 +639,7 @@ bad:
 		if (keyalg)
 			{
 			genctx = set_keygen_ctx(bio_err, keyalg, &newkey,
-							&keyalgstr, e);
+							&keyalgstr, gen_eng);
 			if (!genctx)
 				goto end;
 			}
@@ -655,7 +660,7 @@ bad:
 		if (!genctx)
 			{
 			genctx = set_keygen_ctx(bio_err, NULL, &newkey,
-							&keyalgstr, e);
+							&keyalgstr, gen_eng);
 			if (!genctx)
 				goto end;
 			}
@@ -1080,18 +1085,18 @@ end:
 		EVP_PKEY_CTX_free(genctx);
 	if (pkeyopts)
 		sk_free(pkeyopts);
+#ifndef OPENSSL_NO_ENGINE
+	if (gen_eng)
+		ENGINE_free(gen_eng);
+#endif
+	if (keyalgstr)
+		OPENSSL_free(keyalgstr);
 	X509_REQ_free(req);
 	X509_free(x509ss);
 	ASN1_INTEGER_free(serial);
 	if(passargin && passin) OPENSSL_free(passin);
 	if(passargout && passout) OPENSSL_free(passout);
 	OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
-	if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if (ec_params != NULL) EC_KEY_free(ec_params);
-#endif
 	apps_shutdown();
 	OPENSSL_EXIT(ex);
 	}
@@ -1566,8 +1571,8 @@ static int check_end(const char *str, const char *end)
 }
 
 static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
-					long *pkeylen, const char **palgnam,
-					ENGINE *e)
+					long *pkeylen, char **palgnam,
+					ENGINE *keygen_engine)
 	{
 	EVP_PKEY_CTX *gctx = NULL;
 	EVP_PKEY *param = NULL;
@@ -1593,14 +1598,18 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
 		{
 		const char *p = strchr(gstr, ':');
 		int len;
+		ENGINE *tmpeng;
 		const EVP_PKEY_ASN1_METHOD *ameth;
 
 		if (p)
 			len = p - gstr;
 		else
 			len = strlen(gstr);
+		/* The lookup of a the string will cover all engines so
+		 * keep a note of the implementation.
+		 */
 
-		ameth = EVP_PKEY_asn1_find_str(gstr, len);
+		ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
 
 		if (!ameth)
 			{
@@ -1609,7 +1618,11 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
 			}
 
 		EVP_PKEY_asn1_get0_info(NULL, &pkey_type, NULL, NULL, NULL,
-						ameth);
+									ameth);
+#ifndef OPENSSL_NO_ENGINE
+		if (tmpeng)
+			ENGINE_finish(tmpeng);
+#endif
 		if (pkey_type == EVP_PKEY_RSA)
 			{
 			if (p)
@@ -1666,24 +1679,30 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr,
 	if (palgnam)
 		{
 		const EVP_PKEY_ASN1_METHOD *ameth;
-		ameth = EVP_PKEY_asn1_find(pkey_type);
+		ENGINE *tmpeng;
+		const char *anam;
+		ameth = EVP_PKEY_asn1_find(&tmpeng, pkey_type);
 		if (!ameth)
 			{
 			BIO_puts(err, "Internal error: can't find key algorithm\n");
 			return NULL;
 			}
-		EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, palgnam,
-						ameth);
+		EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+		*palgnam = BUF_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+		if (tmpeng)
+			ENGINE_finish(tmpeng);
+#endif
 		}
 
 	if (param)
 		{
-		gctx = EVP_PKEY_CTX_new(param, e);
+		gctx = EVP_PKEY_CTX_new(param, keygen_engine);
 		*pkeylen = EVP_PKEY_bits(param);
 		EVP_PKEY_free(param);
 		}
 	else
-		gctx = EVP_PKEY_CTX_new_id(pkey_type, e);
+		gctx = EVP_PKEY_CTX_new_id(pkey_type, keygen_engine);
 
 	if (!gctx)
 		{
author	Dr. Stephen Henson <steve@openssl.org>	2006-06-05 11:52:46 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2006-06-05 11:52:46 +0000
commit	01b8b3c7d2d8f835257ac1cb2512273aa27bfba8 (patch)
tree	fb224473dca22be551086f10ed34240c802c6335 /apps
parent	8fecd4b4f1bd6f066ba0a9f96387f00ac0dd99bf (diff)