diff options
author | Pauli <pauli@openssl.org> | 2021-06-10 10:06:20 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-15 18:26:34 +1000 |
commit | e1a77f9cffbd7f8642ff900a3e5b7c81e8c26fb7 (patch) | |
tree | 4ec51936098d0b7d87155a22405fbc3f9b427645 /apps | |
parent | 42e97dde808e6471575696fdec41e2f8d2ef9feb (diff) |
spkac: allow digests other than MD5 to be used for signing
Fixes #15683
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15687)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/spkac.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/apps/spkac.c b/apps/spkac.c index 19576e4878..d92be7d645 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -24,7 +24,7 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, - OPT_SPKSECT, OPT_KEYFORM, + OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST, OPT_PROV_ENUM } OPTION_CHOICE; @@ -46,6 +46,7 @@ const OPTIONS spkac_options[] = { {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, OPT_SECTION("Output"), + {"digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" }, {"out", OPT_OUT, '>', "Output file"}, {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, @@ -66,6 +67,8 @@ int spkac_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; char *spkstr = NULL, *prog; const char *spkac = "SPKAC", *spksect = "default"; + const char *digest = "MD5"; + EVP_MD *md = NULL; int i, ret = 1, verify = 0, noout = 0, pubkey = 0; int keyformat = FORMAT_UNDEF; OPTION_CHOICE o; @@ -116,6 +119,9 @@ int spkac_main(int argc, char **argv) case OPT_SPKSECT: spksect = opt_arg(); break; + case OPT_DIGEST: + digest = opt_arg(); + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -137,6 +143,9 @@ int spkac_main(int argc, char **argv) } if (keyfile != NULL) { + if (!opt_md(digest, &md)) + goto end; + pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, keyformat, 1, passin, e, "private key"); if (pkey == NULL) @@ -151,7 +160,7 @@ int spkac_main(int argc, char **argv) BIO_printf(bio_err, "Error setting public key\n"); goto end; } - i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + i = NETSCAPE_SPKI_sign(spki, pkey, md); if (i <= 0) { BIO_printf(bio_err, "Error signing SPKAC\n"); goto end; @@ -213,6 +222,7 @@ int spkac_main(int argc, char **argv) ret = 0; end: + EVP_MD_free(md); NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free_all(out); |