From ab130644067ff8c48229be58e10e8fa5af5997f6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Sep 2000 16:19:27 +0000 Subject: [PATCH] Integrate engine in most utilities. Now really tested yet. --- apps/ca.c | 27 +++++++++++++++++++++++++++ apps/dgst.c | 27 +++++++++++++++++++++++++++ apps/dh.c | 29 ++++++++++++++++++++++++++++- apps/dhparam.c | 28 +++++++++++++++++++++++++++- apps/dsa.c | 29 ++++++++++++++++++++++++++++- apps/dsaparam.c | 4 +++- apps/enc.c | 27 +++++++++++++++++++++++++++ apps/gendh.c | 33 ++++++++++++++++++++++++++++++--- apps/gendsa.c | 27 +++++++++++++++++++++++++++ apps/pkcs12.c | 23 +++++++++++++++++++++++ apps/pkcs7.c | 27 +++++++++++++++++++++++++++ apps/pkcs8.c | 30 ++++++++++++++++++++++++++++++ apps/rand.c | 35 ++++++++++++++++++++++++++++++++--- apps/rsa.c | 27 +++++++++++++++++++++++++++ apps/rsautl.c | 25 +++++++++++++++++++++++++ apps/smime.c | 29 ++++++++++++++++++++++++++++- apps/spkac.c | 27 +++++++++++++++++++++++++++ apps/verify.c | 28 +++++++++++++++++++++++++++- apps/x509.c | 27 +++++++++++++++++++++++++++ 19 files changed, 497 insertions(+), 12 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 0931401992..b6f2f51afe 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -74,6 +74,7 @@ #include #include #include +#include #ifndef W_OK # ifdef VMS @@ -167,6 +168,7 @@ static char *ca_usage[]={ " -revoke file - Revoke a certificate (given in file)\n", " -extensions .. - Extension section (override value in config file)\n", " -crlexts .. - CRL extension section (override value in config file)\n", +" -engine e - use engine e, possibly a hardware device.\n", NULL }; @@ -216,6 +218,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char *key=NULL,*passargin=NULL; int total=0; int total_done=0; @@ -268,6 +271,7 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; + char *engine = NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -419,6 +423,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; crl_ext= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else { bad: @@ -439,6 +448,24 @@ bad: ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto err; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto err; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + /*****************************************************************/ if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); diff --git a/apps/dgst.c b/apps/dgst.c index a151fb8457..f0e5f954da 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -66,6 +66,7 @@ #include #include #include +#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -80,6 +81,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; unsigned char *buf=NULL; int i,err=0; const EVP_MD *md=NULL,*m; @@ -97,6 +99,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; unsigned int siglen = 0; + char *engine=NULL; apps_startup(); @@ -154,6 +157,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; sigfile=*(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) break; + engine= *(++argv); + } else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -190,6 +198,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -209,6 +218,24 @@ int MAIN(int argc, char **argv) goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) diff --git a/apps/dh.c b/apps/dh.c index ee71d95f0c..e8c9b4c9f4 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -69,6 +69,7 @@ #include #include #include +#include #undef PROG #define PROG dh_main @@ -87,11 +88,12 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog; + char *infile,*outfile,*prog,*engine; apps_startup(); @@ -99,6 +101,7 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + engine=NULL; infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -129,6 +132,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -160,11 +168,30 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) diff --git a/apps/dhparam.c b/apps/dhparam.c index a738c5af67..8bc686d7d3 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -121,6 +121,7 @@ #include #include #include +#include #ifndef NO_DSA #include @@ -148,6 +149,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int i,badops=0,text=0; #ifndef NO_DSA @@ -156,7 +158,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL; + char *inrand=NULL,*engine=NULL; int num = 0, g = 0; apps_startup(); @@ -195,6 +197,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -240,6 +247,7 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -249,6 +257,24 @@ bad: ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 842e0c0d15..c65e0ececc 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -68,6 +68,7 @@ #include #include #include +#include #undef PROG #define PROG dsa_main @@ -87,6 +88,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -94,7 +96,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog; + char *infile,*outfile,*prog,*engine; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -105,6 +107,7 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + engine=NULL; infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -145,6 +148,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -176,6 +184,7 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA @@ -189,6 +198,24 @@ bad: ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index a15d6ea309..bfaa9f780c 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -69,6 +69,7 @@ #include #include #include +#include #undef PROG #define PROG dsaparam_main @@ -90,11 +91,12 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*inrand=NULL; + char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL; int numbits= -1,num,genkey=0; int need_rand=0; diff --git a/apps/enc.c b/apps/enc.c index 49338aca0f..e1e37c0310 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -70,6 +70,7 @@ #include #endif #include +#include int set_hex(char *in,unsigned char *out,int size); #undef SIZE @@ -84,6 +85,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; static const char magic[]="Salted__"; char mbuf[8]; /* should be 1 smaller than magic */ char *strbuf=NULL; @@ -101,6 +103,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 16 char pname[PROG_NAME_SIZE]; + char *engine = NULL; apps_startup(); @@ -141,6 +144,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -241,6 +249,7 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); BIO_printf(bio_err,"Cipher Types\n"); BIO_printf(bio_err,"des : 56 bit key DES encryption\n"); @@ -314,6 +323,24 @@ bad: argv++; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if (bufsize != NULL) { unsigned long n; diff --git a/apps/gendh.c b/apps/gendh.c index caf5e8d736..73d0fe0d06 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -70,6 +70,7 @@ #include #include #include +#include #define DEFBITS 512 #undef PROG @@ -81,11 +82,13 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; + char *engine=NULL; BIO *out=NULL; apps_startup(); @@ -110,6 +113,11 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -125,15 +133,34 @@ int MAIN(int argc, char **argv) bad: BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); BIO_printf(bio_err," -out file - output the key to 'file\n"); - BIO_printf(bio_err," -2 use 2 as the generator value\n"); - /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ - BIO_printf(bio_err," -5 use 5 as the generator value\n"); + BIO_printf(bio_err," -2 - use 2 as the generator value\n"); + /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ + BIO_printf(bio_err," -5 - use 5 as the generator value\n"); + BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + out=BIO_new(BIO_s_file()); if (out == NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index 1937613849..f0b84a2355 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -68,6 +68,7 @@ #include #include #include +#include #define DEFBITS 512 #undef PROG @@ -77,6 +78,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -84,6 +86,7 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; EVP_CIPHER *enc=NULL; + char *engine=NULL; apps_startup(); @@ -106,6 +109,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -145,6 +153,7 @@ bad: #ifndef NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif + BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -153,6 +162,24 @@ bad: goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0f3ac4977a..e7b587b0e6 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -66,6 +66,7 @@ #include #include #include +#include #define PROG pkcs12_main @@ -92,6 +93,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char *infile=NULL, *outfile=NULL, *keyname = NULL; char *certfile=NULL; BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL; @@ -118,6 +120,7 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; + char *engine=NULL; apps_startup(); @@ -236,6 +239,11 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; + } else if (!strcmp(*args,"-engine")) { + if (args[1]) { + args++; + engine = *args; + } else badarg = 1; } else badarg = 1; } else badarg = 1; @@ -279,12 +287,27 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); + BIO_printf (bio_err, " -engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } + if (engine != NULL) { + if((e = ENGINE_by_id(engine)) == NULL) { + BIO_printf(bio_err,"invalid engine \"%s\"\n", engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(passarg) { if(export_cert) passargout = passarg; else passargin = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index f471cc77fd..520e399b67 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -67,6 +67,7 @@ #include #include #include +#include #undef PROG #define PROG pkcs7_main @@ -82,6 +83,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -89,6 +91,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=0; + char *engine=NULL; apps_startup(); @@ -132,6 +135,11 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -154,11 +162,30 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); EXIT(1); } ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index b0914cd453..d2ad13928c 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -62,6 +62,7 @@ #include #include #include +#include #include "apps.h" #define PROG pkcs8_main @@ -70,6 +71,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; char **args, *infile = NULL, *outfile = NULL; char *passargin = NULL, *passargout = NULL; BIO *in = NULL, *out = NULL; @@ -85,9 +87,13 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; + char *engine=NULL; + if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); + informat=FORMAT_PEM; outformat=FORMAT_PEM; + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); args = argv + 1; @@ -138,6 +144,11 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } + else if (strcmp(*args,"-engine") == 0) + { + if (!args[1]) goto bad; + engine= *(++args); + } else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -170,9 +181,28 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); return (1); } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + return (1); + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + return (1); + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); return (1); diff --git a/apps/rand.c b/apps/rand.c index fa9bc023f4..236d4a23fe 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -9,6 +9,7 @@ #include #include #include +#include #undef PROG #define PROG rand_main @@ -23,6 +24,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -30,6 +32,7 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; + char *engine=NULL; apps_startup(); @@ -48,6 +51,13 @@ int MAIN(int argc, char **argv) else badopt = 1; } + if (strcmp(argv[i], "-engine") == 0) + { + if ((argv[i+1] != NULL) && (engine == NULL)) + engine = argv[++i]; + else + badopt = 1; + } else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -84,12 +94,31 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-out file - write to file\n"); - BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); - BIO_printf(bio_err, "-base64 - encode output\n"); + BIO_printf(bio_err, "-out file - write to file\n"); + BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto err; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto err; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", diff --git a/apps/rsa.c b/apps/rsa.c index fc8fa54941..52b3ad7438 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -68,6 +68,7 @@ #include #include #include +#include #undef PROG #define PROG rsa_main @@ -90,6 +91,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; RSA *rsa=NULL; int i,badops=0, sgckey=0; @@ -100,6 +102,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; + char *engine=NULL; int modulus=0; apps_startup(); @@ -148,6 +151,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -195,11 +203,30 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } ERR_load_crypto_strings(); + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index c14c05e1de..ebb3cc1cf1 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -58,6 +58,7 @@ #include "apps.h" #include #include +#include #define RSA_SIGN 1 #define RSA_VERIFY 2 @@ -78,6 +79,7 @@ int MAIN(int argc, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; char *keyfile = NULL; @@ -91,6 +93,7 @@ int MAIN(int argc, char **argv) unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; int rsa_inlen, rsa_outlen = 0; int keysize; + char *engine=NULL; int ret = 1; @@ -113,6 +116,9 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if(!strcmp(*argv, "-engine")) { + if (--argc < 1) badarg = 1; + engine = *(++argv); } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -147,6 +153,24 @@ int MAIN(int argc, char **argv) goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -268,6 +292,7 @@ static void usage() BIO_printf(bio_err, "-inkey file input key\n"); BIO_printf(bio_err, "-pubin input is an RSA public\n"); BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); + BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); BIO_printf(bio_err, "-raw use no padding\n"); BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n"); diff --git a/apps/smime.c b/apps/smime.c index 25997feb6d..8d5fbbb76a 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -64,6 +64,7 @@ #include #include #include +#include #undef PROG #define PROG smime_main @@ -81,6 +82,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int operation = 0; int ret = 0; char **args; @@ -103,8 +105,9 @@ int MAIN(int argc, char **argv) char *inrand = NULL; int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - args = argv + 1; + char *engine=NULL; + args = argv + 1; ret = 1; while (!badarg && *args && *args[0] == '-') { @@ -153,6 +156,11 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; + } else if (!strcmp(*args,"-engine")) { + if (args[1]) { + args++; + engine = *args; + } else badarg = 1; } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -290,6 +298,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); @@ -297,6 +306,24 @@ int MAIN(int argc, char **argv) goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/spkac.c b/apps/spkac.c index ad45c2ddb7..152f6bf464 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -69,6 +69,7 @@ #include #include #include +#include #undef PROG #define PROG spkac_main @@ -81,6 +82,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i,badops=0, ret = 1; BIO *in = NULL,*out = NULL, *key = NULL; int verify=0,noout=0,pubkey=0; @@ -91,6 +93,7 @@ int MAIN(int argc, char **argv) LHASH *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; + char *engine=NULL; apps_startup(); @@ -136,6 +139,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -161,6 +169,7 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); goto end; } @@ -170,6 +179,24 @@ bad: goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if(keyfile) { if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r"); else key = BIO_new_fp(stdin, BIO_NOCLOSE); diff --git a/apps/verify.c b/apps/verify.c index f50eaaecb3..e2f571032e 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -65,6 +65,7 @@ #include #include #include +#include #undef PROG #define PROG verify_main @@ -78,6 +79,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int i,ret=1; int purpose = -1; char *CApath=NULL,*CAfile=NULL; @@ -85,6 +87,7 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; + char *engine=NULL; cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -137,6 +140,11 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto end; + engine= *(++argv); + } else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-verbose") == 0) @@ -152,6 +160,24 @@ int MAIN(int argc, char **argv) break; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); if (CAfile) { @@ -199,7 +225,7 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/apps/x509.c b/apps/x509.c index b86352e2fb..5700b09d7a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -73,6 +73,7 @@ #include #include #include +#include #undef PROG #define PROG x509_main @@ -129,6 +130,7 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +" -engine e - use engine e, possibly a hardware device.\n", NULL }; @@ -145,6 +147,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; int ret=1; X509_REQ *req=NULL; X509 *x=NULL,*xca=NULL; @@ -175,6 +178,7 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0; + char *engine=NULL; reqfile=0; @@ -331,6 +335,11 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -414,6 +423,24 @@ bad: goto end; } + if (engine != NULL) + { + if((e = ENGINE_by_id(engine)) == NULL) + { + BIO_printf(bio_err,"invalid engine \"%s\"\n", + engine); + goto end; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine); + /* Free our "structural" reference. */ + ENGINE_free(e); + } + if (need_rand) app_RAND_load_file(NULL, bio_err, 0); -- 2.40.0