Commit 64c4f573 authored by Richard Levitte's avatar Richard Levitte
Browse files

Add the possibility to load prvate and public keys from an engine and 

implement it for nCipher hardware.  The interface in itself should be
clear enough, but the nCipher implementation is currently not the
best when it comes to getting a passphrase from the user.  However,
getting it better is a little hard until a better user interaction
method is create.

Also, use the possibility in req, so we can start to create CSR's with
keys from the nForce box.

WARNING: I've made *no* tests yet, mostly because I didn't implement
this on the machine where I have an nForce box to play with.  All I
know is that it compiles cleanly on Linux...
parent f3052a9e

apps/apps.c

+2 −0
Original line number Diff line number Diff line
@@ -168,6 +168,8 @@ int str2fmt(char *s) 
		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)

		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))

		return(FORMAT_PKCS12);

	else if ((*s == 'E') || (*s == 'e'))

		return(FORMAT_ENGINE);

	else

		return(FORMAT_UNDEF);

	}

apps/apps.h

+1 −0
Original line number Diff line number Diff line
@@ -158,6 +158,7 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format); 
#define FORMAT_PEM      3

#define FORMAT_NETSCAPE 4

#define FORMAT_PKCS12   5

#define FORMAT_ENGINE   6



#define NETSCAPE_CERT_HDR	"certificate"

apps/req.c

+49 −9
Original line number Diff line number Diff line
@@ -73,6 +73,7 @@ 
#include <openssl/x509v3.h>

#include <openssl/objects.h>

#include <openssl/pem.h>

#include <openssl/engine.h>



#define SECTION		"req"
@@ -140,6 +141,7 @@ int MAIN(int, char **); 


int MAIN(int argc, char **argv)

	{

	ENGINE *e = NULL;

#ifndef NO_DSA

	DSA *dsa_params=NULL;

#endif
@@ -152,6 +154,7 @@ int MAIN(int argc, char **argv) 
	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;

	int nodes=0,kludge=0,newhdr=0;

	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;

	char *engine=NULL;

	char *extensions = NULL;

	char *req_exts = NULL;

	EVP_CIPHER *cipher=NULL;
@@ -195,6 +198,11 @@ int MAIN(int argc, char **argv) 
			if (--argc < 1) goto bad;

			outformat=str2fmt(*(++argv));

			}

		else if (strcmp(*argv,"-engine") == 0)

			{

			if (--argc < 1) goto bad;

			engine= *(++argv);

			}

		else if (strcmp(*argv,"-key") == 0)

			{

			if (--argc < 1) goto bad;
@@ -375,6 +383,7 @@ bad: 
		BIO_printf(bio_err," -verify        verify signature on REQ\n");

		BIO_printf(bio_err," -modulus       RSA modulus\n");

		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");

		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");

		BIO_printf(bio_err," -key file	use the private key contained in file\n");

		BIO_printf(bio_err," -keyform arg   key file format\n");

		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -522,7 +531,36 @@ bad: 
	if ((in == NULL) || (out == NULL))

		goto end;



	if (engine != NULL)

		{

		if((e = ENGINE_by_id(engine)) == NULL)

			{

			BIO_printf(bio_err,"invalid engine \"%s\"\n",

				engine);

			goto end;

			}

		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))

			{

			BIO_printf(bio_err,"can't use that engine\n");

			goto end;

			}

		BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);

		/* Free our "structural" reference. */

		ENGINE_free(e);

		}



	if (keyfile != NULL)

		{

		if (keyform == FORMAT_ENGINE)

			{

			if (!e)

				{

				BIO_printf(bio_err,"no engine specified\n");

				goto end;

				}

			pkey = ENGINE_load_private_key(e, keyfile, NULL);

			}

		else

			{

			if (BIO_read_filename(in,keyfile) <= 0)

				{
@@ -534,13 +572,15 @@ bad: 
				pkey=d2i_PrivateKey_bio(in,NULL);

			else if (keyform == FORMAT_PEM)

				{

			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);

				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,

					passin);

				}

			else

				{

				BIO_printf(bio_err,"bad input format specified for X509 request\n");

				goto end;

				}

			}



		if (pkey == NULL)

			{

crypto/dh/Makefile.ssl

+24 −8
Original line number Diff line number Diff line
@@ -97,21 +97,37 @@ dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 
dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h

dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h

dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

dh_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dh_key.o: ../../include/openssl/stack.h ../cryptlib.h

dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dh_key.o: ../cryptlib.h

dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

dh_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h
 
dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dh_lib.o: ../cryptlib.h

crypto/dsa/Makefile.ssl

+58 −30
Original line number Diff line number Diff line
@@ -114,42 +114,70 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 
dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dsa_key.o: ../cryptlib.h

dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h

dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

dsa_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dsa_lib.o: ../cryptlib.h

dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

dsa_ossl.o: ../../include/openssl/opensslconf.h

dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

dsa_ossl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dsa_ossl.o: ../../include/openssl/stack.h ../cryptlib.h

dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dsa_ossl.o: ../cryptlib.h

dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

dsa_sign.o: ../../include/openssl/opensslconf.h

dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h

dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h

dsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h

dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h

dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h

dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dsa_sign.o: ../../include/openssl/stack.h ../cryptlib.h

dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

dsa_sign.o: ../cryptlib.h

dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h

dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h

dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h

dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h

dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h

dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h

dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h

dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h

dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h

dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h

dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h

dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h

dsa_vrf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h

dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h

dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h

dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h

dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h

dsa_vrf.o: ../../include/openssl/stack.h ../cryptlib.h