From 66e59702f1effae94e88e3e586e9b736151d8d98 Mon Sep 17 00:00:00 2001 From: Luke Faraone Date: Mon, 15 May 2017 18:23:17 -0700 Subject: [PATCH] Add support for using engine-backed keys in spkac Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3599) --- apps/spkac.c | 10 ++++++++-- doc/man1/spkac.pod | 6 ++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/apps/spkac.c b/apps/spkac.c index 871b4f06f8..efd4ea2305 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -24,7 +24,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, - OPT_SPKSECT + OPT_SPKSECT, OPT_KEYFORM } OPTION_CHOICE; const OPTIONS spkac_options[] = { @@ -32,6 +32,7 @@ const OPTIONS spkac_options[] = { {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"key", OPT_KEY, '<', "Create SPKAC using private key"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, @@ -58,6 +59,7 @@ int spkac_main(int argc, char **argv) char *spkstr = NULL, *prog; const char *spkac = "SPKAC", *spksect = "default"; int i, ret = 1, verify = 0, noout = 0, pubkey = 0; + int keyformat = FORMAT_PEM; OPTION_CHOICE o; prog = opt_init(argc, argv, spkac_options); @@ -93,6 +95,10 @@ int spkac_main(int argc, char **argv) case OPT_KEY: keyfile = opt_arg(); break; + case OPT_KEYFORM: + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) + goto opthelp; + break; case OPT_CHALLENGE: challenge = opt_arg(); break; @@ -118,7 +124,7 @@ int spkac_main(int argc, char **argv) if (keyfile) { pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, - FORMAT_PEM, 1, passin, e, "private key"); + keyformat, 1, passin, e, "private key"); if (!pkey) { goto end; } diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod index d4b896a1a6..14fdd0bcc8 100644 --- a/doc/man1/spkac.pod +++ b/doc/man1/spkac.pod @@ -11,6 +11,7 @@ B B [B<-in filename>] [B<-out filename>] [B<-key keyfile>] +[B<-keyform PEM|DER|ENGINE>] [B<-passin arg>] [B<-challenge string>] [B<-pubkey>] @@ -50,6 +51,11 @@ Create an SPKAC file using the private key in B. The B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if present. +=item B<-keyform PEM|DER|ENGINE> + +Whether the key format is PEM, DER, or an engine-backed key. +The default is PEM. + =item B<-passin password> The input file password source. For more information about the format of B