[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Wed Jan 13 00:23:41 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  8788fb97a89181a538032af361343195f81e4f1e (commit)
       via  6fa6a6628514dbf892c68442fab54f7476f3c703 (commit)
       via  a2a29f702ac35746cb3c3c6c36b46fbbde5f83a1 (commit)
       via  8259ccb44d1a25f5a9dcba4fea93068db8ddb1e1 (commit)
       via  ad81ca9061506482bf40c9dd17097814c3ce75b2 (commit)
       via  d65a8d0b7e4b95e79c65972eaa05ba776c5af462 (commit)
      from  75fdee04827a2e7bd809dc9cc086389e856947b9 (commit)


- Log -----------------------------------------------------------------
commit 8788fb97a89181a538032af361343195f81e4f1e
Author: Mouse <mouse008 at gmail.com>
Date:   Tue Jan 12 09:09:48 2016 -0500

    Root cause discovered and fixed, this fix became unnecessary
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 6fa6a6628514dbf892c68442fab54f7476f3c703
Author: Uri Blumenthal <uri at ll.mit.edu>
Date:   Mon Jan 11 15:23:15 2016 -0500

    Changed help output
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit a2a29f702ac35746cb3c3c6c36b46fbbde5f83a1
Author: Mouse <mouse008 at gmail.com>
Date:   Mon Jan 4 23:49:00 2016 -0500

    Pass engine=NULL to EVP_PKEY_CTX_new(), unless "-engine_impl" was given
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 8259ccb44d1a25f5a9dcba4fea93068db8ddb1e1
Author: Mouse <mouse008 at gmail.com>
Date:   Sun Jan 3 18:47:57 2016 -0500

    Remove unnecessary debugging fprintf
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit ad81ca9061506482bf40c9dd17097814c3ce75b2
Author: Mouse <mouse008 at gmail.com>
Date:   Fri Jan 1 23:30:02 2016 -0500

    Fixed crash (SIGSEGV) when freeing of ex_data stumbles upon a NULL-pointer.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit d65a8d0b7e4b95e79c65972eaa05ba776c5af462
Author: Mouse <mouse008 at gmail.com>
Date:   Fri Jan 1 23:27:49 2016 -0500

    Fixed a bug preventing pkeyutl from accessing keys directly on the token via engine_pkcs11
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/pkeyutl.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index aaa9074..070cf33 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -74,7 +74,8 @@ static void usage(void);
 
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                               char *keyfile, int keyform, int key_type,
-                              char *passargin, int pkey_op, ENGINE *e);
+                              char *passargin, int pkey_op, ENGINE *e,
+                              int   impl);
 
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
                       const char *file);
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
     EVP_PKEY_CTX *ctx = NULL;
     char *passargin = NULL;
     int keysize = -1;
+    int engine_impl = 0;
 
     unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
     size_t buf_outlen;
@@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
             else {
                 ctx = init_ctx(&keysize,
                                *(++argv), keyform, key_type,
-                               passargin, pkey_op, e);
+                               passargin, pkey_op, e, engine_impl);
                 if (!ctx) {
                     BIO_puts(bio_err, "Error initializing context\n");
                     ERR_print_errors(bio_err);
@@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
                 badarg = 1;
             else
                 e = setup_engine(bio_err, *(++argv), 0);
+        } else if (!strcmp(*argv, "-engine_impl")) {
+                engine_impl = 1;
         }
 #endif
         else if (!strcmp(*argv, "-pubin"))
@@ -368,7 +372,8 @@ static void usage()
     BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
     BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+               "-engine e       use engine e, maybe a hardware device, for loading keys.\n");
+    BIO_printf(bio_err, "-engine_impl    also use engine given by -engine for crypto operations\n");
 #endif
     BIO_printf(bio_err, "-passin arg     pass phrase source\n");
 
@@ -376,10 +381,12 @@ static void usage()
 
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                               char *keyfile, int keyform, int key_type,
-                              char *passargin, int pkey_op, ENGINE *e)
+                              char *passargin, int pkey_op, ENGINE *e,
+                              int   engine_impl)
 {
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
+    ENGINE *impl = NULL;
     char *passin = NULL;
     int rv = -1;
     X509 *x;
@@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 
     if (!pkey)
         goto end;
-
-    ctx = EVP_PKEY_CTX_new(pkey, e);
-
+        
+#ifndef OPENSSL_NO_ENGINE
+    if (engine_impl)
+	impl = e;
+#endif
+            
+    ctx = EVP_PKEY_CTX_new(pkey, impl);
+    
     EVP_PKEY_free(pkey);
 
     if (!ctx)

More information about the openssl-commits mailing list