[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Fri Jan 22 19:14:46 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  3665fa25436f55f9ed401ae92c2f3862fb10d952 (commit)
      from  2b80d00e3ac652377ace84c51b53f51a1b7e1ba2 (commit)


- Log -----------------------------------------------------------------
commit 3665fa25436f55f9ed401ae92c2f3862fb10d952
Author: Mouse <mouse008 at gmail.com>
Date:   Fri Jan 15 22:13:00 2016 -0500

    pkeyutl: allow peerkey for EC_DERIVE to reside on a hardware token (public key for now)
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/pkeyutl.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 070cf33..c8d513b 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -78,7 +78,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                               int   impl);
 
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-                      const char *file);
+                      const char *file, ENGINE* e);
 
 static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
                     unsigned char *out, size_t *poutlen,
@@ -149,7 +149,7 @@ int MAIN(int argc, char **argv)
         } else if (!strcmp(*argv, "-peerkey")) {
             if (--argc < 1)
                 badarg = 1;
-            else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+            else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
                 badarg = 1;
         } else if (!strcmp(*argv, "-passin")) {
             if (--argc < 1)
@@ -479,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 }
 
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-                      const char *file)
+                      const char *file, ENGINE* e)
 {
     EVP_PKEY *peer = NULL;
+    ENGINE* engine = NULL;
     int ret;
     if (!ctx) {
         BIO_puts(err, "-peerkey command before -inkey\n");
         return 0;
     }
 
-    peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+    if (peerform == FORMAT_ENGINE)
+      engine = e;
+
+    peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
 
     if (!peer) {
         BIO_printf(bio_err, "Error reading peer key %s\n", file);

More information about the openssl-commits mailing list