[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Sun May 21 22:25:00 UTC 2017

The branch OpenSSL_1_1_0-stable has been updated
       via  8f59b3267ddbffc6dd0da780fe5a1f3dcc4a2259 (commit)
      from  5a02eefaad7c8e53d6c7b9f57d947a9cfe6a167f (commit)

- Log -----------------------------------------------------------------
commit 8f59b3267ddbffc6dd0da780fe5a1f3dcc4a2259
Author: Rich Salz <rsalz at openssl.org>
Date:   Sat May 20 21:44:31 2017 -0400

    -inkey can be an identifier, not just a file
    update pkcs12, smime, ts apps.
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3507)
    (cherry picked from commit 48b5352212d8c68f7fd071ca9f38822b7e954c5a)


Summary of changes:
 apps/pkcs12.c       | 2 +-
 apps/smime.c        | 2 +-
 apps/ts.c           | 2 +-
 doc/apps/pkcs12.pod | 6 ++++--
 doc/apps/smime.pod  | 6 ++++--
 doc/apps/ts.pod     | 6 ++++--
 6 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 0e69c9c..6c07e81 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -91,7 +91,7 @@ OPTIONS pkcs12_options[] = {
     {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
     {"rand", OPT_RAND, 's',
      "Load the file(s) into the random number generator"},
-    {"inkey", OPT_INKEY, '<', "Private key if not infile"},
+    {"inkey", OPT_INKEY, 's', "Private key if not infile"},
     {"certfile", OPT_CERTFILE, '<', "Load certs from file"},
     {"name", OPT_NAME, 's', "Use name as friendly name"},
     {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
diff --git a/apps/smime.c b/apps/smime.c
index caa9252..e18d7de 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -70,7 +70,7 @@ OPTIONS smime_options[] = {
     {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
     {"in", OPT_IN, '<', "Input file"},
     {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
-    {"inkey", OPT_INKEY, '<',
+    {"inkey", OPT_INKEY, 's',
      "Input private key (if not signer or recipient)"},
     {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
     {"out", OPT_OUT, '>', "Output file"},
diff --git a/apps/ts.c b/apps/ts.c
index 14c533b..0e07c08 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -106,7 +106,7 @@ OPTIONS ts_options[] = {
     {"reply", OPT_REPLY, '-', "Generate a TS reply"},
     {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
-    {"inkey", OPT_INKEY, '<', "File with private key for reply"},
+    {"inkey", OPT_INKEY, 's', "File with private key for reply"},
     {"signer", OPT_SIGNER, 's', "Signer certificate file"},
     {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
     {"verify", OPT_VERIFY, '-', "Verify a TS response"},
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 3dea46c..2df4776 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -10,7 +10,7 @@ B<openssl> B<pkcs12>
-[B<-inkey filename>]
+[B<-inkey file_or_id>]
 [B<-certfile filename>]
 [B<-name name>]
 [B<-caname name>]
@@ -173,10 +173,12 @@ default.  They must all be in PEM format. The order doesn't matter but one
 private key and its corresponding certificate should be present. If additional
 certificates are present they will also be included in the PKCS#12 file.
-=item B<-inkey filename>
+=item B<-inkey file_or_id>
 file to read private key from. If not present then a private key must be present
 in the input file.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
 =item B<-name friendlyname>
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 7980e35..d3e0214 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -54,7 +54,7 @@ B<openssl> B<smime>
 [B<-recip  file>]
 [B<-inform SMIME|PEM|DER>]
 [B<-passin arg>]
-[B<-inkey file>]
+[B<-inkey file_or_id>]
 [B<-out file>]
 [B<-outform SMIME|PEM|DER>]
 [B<-content file>]
@@ -280,13 +280,15 @@ verification was successful.
 the recipients certificate when decrypting a message. This certificate
 must match one of the recipients of the message or an error occurs.
-=item B<-inkey file>
+=item B<-inkey file_or_id>
 the private key to use when signing or decrypting. This must match the
 corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
 the B<-recip> or B<-signer> file. When signing this option can be used
 multiple times to specify successive keys.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
 =item B<-passin arg>
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index 2ec9837..cf30947 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -27,7 +27,7 @@ B<-reply>
 [B<-queryfile> request.tsq]
 [B<-passin> password_src]
 [B<-signer> tsa_cert.pem]
-[B<-inkey> private.pem]
+[B<-inkey> file_or_id]
 [B<-chain> certs_file.pem]
 [B<-tspolicy> object_id]
@@ -243,10 +243,12 @@ timeStamping. The extended key usage must also be critical, otherwise
 the certificate is going to be refused. Overrides the B<signer_cert>
 variable of the config file. (Optional)
-=item B<-inkey> private.pem
+=item B<-inkey> file_or_id
 The signer private key of the TSA in PEM format. Overrides the
 B<signer_key> config file option. (Optional)
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
 =item B<-sha1|-sha224|-sha256|-sha384|-sha512>

More information about the openssl-commits mailing list