diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-07-01 16:14:55 -0700 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-07-01 16:33:34 -0700 |
commit | 227ce9c7d9d3aab992740c1ca6837a1b43be8525 (patch) | |
tree | 7314ed72d31bbcbc3e1c2fea70a8c5b9cc7dd00c | |
parent | 4a904c23cb82ba3a601d5238543d7d68057bcfd4 (diff) | |
download | openssl-pkcs11-export-227ce9c7d9d3aab992740c1ca6837a1b43be8525.tar.gz |
Allow engine keys to be a public key file
Some engines have corresponding public key load methods, so use those
if the normal load of the public key fails.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | crypto.c | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -96,6 +96,7 @@ int crypto_load_public_key(int sec_num, const char *pub) FILE *file; EVP_PKEY *pkey; wordexp_t w; + const char *engine = cache_get_by_secnum(sec_num, "engine", NULL); wordexp(pub, &w, 0); file = fopen(w.we_wordv[0], "r"); @@ -108,11 +109,24 @@ int crypto_load_public_key(int sec_num, const char *pub) } pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL); if (!pkey) { - fprintf(stderr, "failed to read public key %s:\n", pub); - ERR_print_errors_fp(stderr); - return -1; + if (engine) { + ENGINE *e; + + ENGINE_load_builtin_engines(); + e = ENGINE_by_id(engine); + if (!e) + goto err; + ENGINE_init(e); + pkey = ENGINE_load_public_key(e, pub, NULL, NULL); + if (!pkey) + goto err; + } else { + err: + fprintf(stderr, "failed to read public key %s:\n", pub); + ERR_print_errors_fp(stderr); + return -1; + } } - return populate_public_key(sec_num, pkey); } |