The openssl application pkeyutl fails if the keytypes -certin and -pubin are
placed in the options list after the -inkey option. The error message does not
indicate the correct reason for the error. The -pkeyopt and -peerkey options
also have similar restrictions but the conditions are checked for and the error
messages do correctly indicate the cause.
Please find below a patch that removes all restrictions on the order of the
options in pkeyutl
Best Regards
Nick
--------------------------
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 7eb3f5c..b511ca0 100755
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
+ char *inkey = NULL, *peerkey = NULL, *pkeyopt = NULL;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
@@ -135,26 +136,13 @@ int MAIN(int argc, char **argv)
{
if (--argc < 1)
badarg = 1;
- else
- {
- ctx = init_ctx(&keysize,
- *(++argv), keyform, key_type,
- passargin, pkey_op, e);
- if (!ctx)
- {
- BIO_puts(bio_err,
- "Error initializing context\n");
- ERR_print_errors(bio_err);
- badarg = 1;
- }
- }
+ else inkey= *(++argv);
}
else if (!strcmp(*argv,"-peerkey"))
{
if (--argc < 1)
badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
- badarg = 1;
+ else peerkey= *(++argv);
}
else if (!strcmp(*argv,"-passin"))
{
@@ -206,18 +194,7 @@ int MAIN(int argc, char **argv)
{
if (--argc < 1)
badarg = 1;
- else if (!ctx)
- {
- BIO_puts(bio_err,
- "-pkeyopt command before -inkey\n");
- badarg = 1;
- }
- else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
- {
- BIO_puts(bio_err, "parameter setting error\n");
- ERR_print_errors(bio_err);
- goto end;
- }
+ else pkeyopt= *(++argv);
}
else badarg = 1;
if(badarg)
@@ -229,12 +206,29 @@ int MAIN(int argc, char **argv)
argv++;
}
- if (!ctx)
+ if (inkey)
{
- usage();
- goto end;
+ ctx = init_ctx(&keysize, inkey, keyform, key_type, passargin,
pkey_op, e);
+ if (!ctx)
+ {
+ BIO_puts(bio_err,"Error initializing
context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
+ if (pkeyopt)
+ if (pkey_ctrl_string(ctx, pkeyopt) <= 0)
+ {
+ BIO_puts(bio_err, "Error setting pkeyopt parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (peerkey)
+ if (!setup_peer(bio_err, ctx, peerform, peerkey))
+ goto end;
+
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
{
BIO_puts(bio_err, "Signature file specified for non verify\n");
The details of this company are as follows:
G4S Technology Limited, Registered Office: Challenge House, International
Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338.
This communication may contain information which is confidential, personal
and/or privileged.
It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution,
forwarding, copying or use of this communication or the information in it is
strictly prohibited.
Any personal views expressed in this e-mail are those of the individual sender
and the company does not endorse or accept responsibility for them.
Prior to taking any action based upon this e-mail message, you should seek
appropriate confirmation of its authenticity.
This e-mail has been scanned for all viruses by MessageLabs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
