Allow engine keys to be a public key file Some engines have corresponding public key load methods, so use those if the normal load of the public key fails. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

commit: 227ce9c7d9d3aab992740c1ca6837a1b43be8525 [log] [tgz]
author: James Bottomley <James.Bottomley@HansenPartnership.com> Wed Jul 01 16:14:55 2020 -0700
committer: James Bottomley <James.Bottomley@HansenPartnership.com> Wed Jul 01 16:33:34 2020 -0700
tree: 7314ed72d31bbcbc3e1c2fea70a8c5b9cc7dd00c
parent: 4a904c23cb82ba3a601d5238543d7d68057bcfd4 [diff]
diff --git a/crypto.c b/crypto.c
index e68a32b..87b0945 100644
--- a/crypto.c
+++ b/crypto.c

@@ -96,6 +96,7 @@
 	FILE *file;
 	EVP_PKEY *pkey;
 	wordexp_t w;
+	const char *engine = cache_get_by_secnum(sec_num, "engine", NULL);
 
 	wordexp(pub, &w, 0);
 	file = fopen(w.we_wordv[0], "r");
@@ -108,11 +109,24 @@
 	}
 	pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL);
 	if (!pkey) {
-		fprintf(stderr, "failed to read public key %s:\n", pub);
-		ERR_print_errors_fp(stderr);
-		return -1;
-	}
+		if (engine) {
+			ENGINE *e;
 
+			ENGINE_load_builtin_engines();
+			e = ENGINE_by_id(engine);
+			if (!e)
+				goto err;
+			ENGINE_init(e);
+			pkey = ENGINE_load_public_key(e, pub, NULL, NULL);
+			if (!pkey)
+				goto err;
+		} else {
+		err:
+			fprintf(stderr, "failed to read public key %s:\n", pub);
+			ERR_print_errors_fp(stderr);
+			return -1;
+		}
+	}
 	return populate_public_key(sec_num, pkey);
 }
commit	227ce9c7d9d3aab992740c1ca6837a1b43be8525	[log] [tgz]
author	James Bottomley <James.Bottomley@HansenPartnership.com>	Wed Jul 01 16:14:55 2020 -0700
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	Wed Jul 01 16:33:34 2020 -0700
tree	7314ed72d31bbcbc3e1c2fea70a8c5b9cc7dd00c
parent	4a904c23cb82ba3a601d5238543d7d68057bcfd4 [diff]