'[openssl.org #2525] [PATCH] Enhancement: Output Format for req Keys'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    [openssl.org #2525] [PATCH] Enhancement: Output Format for req Keys
From:       "David Michael via RT" <rt () openssl ! org>
Date:       2011-05-23 10:29:58
Message-ID: rt-3.4.5-34127-1306146598-1213.2525-21-0 () openssl ! org
[Download RAW message or body]

Hi,

  I have some cases where a binary (DER) private key is more useful
than PEM when created along with a certificate request.  In the req
app, new keys are hard-coded to be written as PEM files.  The attached
patch uses the value from -keyform to determine the output format
which removes the need for manual conversion afterwards.  (This is
against 1.0.0d, but should be trivial to port to other versions.)

  To have consistent names, a new option "-keyoutform" should probably
be added for this.  I didn't want to change the user interface, so I
reused -keyform.  I can resubmit with the new option if that is
preferred.  Comments?

 Thanks


["openssl-req-keyoutform.patch" (application/octet-stream)]

diff -Npru apps/req.c apps.patch/req.c
--- apps/req.c	2010-03-10 08:48:21.000000000 -0500
+++ apps.patch/req.c	2011-05-05 09:23:48.511619005 -0400
@@ -738,19 +738,27 @@ bad:
 			cipher=NULL;
 		if (nodes) cipher=NULL;
 		
-		i=0;
-loop:
-		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-			NULL,0,NULL,passout))
+		if (keyform == FORMAT_ASN1)
 			{
-			if ((ERR_GET_REASON(ERR_peek_error()) ==
-				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
+			if (!i2d_PrivateKey_bio(out,pkey))
+				goto end;
+			}
+		else
+			{
+			i=0;
+loop:
+			if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
+				NULL,0,NULL,passout))
 				{
-				ERR_clear_error();
-				i++;
-				goto loop;
+				if ((ERR_GET_REASON(ERR_peek_error()) ==
+					PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
+					{
+					ERR_clear_error();
+					i++;
+					goto loop;
+					}
+				goto end;
 				}
-			goto end;
 			}
 		BIO_printf(bio_err,"-----\n");
 		}

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic