From 2f011cfc31d0eb6de74eddfccae011c7a0181e44 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 21 Oct 2020 13:22:40 +0200 Subject: [PATCH] p11engine and p11module need to be orthogonal (independent of each other) --- osslsigncode.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/osslsigncode.c b/osslsigncode.c index 1bad37e..8613220 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -5250,7 +5250,6 @@ out: static int read_xcertfile(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) { BIO *btmp; - PKCS7 *p7; int ret = 0; btmp = BIO_new_file(options->xcertfile, "rb"); @@ -5372,7 +5371,7 @@ ENGINE *dynamic_engine(GLOBAL_OPTIONS *options) } /* Load a pkcs11 engine */ -ENGINE *pkcs11_engine(GLOBAL_OPTIONS *options) +ENGINE *pkcs11_engine() { ENGINE *engine = ENGINE_by_id("pkcs11"); if (!engine) { @@ -5385,7 +5384,7 @@ ENGINE *pkcs11_engine(GLOBAL_OPTIONS *options) /* Load the private key and the signer certificate from a security token */ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine, CRYPTO_PARAMS *cparams) { - if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { + if (options->p11module && !ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { printf("Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); ENGINE_free(engine); return 0; /* FAILED */ @@ -5451,12 +5450,12 @@ static int read_crypto_params(GLOBAL_OPTIONS *options, CRYPTO_PARAMS *cparams) #ifndef OPENSSL_NO_ENGINE /* PKCS11 engine and module support */ - } else if (options->p11module) { + } else if ((options->p11engine) || (options->p11module)) { ENGINE *engine; if (options->p11engine) engine = dynamic_engine(options); else - engine = pkcs11_engine(options); + engine = pkcs11_engine(); if (!engine) goto out; /* FAILED */ printf("Engine \"%s\" set.\n", ENGINE_get_id(engine)); @@ -5991,7 +5990,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS (*cmd != CMD_VERIFY && !options->outfile) || (*cmd == CMD_SIGN && !((options->certfile && options->keyfile) || #ifndef OPENSSL_NO_ENGINE - options->p11module || + options->p11engine || options->p11module || #endif /* OPENSSL_NO_ENGINE */ options->pkcs12file))) { if (failarg)