- /* Read the private key and the X.509 cert the PKCS#7 message
- * will point to.
- */
- if (!strncmp(private_key_name, "pkcs11:", 7)) {
- ENGINE *e;
-
- ENGINE_load_builtin_engines();
- drain_openssl_errors();
- e = ENGINE_by_id("pkcs11");
- ERR(!e, "Load PKCS#11 ENGINE");
- if (ENGINE_init(e))
- drain_openssl_errors();
- else
- ERR(1, "ENGINE_init");
- if (key_pass)
- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
- private_key = ENGINE_load_private_key(e, private_key_name, NULL,
- NULL);
- ERR(!private_key, "%s", private_key_name);
- } else {
- b = BIO_new_file(private_key_name, "rb");
- ERR(!b, "%s", private_key_name);
- private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, NULL);
- ERR(!private_key, "%s", private_key_name);
- BIO_free(b);
- }
-
- b = BIO_new_file(x509_name, "rb");
- ERR(!b, "%s", x509_name);
- x509 = d2i_X509_bio(b, NULL); /* Binary encoded X.509 */
- if (!x509) {
- ERR(BIO_reset(b) != 1, "%s", x509_name);
- x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); /* PEM encoded X.509 */
- if (x509)
- drain_openssl_errors();
- }
- BIO_free(b);
- ERR(!x509, "%s", x509_name);
-
- /* Open the destination file now so that we can shovel the module data
- * across as we read it.
- */
- if (!sign_only) {
- bd = BIO_new_file(dest_name, "wb");
- ERR(!bd, "%s", dest_name);
- }
-
- /* Digest the module data. */
- OpenSSL_add_all_digests();
- display_openssl_errors(__LINE__);
- digest_algo = EVP_get_digestbyname(hash_algo);
- ERR(!digest_algo, "EVP_get_digestbyname");
-