mirror of https://github.com/openssl/openssl
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
This commit is contained in:
parent
b86fa8c556
commit
d382e79632
10
apps/ca.c
10
apps/ca.c
|
@ -274,7 +274,7 @@ int ca_main(int argc, char **argv)
|
|||
char def_dgst[80] = "";
|
||||
char *dgst = NULL, *policy = NULL, *keyfile = NULL;
|
||||
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
|
||||
int certformat = FORMAT_PEM, informat = FORMAT_PEM;
|
||||
int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF;
|
||||
const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
|
||||
const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
|
||||
char *passin = NULL;
|
||||
|
@ -289,7 +289,7 @@ int ca_main(int argc, char **argv)
|
|||
size_t outdirlen = 0;
|
||||
int create_ser = 0, free_passin = 0, total = 0, total_done = 0;
|
||||
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
|
||||
int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0;
|
||||
int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0;
|
||||
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
|
||||
int rand_ser = 0, i, j, selfsign = 0, def_ret;
|
||||
char *crl_lastupdate = NULL, *crl_nextupdate = NULL;
|
||||
|
@ -594,7 +594,7 @@ end_of_options:
|
|||
&& (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
|
||||
goto end;
|
||||
|
||||
x509 = load_cert_pass(certfile, 1, passin, "CA certificate");
|
||||
x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate");
|
||||
if (x509 == NULL)
|
||||
goto end;
|
||||
|
||||
|
@ -1287,7 +1287,7 @@ end_of_options:
|
|||
} else {
|
||||
X509 *revcert;
|
||||
|
||||
revcert = load_cert_pass(infile, 1, passin,
|
||||
revcert = load_cert_pass(infile, informat, 1, passin,
|
||||
"certificate to be revoked");
|
||||
if (revcert == NULL)
|
||||
goto end;
|
||||
|
@ -1417,7 +1417,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
|
|||
EVP_PKEY *pktmp = NULL;
|
||||
int ok = -1, i;
|
||||
|
||||
if ((template_cert = load_cert_pass(infile, 1, passin,
|
||||
if ((template_cert = load_cert_pass(infile, certformat, 1, passin,
|
||||
"template certificate")) == NULL)
|
||||
goto end;
|
||||
if (verbose)
|
||||
|
|
|
@ -131,8 +131,8 @@ static int opt_revreason = CRL_REASON_NONE;
|
|||
/* credentials format */
|
||||
static char *opt_certform_s = "PEM";
|
||||
static int opt_certform = FORMAT_PEM;
|
||||
static char *opt_keyform_s = "PEM";
|
||||
static int opt_keyform = FORMAT_PEM;
|
||||
static char *opt_keyform_s = NULL;
|
||||
static int opt_keyform = FORMAT_UNDEF;
|
||||
static char *opt_otherpass = NULL;
|
||||
static char *opt_engine = NULL;
|
||||
|
||||
|
@ -635,7 +635,7 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc)
|
|||
X509 *cert;
|
||||
char *pass_string = get_passwd(pass, desc);
|
||||
|
||||
cert = load_cert_pass(uri, 0, pass_string, desc);
|
||||
cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc);
|
||||
clear_free(pass_string);
|
||||
return cert;
|
||||
}
|
||||
|
|
16
apps/cms.c
16
apps/cms.c
|
@ -292,7 +292,7 @@ int cms_main(int argc, char **argv)
|
|||
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||
int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
|
||||
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
|
||||
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
|
||||
size_t secret_keylen = 0, secret_keyidlen = 0;
|
||||
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
|
||||
unsigned char *secret_key = NULL, *secret_keyid = NULL;
|
||||
|
@ -611,7 +611,8 @@ int cms_main(int argc, char **argv)
|
|||
if (operation == SMIME_ENCRYPT) {
|
||||
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
cert = load_cert(opt_arg(), "recipient certificate file");
|
||||
cert = load_cert(opt_arg(), FORMAT_UNDEF,
|
||||
"recipient certificate file");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
|
@ -810,7 +811,8 @@ int cms_main(int argc, char **argv)
|
|||
if ((encerts = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
while (*argv) {
|
||||
if ((cert = load_cert(*argv, "recipient certificate file")) == NULL)
|
||||
if ((cert = load_cert(*argv, FORMAT_UNDEF,
|
||||
"recipient certificate file")) == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
cert = NULL;
|
||||
|
@ -826,7 +828,7 @@ int cms_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
|
||||
if ((recip = load_cert(recipfile,
|
||||
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
|
||||
"recipient certificate file")) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
|
@ -834,7 +836,7 @@ int cms_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (originatorfile != NULL) {
|
||||
if ((originator = load_cert(originatorfile,
|
||||
if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
|
||||
"originator certificate file")) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
|
@ -842,7 +844,7 @@ int cms_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (operation == SMIME_SIGN_RECEIPT) {
|
||||
if ((signer = load_cert(signerfile,
|
||||
if ((signer = load_cert(signerfile, FORMAT_UNDEF,
|
||||
"receipt signer certificate file")) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
|
@ -1048,7 +1050,7 @@ int cms_main(int argc, char **argv)
|
|||
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
|
||||
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
|
||||
|
||||
signer = load_cert(signerfile, "signer certificate");
|
||||
signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
|
||||
if (signer == NULL) {
|
||||
ret = 2;
|
||||
goto end;
|
||||
|
|
|
@ -88,7 +88,7 @@ int crl_main(int argc, char **argv)
|
|||
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
|
||||
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
|
||||
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
|
||||
int i;
|
||||
|
@ -211,7 +211,7 @@ int crl_main(int argc, char **argv)
|
|||
if (!opt_md(digestname, &digest))
|
||||
goto opthelp;
|
||||
}
|
||||
x = load_crl(infile, 1, "CRL");
|
||||
x = load_crl(infile, informat, 1, "CRL");
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
|
||||
|
@ -256,7 +256,7 @@ int crl_main(int argc, char **argv)
|
|||
BIO_puts(bio_err, "Missing CRL signing key\n");
|
||||
goto end;
|
||||
}
|
||||
newcrl = load_crl(crldiff, 0, "other CRL");
|
||||
newcrl = load_crl(crldiff, informat, 0, "other CRL");
|
||||
if (!newcrl)
|
||||
goto end;
|
||||
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
|
||||
|
|
|
@ -105,7 +105,7 @@ int dgst_main(int argc, char **argv)
|
|||
const char *sigfile = NULL;
|
||||
const char *md_name = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
|
||||
int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
|
||||
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
|
||||
int xoflen = 0;
|
||||
unsigned char *buf = NULL, *sigbuf = NULL;
|
||||
|
|
|
@ -83,7 +83,7 @@ int dsa_main(int argc, char **argv)
|
|||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
|
||||
int private = 0;
|
||||
|
|
|
@ -69,7 +69,7 @@ int dsaparam_main(int argc, char **argv)
|
|||
EVP_PKEY *params = NULL, *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
int numbits = -1, num = 0, genkey = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0;
|
||||
int ret = 1, i, text = 0, private = 0;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
@ -181,7 +181,7 @@ int dsaparam_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
} else {
|
||||
params = load_keyparams(infile, 1, "DSA", "DSA parameters");
|
||||
params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
|
||||
}
|
||||
if (params == NULL) {
|
||||
/* Error message should already have been displayed */
|
||||
|
|
|
@ -73,7 +73,7 @@ int ec_main(int argc, char **argv)
|
|||
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
|
||||
int check = 0;
|
||||
char *asn1_encoding = NULL;
|
||||
|
|
|
@ -240,7 +240,7 @@ int ecparam_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
} else {
|
||||
params_key = load_keyparams(infile, 1, "EC", "EC parameters");
|
||||
params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
|
||||
if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
|
||||
goto end;
|
||||
if (point_format
|
||||
|
|
|
@ -121,7 +121,7 @@ int gendsa_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
|
||||
pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
|
||||
pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters");
|
||||
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
|
|
|
@ -108,18 +108,19 @@ char *get_passwd(const char *pass, const char *desc);
|
|||
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(CONF *conf);
|
||||
X509_REQ *load_csr(const char *file, int format, const char *desc);
|
||||
X509 *load_cert_pass(const char *uri, int maybe_stdin,
|
||||
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, const char *desc);
|
||||
#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
|
||||
X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc);
|
||||
#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
|
||||
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
|
||||
const char *desc);
|
||||
void cleanse(char *str);
|
||||
void clear_free(char *str);
|
||||
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *desc);
|
||||
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *desc);
|
||||
EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
|
||||
const char *desc);
|
||||
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
|
||||
const char *keytype, const char *desc);
|
||||
char *next_item(char *opt); /* in list separated by comma and/or space */
|
||||
int load_cert_certs(const char *uri,
|
||||
X509 **pcert, STACK_OF(X509) **pcerts,
|
||||
|
@ -133,13 +134,13 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
|
|||
const char *pass, const char *desc);
|
||||
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
|
||||
const char *pass, const char *desc);
|
||||
int load_key_certs_crls(const char *uri, int maybe_stdin,
|
||||
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, const char *desc,
|
||||
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
|
||||
EVP_PKEY **pparams,
|
||||
X509 **pcert, STACK_OF(X509) **pcerts,
|
||||
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
|
||||
int load_key_cert_crl(const char *uri, int maybe_stdin,
|
||||
int load_key_cert_crl(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, const char *desc,
|
||||
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
|
||||
X509 **pcert, X509_CRL **pcrl);
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
#include <openssl/bn.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/store.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include "s_apps.h"
|
||||
#include "apps.h"
|
||||
|
||||
|
@ -478,7 +479,7 @@ CONF *app_load_config_modules(const char *configfile)
|
|||
#define IS_HTTPS(uri) ((uri) != NULL \
|
||||
&& strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
|
||||
|
||||
X509 *load_cert_pass(const char *uri, int maybe_stdin,
|
||||
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, const char *desc)
|
||||
{
|
||||
X509 *cert = NULL;
|
||||
|
@ -490,7 +491,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
|
|||
else if (IS_HTTP(uri))
|
||||
cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */);
|
||||
else
|
||||
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
|
||||
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
|
||||
NULL, NULL, NULL, &cert, NULL, NULL, NULL);
|
||||
if (cert == NULL) {
|
||||
BIO_printf(bio_err, "Unable to load %s\n", desc);
|
||||
|
@ -499,7 +500,8 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
|
|||
return cert;
|
||||
}
|
||||
|
||||
X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
|
||||
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
|
||||
const char *desc)
|
||||
{
|
||||
X509_CRL *crl = NULL;
|
||||
|
||||
|
@ -510,7 +512,7 @@ X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
|
|||
else if (IS_HTTP(uri))
|
||||
crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
|
||||
else
|
||||
(void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
|
||||
(void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
|
||||
NULL, NULL, NULL, NULL, NULL, &crl, NULL);
|
||||
if (crl == NULL) {
|
||||
BIO_printf(bio_err, "Unable to load %s\n", desc);
|
||||
|
@ -524,6 +526,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc)
|
|||
X509_REQ *req = NULL;
|
||||
BIO *in;
|
||||
|
||||
if (format == FORMAT_UNDEF)
|
||||
format = FORMAT_PEM;
|
||||
if (desc == NULL)
|
||||
desc = "CSR";
|
||||
in = bio_open_default(file, 'r', format);
|
||||
|
@ -570,7 +574,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
|
|||
if (format == FORMAT_ENGINE) {
|
||||
uri = allocated_uri = make_engine_uri(e, uri, desc);
|
||||
}
|
||||
(void)load_key_certs_crls(uri, may_stdin, pass, desc,
|
||||
(void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
|
||||
&pkey, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
|
||||
OPENSSL_free(allocated_uri);
|
||||
|
@ -589,22 +593,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
|
|||
if (format == FORMAT_ENGINE) {
|
||||
uri = allocated_uri = make_engine_uri(e, uri, desc);
|
||||
}
|
||||
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
|
||||
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
|
||||
NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
|
||||
|
||||
OPENSSL_free(allocated_uri);
|
||||
return pkey;
|
||||
}
|
||||
|
||||
EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
|
||||
const char *desc)
|
||||
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
|
||||
const char *keytype, const char *desc)
|
||||
{
|
||||
EVP_PKEY *params = NULL;
|
||||
|
||||
if (desc == NULL)
|
||||
desc = "key parameters";
|
||||
|
||||
(void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
|
||||
(void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
|
||||
NULL, NULL, ¶ms, NULL, NULL, NULL, NULL);
|
||||
if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
|
||||
BIO_printf(bio_err,
|
||||
|
@ -698,7 +702,8 @@ int load_cert_certs(const char *uri,
|
|||
return ret;
|
||||
}
|
||||
pass_string = get_passwd(pass, desc);
|
||||
ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
|
||||
ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc,
|
||||
NULL, NULL, NULL,
|
||||
pcert, pcerts, NULL, NULL);
|
||||
clear_free(pass_string);
|
||||
|
||||
|
@ -800,7 +805,8 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
|
|||
const char *pass, const char *desc)
|
||||
{
|
||||
int was_NULL = *certs == NULL;
|
||||
int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
|
||||
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin,
|
||||
pass, desc, NULL, NULL,
|
||||
NULL, NULL, certs, NULL, NULL);
|
||||
|
||||
if (!ret && was_NULL) {
|
||||
|
@ -818,7 +824,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
|
|||
const char *pass, const char *desc)
|
||||
{
|
||||
int was_NULL = *crls == NULL;
|
||||
int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
|
||||
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc,
|
||||
NULL, NULL, NULL,
|
||||
NULL, NULL, NULL, crls);
|
||||
|
||||
if (!ret && was_NULL) {
|
||||
|
@ -828,6 +835,17 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
|
|||
return ret;
|
||||
}
|
||||
|
||||
static const char *format2string(int format)
|
||||
{
|
||||
switch(format) {
|
||||
case FORMAT_PEM:
|
||||
return "PEM";
|
||||
case FORMAT_ASN1:
|
||||
return "DER";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Set type expectation, but clear it if objects of different types expected. */
|
||||
#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
|
||||
/*
|
||||
|
@ -843,7 +861,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
|
|||
* In any case (also on error) the caller is responsible for freeing all members
|
||||
* of *pcerts and *pcrls (as far as they are not NULL).
|
||||
*/
|
||||
int load_key_certs_crls(const char *uri, int maybe_stdin,
|
||||
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
|
||||
const char *pass, const char *desc,
|
||||
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
|
||||
EVP_PKEY **pparams,
|
||||
|
@ -863,6 +881,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
pcrls != NULL ? "CRLs" : NULL;
|
||||
int cnt_expectations = 0;
|
||||
int expect = -1;
|
||||
const char *input_type;
|
||||
OSSL_PARAM itp[2];
|
||||
const OSSL_PARAM *params = NULL;
|
||||
/* TODO make use of the engine reference 'eng' when loading pkeys */
|
||||
|
||||
if (ppkey != NULL) {
|
||||
|
@ -915,6 +936,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
uidata.password = pass;
|
||||
uidata.prompt_info = uri;
|
||||
|
||||
if ((input_type = format2string(format)) != NULL) {
|
||||
itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
|
||||
(char *)input_type, 0);
|
||||
itp[1] = OSSL_PARAM_construct_end();
|
||||
params = itp;
|
||||
}
|
||||
|
||||
if (uri == NULL) {
|
||||
BIO *bio;
|
||||
|
||||
|
@ -927,12 +955,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
bio = BIO_new_fp(stdin, 0);
|
||||
if (bio != NULL) {
|
||||
ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
|
||||
get_ui_method(), &uidata, NULL, NULL);
|
||||
get_ui_method(), &uidata, params,
|
||||
NULL, NULL);
|
||||
BIO_free(bio);
|
||||
}
|
||||
} else {
|
||||
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
|
||||
NULL, NULL);
|
||||
params, NULL, NULL);
|
||||
}
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "Could not open file or uri for loading");
|
||||
|
@ -2322,7 +2351,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
|
|||
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
|
||||
urlptr = get_dp_url(dp);
|
||||
if (urlptr != NULL)
|
||||
return load_crl(urlptr, 0, "CRL via CDP");
|
||||
return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP");
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -1019,7 +1019,8 @@ int load_excert(SSL_EXCERT **pexc)
|
|||
BIO_printf(bio_err, "Missing filename\n");
|
||||
return 0;
|
||||
}
|
||||
exc->cert = load_cert(exc->certfile, "Server Certificate");
|
||||
exc->cert = load_cert(exc->certfile, exc->certform,
|
||||
"Server Certificate");
|
||||
if (exc->cert == NULL)
|
||||
return 0;
|
||||
if (exc->keyfile != NULL) {
|
||||
|
|
12
apps/ocsp.c
12
apps/ocsp.c
|
@ -402,7 +402,7 @@ int ocsp_main(int argc, char **argv)
|
|||
path = opt_arg();
|
||||
break;
|
||||
case OPT_ISSUER:
|
||||
issuer = load_cert(opt_arg(), "issuer certificate");
|
||||
issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate");
|
||||
if (issuer == NULL)
|
||||
goto end;
|
||||
if (issuers == NULL) {
|
||||
|
@ -414,7 +414,7 @@ int ocsp_main(int argc, char **argv)
|
|||
break;
|
||||
case OPT_CERT:
|
||||
X509_free(cert);
|
||||
cert = load_cert(opt_arg(), "certificate");
|
||||
cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
if (cert_id_md == NULL)
|
||||
|
@ -565,7 +565,7 @@ int ocsp_main(int argc, char **argv)
|
|||
if (rsignfile != NULL) {
|
||||
if (rkeyfile == NULL)
|
||||
rkeyfile = rsignfile;
|
||||
rsigner = load_cert(rsignfile, "responder certificate");
|
||||
rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate");
|
||||
if (rsigner == NULL) {
|
||||
BIO_printf(bio_err, "Error loading responder certificate\n");
|
||||
goto end;
|
||||
|
@ -581,7 +581,7 @@ int ocsp_main(int argc, char **argv)
|
|||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL,
|
||||
rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
|
||||
"responder private key");
|
||||
if (rkey == NULL)
|
||||
goto end;
|
||||
|
@ -661,7 +661,7 @@ redo_accept:
|
|||
if (signfile != NULL) {
|
||||
if (keyfile == NULL)
|
||||
keyfile = signfile;
|
||||
signer = load_cert(signfile, "signer certificate");
|
||||
signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
|
||||
if (signer == NULL) {
|
||||
BIO_printf(bio_err, "Error loading signer certificate\n");
|
||||
goto end;
|
||||
|
@ -671,7 +671,7 @@ redo_accept:
|
|||
"signer certificates"))
|
||||
goto end;
|
||||
}
|
||||
key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
|
||||
key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
|
||||
"signer private key");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
|
|
|
@ -83,7 +83,7 @@ int pkcs8_main(int argc, char **argv)
|
|||
char *passin = NULL, *passout = NULL, *p8pass = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
|
||||
int private = 0, traditional = 0;
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
|
||||
|
@ -214,7 +214,8 @@ int pkcs8_main(int argc, char **argv)
|
|||
if ((pbe_nid == -1) && cipher == NULL)
|
||||
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
|
||||
|
||||
in = bio_open_default(infile, 'r', informat);
|
||||
in = bio_open_default(infile, 'r',
|
||||
informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, outformat, private);
|
||||
|
@ -298,7 +299,7 @@ int pkcs8_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (nocrypt) {
|
||||
if (informat == FORMAT_PEM) {
|
||||
if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
|
||||
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
|
||||
|
@ -307,7 +308,7 @@ int pkcs8_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
} else {
|
||||
if (informat == FORMAT_PEM) {
|
||||
if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
|
||||
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
|
||||
} else if (informat == FORMAT_ASN1) {
|
||||
p8 = d2i_PKCS8_bio(in, NULL);
|
||||
|
|
|
@ -75,7 +75,7 @@ int pkey_main(int argc, char **argv)
|
|||
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
|
||||
char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM;
|
||||
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
|
||||
int private = 0, traditional = 0, check = 0, pub_check = 0;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
|
|
|
@ -111,7 +111,8 @@ int pkeyutl_main(int argc, char **argv)
|
|||
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
|
||||
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
|
||||
OPTION_CHOICE o;
|
||||
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
|
||||
int buf_inlen = 0, siglen = -1;
|
||||
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
|
||||
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
|
||||
int engine_impl = 0;
|
||||
int ret = 1, rv = -1;
|
||||
|
@ -555,7 +556,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
|||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(keyfile, "Certificate");
|
||||
x = load_cert(keyfile, keyform, "Certificate");
|
||||
if (x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
|
|
|
@ -256,7 +256,7 @@ int req_main(int argc, char **argv)
|
|||
int days = UNSET_DAYS;
|
||||
int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0;
|
||||
int pkey_type = -1;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
|
||||
int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0;
|
||||
int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
|
||||
long newkey_len = -1;
|
||||
|
@ -762,7 +762,7 @@ int req_main(int argc, char **argv)
|
|||
BIO_printf(bio_err,
|
||||
"Ignoring -CAkey option since no -CA option is given\n");
|
||||
} else {
|
||||
if ((CAkey = load_key(CAkeyfile, FORMAT_PEM,
|
||||
if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
|
||||
0, passin, e, "issuer private key")) == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -777,7 +777,7 @@ int req_main(int argc, char **argv)
|
|||
"Need to give the -CAkey option if using -CA\n");
|
||||
goto end;
|
||||
}
|
||||
if ((CAcert = load_cert_pass(CAfile, 1, passin,
|
||||
if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
|
||||
"issuer certificate")) == NULL)
|
||||
goto end;
|
||||
if (!X509_check_private_key(CAcert, CAkey)) {
|
||||
|
|
|
@ -96,7 +96,7 @@ int rsa_main(int argc, char **argv)
|
|||
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
|
||||
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
|
||||
int private = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, check = 0;
|
||||
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
|
||||
OPTION_CHOICE o;
|
||||
|
@ -204,7 +204,7 @@ int rsa_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (pubin) {
|
||||
int tmpformat = -1;
|
||||
int tmpformat = FORMAT_UNDEF;
|
||||
|
||||
if (pubin == 2) {
|
||||
if (informat == FORMAT_PEM)
|
||||
|
|
|
@ -81,7 +81,7 @@ int rsautl_main(int argc, char **argv)
|
|||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
|
||||
size_t rsa_inlen, rsa_outlen = 0;
|
||||
int keyformat = FORMAT_PEM, keysize, ret = 1, rv;
|
||||
int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv;
|
||||
int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
|
@ -196,7 +196,7 @@ int rsautl_main(int argc, char **argv)
|
|||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(keyfile, "Certificate");
|
||||
x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
|
||||
if (x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
|
|
|
@ -815,15 +815,15 @@ int s_client_main(int argc, char **argv)
|
|||
struct timeval timeout, *timeoutp;
|
||||
fd_set readfds, writefds;
|
||||
int noCApath = 0, noCAfile = 0, noCAstore = 0;
|
||||
int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
|
||||
int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
|
||||
int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF;
|
||||
int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0;
|
||||
int prexit = 0;
|
||||
int sdebug = 0;
|
||||
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
|
||||
int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0;
|
||||
int sbuf_len, sbuf_off, cmdletters = 1;
|
||||
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
|
||||
int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
|
||||
int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0;
|
||||
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
|
||||
int at_eof = 0;
|
||||
|
@ -1620,7 +1620,8 @@ int s_client_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (cert_file != NULL) {
|
||||
cert = load_cert_pass(cert_file, 1, pass, "client certificate");
|
||||
cert = load_cert_pass(cert_file, cert_format, 1, pass,
|
||||
"client certificate");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -1632,7 +1633,7 @@ int s_client_main(int argc, char **argv)
|
|||
|
||||
if (crl_file != NULL) {
|
||||
X509_CRL *crl;
|
||||
crl = load_crl(crl_file, 0, "CRL");
|
||||
crl = load_crl(crl_file, crl_format, 0, "CRL");
|
||||
if (crl == NULL)
|
||||
goto end;
|
||||
crls = sk_X509_CRL_new_null();
|
||||
|
|
|
@ -978,11 +978,11 @@ int s_server_main(int argc, char *argv[])
|
|||
int no_dhe = 0;
|
||||
int nocert = 0, ret = 1;
|
||||
int noCApath = 0, noCAfile = 0, noCAstore = 0;
|
||||
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
|
||||
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
|
||||
int s_cert_format = FORMAT_UNDEF, s_key_format = FORMAT_UNDEF;
|
||||
int s_dcert_format = FORMAT_UNDEF, s_dkey_format = FORMAT_UNDEF;
|
||||
int rev = 0, naccept = -1, sdebug = 0;
|
||||
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
|
||||
int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
|
||||
int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0;
|
||||
char *host = NULL;
|
||||
char *port = OPENSSL_strdup(PORT);
|
||||
unsigned char *context = NULL;
|
||||
|
@ -1688,7 +1688,8 @@ int s_server_main(int argc, char *argv[])
|
|||
if (s_key == NULL)
|
||||
goto end;
|
||||
|
||||
s_cert = load_cert_pass(s_cert_file, 1, pass, "server certificate");
|
||||
s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass,
|
||||
"server certificate");
|
||||
|
||||
if (s_cert == NULL)
|
||||
goto end;
|
||||
|
@ -1704,7 +1705,7 @@ int s_server_main(int argc, char *argv[])
|
|||
if (s_key2 == NULL)
|
||||
goto end;
|
||||
|
||||
s_cert2 = load_cert_pass(s_cert_file2, 1, pass,
|
||||
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass,
|
||||
"second server certificate");
|
||||
|
||||
if (s_cert2 == NULL)
|
||||
|
@ -1727,7 +1728,7 @@ int s_server_main(int argc, char *argv[])
|
|||
|
||||
if (crl_file != NULL) {
|
||||
X509_CRL *crl;
|
||||
crl = load_crl(crl_file, 0, "CRL");
|
||||
crl = load_crl(crl_file, crl_format, 0, "CRL");
|
||||
if (crl == NULL)
|
||||
goto end;
|
||||
crls = sk_X509_CRL_new_null();
|
||||
|
@ -1749,7 +1750,7 @@ int s_server_main(int argc, char *argv[])
|
|||
if (s_dkey == NULL)
|
||||
goto end;
|
||||
|
||||
s_dcert = load_cert_pass(s_dcert_file, 1, dpass,
|
||||
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass,
|
||||
"second server certificate");
|
||||
|
||||
if (s_dcert == NULL) {
|
||||
|
@ -1975,9 +1976,9 @@ int s_server_main(int argc, char *argv[])
|
|||
EVP_PKEY *dhpkey = NULL;
|
||||
|
||||
if (dhfile != NULL)
|
||||
dhpkey = load_keyparams(dhfile, 0, "DH", "DH parameters");
|
||||
dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters");
|
||||
else if (s_cert_file != NULL)
|
||||
dhpkey = load_keyparams(s_cert_file, 0, "DH", "DH parameters");
|
||||
dhpkey = load_keyparams(s_cert_file, FORMAT_UNDEF, 0, "DH", "DH parameters");
|
||||
|
||||
if (dhpkey != NULL) {
|
||||
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
|
||||
|
@ -2009,7 +2010,8 @@ int s_server_main(int argc, char *argv[])
|
|||
|
||||
if (ctx2 != NULL) {
|
||||
if (dhfile != NULL) {
|
||||
EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, 0, "DH",
|
||||
EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, FORMAT_UNDEF,
|
||||
0, "DH",
|
||||
"DH parameters");
|
||||
|
||||
if (dhpkey2 != NULL) {
|
||||
|
|
|
@ -151,7 +151,7 @@ int smime_main(int argc, char **argv)
|
|||
int noCApath = 0, noCAfile = 0, noCAstore = 0;
|
||||
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
|
||||
FORMAT_PEM;
|
||||
FORMAT_UNDEF;
|
||||
int vpmtouched = 0, rv = 0;
|
||||
ENGINE *e = NULL;
|
||||
const char *mime_eol = "\n";
|
||||
|
@ -449,7 +449,8 @@ int smime_main(int argc, char **argv)
|
|||
if (encerts == NULL)
|
||||
goto end;
|
||||
while (*argv != NULL) {
|
||||
cert = load_cert(*argv, "recipient certificate file");
|
||||
cert = load_cert(*argv, FORMAT_UNDEF,
|
||||
"recipient certificate file");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
sk_X509_push(encerts, cert);
|
||||
|
@ -466,7 +467,7 @@ int smime_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
|
||||
if ((recip = load_cert(recipfile,
|
||||
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
|
||||
"recipient certificate file")) == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
|
@ -573,7 +574,7 @@ int smime_main(int argc, char **argv)
|
|||
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
|
||||
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
|
||||
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
|
||||
signer = load_cert(signerfile, "signer certificate");
|
||||
signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
|
||||
if (signer == NULL)
|
||||
goto end;
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
|
||||
|
|
|
@ -67,7 +67,7 @@ int spkac_main(int argc, char **argv)
|
|||
char *spkstr = NULL, *prog;
|
||||
const char *spkac = "SPKAC", *spksect = "default";
|
||||
int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
|
||||
int keyformat = FORMAT_PEM;
|
||||
int keyformat = FORMAT_UNDEF;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, spkac_options);
|
||||
|
|
|
@ -358,7 +358,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
|
|||
int ret = 1, items = 0;
|
||||
|
||||
if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
|
||||
NULL, NULL))
|
||||
NULL, NULL, NULL))
|
||||
== NULL) {
|
||||
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
|
||||
ERR_print_errors(bio_err);
|
||||
|
|
|
@ -253,7 +253,7 @@ static int check(X509_STORE *ctx, const char *file,
|
|||
STACK_OF(X509) *chain = NULL;
|
||||
int num_untrusted;
|
||||
|
||||
x = load_cert(file, "certificate file");
|
||||
x = load_cert(file, FORMAT_UNDEF, "certificate file");
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
|
||||
|
|
|
@ -266,9 +266,9 @@ int x509_main(int argc, char **argv)
|
|||
char *prog;
|
||||
int days = UNSET_DAYS; /* not explicitly set */
|
||||
int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0;
|
||||
int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
|
||||
int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF;
|
||||
int fingerprint = 0, reqfile = 0, checkend = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
|
||||
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
|
||||
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
|
||||
int noout = 0, CA_createserial = 0, email = 0;
|
||||
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
|
||||
|
@ -719,7 +719,7 @@ int x509_main(int argc, char **argv)
|
|||
}
|
||||
}
|
||||
} else {
|
||||
x = load_cert_pass(infile, 1, passin, "certificate");
|
||||
x = load_cert_pass(infile, informat, 1, passin, "certificate");
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -734,7 +734,7 @@ int x509_main(int argc, char **argv)
|
|||
goto end;
|
||||
|
||||
if (CAfile != NULL) {
|
||||
xca = load_cert_pass(CAfile, 1, passin, "CA certificate");
|
||||
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
|
||||
if (xca == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
|
|
@ -55,7 +55,7 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
|
|||
return NULL;
|
||||
|
||||
if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
|
||||
NULL, NULL)) == NULL)
|
||||
NULL, NULL, NULL)) == NULL)
|
||||
goto err;
|
||||
#ifndef OPENSSL_NO_SECURE_HEAP
|
||||
# ifndef OPENSSL_NO_DEPRECATED_3_0
|
||||
|
|
|
@ -32,9 +32,37 @@
|
|||
|
||||
static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
|
||||
|
||||
static int loader_set_params(OSSL_STORE_LOADER *loader,
|
||||
OSSL_STORE_LOADER_CTX *loader_ctx,
|
||||
const OSSL_PARAM params[], const char *propq)
|
||||
{
|
||||
if (params != NULL) {
|
||||
if (!loader->p_set_ctx_params(loader_ctx, params))
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (propq != NULL) {
|
||||
OSSL_PARAM propp[2];
|
||||
|
||||
if (OSSL_PARAM_locate_const(params,
|
||||
OSSL_STORE_PARAM_PROPERTIES) != NULL)
|
||||
/* use the propq from params */
|
||||
return 1;
|
||||
|
||||
propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
|
||||
(char *)propq, 0);
|
||||
propp[1] = OSSL_PARAM_construct_end();
|
||||
|
||||
if (!loader->p_set_ctx_params(loader_ctx, propp))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
OSSL_STORE_CTX *
|
||||
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data)
|
||||
{
|
||||
|
@ -103,18 +131,11 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
|
|||
if (loader_ctx == NULL) {
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
} else if (propq != NULL) {
|
||||
OSSL_PARAM params[2];
|
||||
|
||||
params[0] = OSSL_PARAM_construct_utf8_string(
|
||||
OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
|
||||
params[1] = OSSL_PARAM_construct_end();
|
||||
|
||||
if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
|
||||
(void)fetched_loader->p_close(loader_ctx);
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
}
|
||||
} else if(!loader_set_params(fetched_loader, loader_ctx,
|
||||
params, propq)) {
|
||||
(void)fetched_loader->p_close(loader_ctx);
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
}
|
||||
loader = fetched_loader;
|
||||
}
|
||||
|
@ -187,8 +208,8 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
|
|||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data)
|
||||
{
|
||||
return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
|
||||
post_process_data);
|
||||
return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
|
||||
post_process, post_process_data);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
||||
|
@ -927,6 +948,7 @@ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
|
|||
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
|
||||
OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data)
|
||||
{
|
||||
|
@ -957,19 +979,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
|
|||
|| (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
} else if (propq != NULL) {
|
||||
OSSL_PARAM params[] = {
|
||||
OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
|
||||
NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
params[0].data = (void *)propq;
|
||||
if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
|
||||
(void)fetched_loader->p_close(loader_ctx);
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
}
|
||||
} else if (!loader_set_params(fetched_loader, loader_ctx,
|
||||
params, propq)) {
|
||||
(void)fetched_loader->p_close(loader_ctx);
|
||||
OSSL_STORE_LOADER_free(fetched_loader);
|
||||
fetched_loader = NULL;
|
||||
}
|
||||
loader = fetched_loader;
|
||||
ossl_core_bio_free(cbio);
|
||||
|
|
|
@ -21,7 +21,8 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
|
|||
OSSL_STORE_CTX *ctx = NULL;
|
||||
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
|
||||
|
||||
if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, NULL)) == NULL)
|
||||
if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
|
||||
NULL, NULL)) == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
|
|
|
@ -11,6 +11,7 @@ OSSL_STORE_attach - Functions to read objects from a BIO
|
|||
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
|
||||
OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data);
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ OSSL_STORE_error, OSSL_STORE_close
|
|||
OSSL_STORE_CTX *
|
||||
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data);
|
||||
|
||||
|
@ -68,6 +69,8 @@ B<OSSL_STORE_CTX> with all necessary internal information.
|
|||
The given I<ui_method> and I<ui_data> will be reused by all
|
||||
functions that use B<OSSL_STORE_CTX> when interaction is needed,
|
||||
for instance to provide a password.
|
||||
The auxiliary B<OSSL_PARAM> parameters in I<params> can be set to further
|
||||
modify the store operation.
|
||||
The given I<post_process> and I<post_process_data> will be reused by
|
||||
OSSL_STORE_load() to manipulate or drop the value to be returned.
|
||||
The I<post_process> function drops values by returning NULL, which
|
||||
|
@ -76,7 +79,7 @@ the next object, until I<post_process> returns something other than
|
|||
NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
|
||||
|
||||
OSSL_STORE_open() is similar to OSSL_STORE_open_ex() but uses NULL for
|
||||
the library context I<libctx> and property query I<propq>.
|
||||
the I<params>, the library context I<libctx> and property query I<propq>.
|
||||
|
||||
OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
|
||||
more arguments not specified here.
|
||||
|
|
|
@ -545,6 +545,8 @@ extern "C" {
|
|||
|
||||
/* You may want to pass properties for the provider implementation to use */
|
||||
#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */
|
||||
/* OSSL_DECODER input type if a decoder is used by the store */
|
||||
#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */
|
||||
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -59,6 +59,7 @@ OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data,
|
|||
OSSL_STORE_CTX *
|
||||
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data);
|
||||
|
||||
|
@ -131,6 +132,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
|
|||
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
|
||||
OSSL_LIB_CTX *libctx, const char *propq,
|
||||
const UI_METHOD *ui_method, void *ui_data,
|
||||
const OSSL_PARAM params[],
|
||||
OSSL_STORE_post_process_info_fn post_process,
|
||||
void *post_process_data);
|
||||
|
||||
|
|
|
@ -452,7 +452,7 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858 providers/impl
|
|||
1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy.c
|
||||
25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2 providers/implementations/signature/rsa.c
|
||||
c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732 providers/implementations/signature/sm2sig.c
|
||||
c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd providers/implementations/storemgmt/file_store.c
|
||||
e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902 providers/implementations/storemgmt/file_store.c
|
||||
291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab providers/implementations/storemgmt/file_store_der2obj.c
|
||||
04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703 providers/prov_running.c
|
||||
53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4 ssl/record/tls_pad.c
|
||||
|
|
|
@ -1 +1 @@
|
|||
b998b19b940b606688e4711014407c48c3fca4c58b2fdc60ac64c1cef94861c1 providers/fips-sources.checksums
|
||||
de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37 providers/fips-sources.checksums
|
||||
|
|
|
@ -149,15 +149,11 @@ static OSSL_DECODER_CLEANUP file_load_cleanup;
|
|||
*
|
||||
*/
|
||||
static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
|
||||
const char *input_type,
|
||||
void *provctx)
|
||||
{
|
||||
struct file_ctx_st *ctx;
|
||||
|
||||
if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL
|
||||
|| (input_type != NULL
|
||||
&& (ctx->_.file.input_type =
|
||||
OPENSSL_strdup(input_type)) == NULL)) {
|
||||
if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -285,7 +281,7 @@ static void *file_open(void *provctx, const char *uri)
|
|||
if (S_ISDIR(st.st_mode))
|
||||
ctx = file_open_dir(path, uri, provctx);
|
||||
else if ((bio = BIO_new_file(path, "rb")) == NULL
|
||||
|| (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL)
|
||||
|| (ctx = file_open_stream(bio, uri, provctx)) == NULL)
|
||||
BIO_free_all(bio);
|
||||
|
||||
return ctx;
|
||||
|
@ -299,7 +295,7 @@ void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
|
|||
if (new_bio == NULL)
|
||||
return NULL;
|
||||
|
||||
ctx = file_open_stream(new_bio, NULL, NULL, provctx);
|
||||
ctx = file_open_stream(new_bio, NULL, provctx);
|
||||
if (ctx == NULL)
|
||||
BIO_free(new_bio);
|
||||
return ctx;
|
||||
|
@ -316,6 +312,7 @@ static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
|
|||
OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
|
||||
OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_settable_ctx_params;
|
||||
|
@ -329,12 +326,22 @@ static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
|
|||
if (params == NULL)
|
||||
return 1;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
|
||||
if (p != NULL) {
|
||||
OPENSSL_free(ctx->_.file.propq);
|
||||
ctx->_.file.propq = NULL;
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
|
||||
return 0;
|
||||
if (ctx->type != IS_DIR) {
|
||||
/* these parameters are ignored for directories */
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
|
||||
if (p != NULL) {
|
||||
OPENSSL_free(ctx->_.file.propq);
|
||||
ctx->_.file.propq = NULL;
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
|
||||
return 0;
|
||||
}
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
|
||||
if (p != NULL) {
|
||||
OPENSSL_free(ctx->_.file.input_type);
|
||||
ctx->_.file.input_type = NULL;
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
|
||||
if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
|
||||
|
|
|
@ -47,7 +47,7 @@ static int test_store_open(void)
|
|||
&& TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing"))
|
||||
&& TEST_ptr(ui_method= UI_create_method("DummyUI"))
|
||||
&& TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method,
|
||||
NULL, NULL, NULL))
|
||||
NULL, NULL, NULL, NULL))
|
||||
&& TEST_false(OSSL_STORE_find(sctx, NULL))
|
||||
&& TEST_true(OSSL_STORE_find(sctx, search));
|
||||
UI_destroy_method(ui_method);
|
||||
|
@ -75,7 +75,7 @@ static int get_params(const char *uri, const char *type)
|
|||
OSSL_STORE_INFO *info;
|
||||
int ret = 0;
|
||||
|
||||
ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
if (!TEST_ptr(ctx))
|
||||
goto err;
|
||||
|
||||
|
@ -157,7 +157,7 @@ static int test_store_attach_unregistered_scheme(void)
|
|||
&& TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default"))
|
||||
&& TEST_ptr(bio = BIO_new_file(input, "r"))
|
||||
&& TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL,
|
||||
NULL, NULL, NULL, NULL))
|
||||
NULL, NULL, NULL, NULL, NULL))
|
||||
&& TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE)
|
||||
&& TEST_int_ne(ERR_GET_REASON(ERR_peek_error()),
|
||||
OSSL_STORE_R_UNREGISTERED_SCHEME);
|
||||
|
|
Loading…
Reference in New Issue