static void receipt_request_print(CMS_ContentInfo *cms);
static CMS_ReceiptRequest *make_receipt_request(
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
- STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx, const char *propq);
+ STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx);
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
STACK_OF(OPENSSL_STRING) *param);
const char *mime_eol = "\n";
OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
goto opthelp;
} else {
rcms = load_content_info(rctformat, rctin, NULL, "recipient",
- libctx, propq);
+ libctx, app_get0_propq());
}
break;
case OPT_CERTFILE:
goto end;
if (operation & SMIME_IP) {
- cms = load_content_info(informat, in, &indata, "SMIME", libctx, propq);
+ cms = load_content_info(informat, in, &indata, "SMIME", libctx, app_get0_propq());
if (cms == NULL)
goto end;
if (contfile != NULL) {
}
rcms = load_content_info(rctformat, rctin, NULL, "recipient", libctx,
- propq);
+ app_get0_propq());
if (rcms == NULL)
goto end;
}
ret = 3;
if (operation == SMIME_DATA_CREATE) {
- cms = CMS_data_create_ex(in, flags, libctx, propq);
+ cms = CMS_data_create_ex(in, flags, libctx, app_get0_propq());
} else if (operation == SMIME_DIGEST_CREATE) {
- cms = CMS_digest_create_ex(in, sign_md, flags, libctx, propq);
+ cms = CMS_digest_create_ex(in, sign_md, flags, libctx, app_get0_propq());
} else if (operation == SMIME_COMPRESS) {
cms = CMS_compress(in, -1, flags);
} else if (operation == SMIME_ENCRYPT) {
int i;
flags |= CMS_PARTIAL;
- cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, propq);
+ cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, app_get0_propq());
if (cms == NULL)
goto end;
for (i = 0; i < sk_X509_num(encerts); i++) {
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
- secret_keylen, flags, libctx, propq);
+ secret_keylen, flags, libctx, app_get0_propq());
} else if (operation == SMIME_SIGN_RECEIPT) {
CMS_ContentInfo *srcms = NULL;
flags |= CMS_STREAM;
}
flags |= CMS_PARTIAL;
- cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
+ cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
if (cms == NULL)
goto end;
if (econtent_type != NULL)
CMS_set1_eContentType(cms, econtent_type);
if (rr_to != NULL) {
- rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx,
- propq);
+ rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx);
if (rr == NULL) {
BIO_puts(bio_err,
"Signed Receipt Request Creation Error\n");
static CMS_ReceiptRequest *make_receipt_request(
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
STACK_OF(OPENSSL_STRING) *rr_from,
- OSSL_LIB_CTX *libctx, const char *propq)
+ OSSL_LIB_CTX *libctx)
{
STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
rct_from = NULL;
}
rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
- rct_to, libctx, propq);
+ rct_to, libctx, app_get0_propq());
return rr;
err:
sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int private = 0;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
prog = opt_init(argc, argv, genpkey_options);
while ((o = opt_next()) != OPT_EOF) {
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
- if (!init_keygen_file(&ctx, opt_arg(), e, libctx, propq))
+ if (!init_keygen_file(&ctx, opt_arg(), e, libctx, app_get0_propq()))
goto end;
break;
case OPT_ALGORITHM:
- if (!init_gen_str(&ctx, opt_arg(), e, do_param, libctx, propq))
+ if (!init_gen_str(&ctx, opt_arg(), e, do_param, libctx, app_get0_propq()))
goto end;
break;
case OPT_PKEYOPT:
void app_providers_cleanup(void);
OSSL_LIB_CTX *app_get0_libctx(void);
+int app_set_propq(const char *arg);
const char *app_get0_propq(void);
#endif
*/
# define OPT_PROV_ENUM \
OPT_PROV__FIRST=1600, \
- OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \
+ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \
OPT_PROV__LAST
# define OPT_CONFIG_OPTION \
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
{ "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
- { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }
+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \
+ { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
case OPT_PROV_PROVIDER: \
- case OPT_PROV_PROVIDER_PATH
+ case OPT_PROV_PROVIDER_PATH: \
+ case OPT_PROV_PROPQUERY
/*
* Option parsing.
return app_provider_load(app_get0_libctx(), opt_arg());
case OPT_PROV_PROVIDER_PATH:
return opt_provider_path(opt_arg());
+ case OPT_PROV_PROPQUERY:
+ return app_set_propq(opt_arg());
}
return 0;
}
return app_libctx;
}
-/* TODO(3.0): Make this an environment variable if required */
+static const char *app_propq = NULL;
+
+int app_set_propq(const char *arg)
+{
+ app_propq = arg;
+ return 1;
+}
+
const char *app_get0_propq(void)
{
- return NULL;
+ return app_propq;
}
OSSL_LIB_CTX *app_create_libctx(void)
if (argc != 1)
goto opthelp;
- mac = EVP_MAC_fetch(NULL, argv[0], NULL);
+ mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq());
if (mac == NULL) {
BIO_printf(bio_err, "Invalid MAC name %s\n", argv[0]);
goto opthelp;
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
if (in == NULL)
goto end;
- p7 = PKCS7_new_ex(libctx, propq);
+ p7 = PKCS7_new_ex(libctx, app_get0_propq());
if (p7 == NULL) {
BIO_printf(bio_err, "unable to allocate PKCS7 object\n");
ERR_print_errors(bio_err);
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e,
const int impl, int rawin, EVP_PKEY **ppkey,
- OSSL_LIB_CTX *libctx, const char *propq);
+ OSSL_LIB_CTX *libctx);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e);
const EVP_MD *md = NULL;
int filesize = -1;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = NULL;
prog = opt_init(argc, argv, pkeyutl_options);
while ((o = opt_next()) != OPT_EOF) {
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
passinarg, pkey_op, e, engine_impl, rawin, &pkey,
- libctx, propq);
+ libctx);
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
ERR_print_errors(bio_err);
char *passinarg, int pkey_op, ENGINE *e,
const int engine_impl, int rawin,
EVP_PKEY **ppkey,
- OSSL_LIB_CTX *libctx, const char *propq)
+ OSSL_LIB_CTX *libctx)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
+
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
if (impl != NULL)
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
else
- ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
+ ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, app_get0_propq());
} else {
if (pkey == NULL)
goto end;
if (impl != NULL)
ctx = EVP_PKEY_CTX_new(pkey, impl);
else
- ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
+ ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, app_get0_propq());
if (ppkey != NULL)
*ppkey = pkey;
EVP_PKEY_free(pkey);
ENGINE *e = NULL;
const char *mime_eol = "\n";
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
if (operation & SMIME_IP) {
PKCS7 *p7_in = NULL;
- p7 = PKCS7_new_ex(libctx, propq);
+ p7 = PKCS7_new_ex(libctx, app_get0_propq());
if (p7 == NULL) {
BIO_printf(bio_err, "Error allocating PKCS7 object\n");
goto end;
if (operation == SMIME_ENCRYPT) {
if (indef)
flags |= PKCS7_STREAM;
- p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, propq);
+ p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, app_get0_propq());
} else if (operation & SMIME_SIGNERS) {
int i;
/*
flags |= PKCS7_STREAM;
}
flags |= PKCS7_PARTIAL;
- p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
+ p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
if (p7 == NULL)
goto end;
if (flags & PKCS7_NOCERTS) {
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int expected, int criterion, OSSL_STORE_SEARCH *search,
int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx, const char *propq);
+ const char *prog, OSSL_LIB_CTX *libctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
OSSL_STORE_SEARCH *search = NULL;
const EVP_MD *digest = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
- const char *propq = app_get0_propq();
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
ret = process(argv[0], get_ui_method(), &pw_cb_data,
expected, criterion, search,
- text, noout, recursive, 0, out, prog, libctx, propq);
+ text, noout, recursive, 0, out, prog, libctx);
end:
OPENSSL_free(fingerprint);
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int expected, int criterion, OSSL_STORE_SEARCH *search,
int text, int noout, int recursive, int indent, BIO *out,
- const char *prog, OSSL_LIB_CTX *libctx, const char *propq)
+ const char *prog, OSSL_LIB_CTX *libctx)
{
OSSL_STORE_CTX *store_ctx = NULL;
int ret = 1, items = 0;
- if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, propq, uimeth, uidata,
+ if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
ret += process(suburi, uimeth, uidata,
expected, criterion, search,
text, noout, recursive, indent + 2, out, prog,
- libctx, propq);
+ libctx);
}
break;
case OSSL_STORE_INFO_PARAMS:
-key pkcs11:object=some-private-key;pin-value=1234
+=head2 Provider Options
+
+=over 4
+
+=item B<-provider> I<name>
+
+Load and initialize the provider identified by I<name>.
+
+=item B<-provider-path> I<path>
+
+Specifies the search path that is to be used for looking for providers.
+
+=item B<-propquery> I<propq>
+
+Specifies the I<property query clause> to be used when fetching algorithms
+from the loaded providers.
+See L<property(7)> for a more detailed description.
+
+=back
+
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the
# Provider options
$OpenSSL::safe::opt_provider_synopsis = ""
. "[B<-provider> I<name>]\n"
-. "[B<-provider-path> I<path>]";
+. "[B<-provider-path> I<path>]\n"
+. "[B<-propquery> I<propq>]";
$OpenSSL::safe::opt_provider_item = ""
. "=item B<-provider> I<name>\n"
. "\n"
. "=item B<-provider-path> I<path>\n"
. "\n"
+. "=item B<-propquery> I<propq>\n"
+. "\n"
. "See L<openssl(1)/Provider Options>.";
# Configuration option
plan tests =>
($no_fips ? 0 : 2) # FIPS install test + fips related test
- + 12;
+ + 13;
# We want to know that an absurdly small number of bits isn't support
if (disabled("deprecated-3.0")) {
'-pkeyopt', 'e:65538',
'-out', 'genrsatest.pem' ])),
"genpkey with a even public exponent should fail");
+ok(!run(app([ 'openssl', 'genpkey', '-propquery', 'unknown',
+ '-algorithm', 'RSA' ])),
+ "genpkey requesting unknown=yes property should fail");
SKIP: {
input => '00',
err => 'EVP_MAC_Init',
desc => 'KMAC128 Fail no key' },
+ { cmd => [qw{openssl mac -propquery unknown -macopt hexkey:404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F}],
+ type => 'KMAC128',
+ input => '00',
+ err => 'Invalid MAC name KMAC128',
+ desc => 'KMAC128 Fail unknown property' },
);
my @siphash_fail_tests = (
projects / thirdparty / openssl.git / commitdiff
