char def_dgst[80] = "";
char *dgst = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
- int certformat = FORMAT_PEM, informat = FORMAT_PEM;
+ int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF;
const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
char *passin = NULL;
size_t outdirlen = 0;
int create_ser = 0, free_passin = 0, total = 0, total_done = 0;
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
- int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0;
+ int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int rand_ser = 0, i, j, selfsign = 0, def_ret;
char *crl_lastupdate = NULL, *crl_nextupdate = NULL;
&& (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
goto end;
- x509 = load_cert_pass(certfile, 1, passin, "CA certificate");
+ x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate");
if (x509 == NULL)
goto end;
} else {
X509 *revcert;
- revcert = load_cert_pass(infile, 1, passin,
+ revcert = load_cert_pass(infile, informat, 1, passin,
"certificate to be revoked");
if (revcert == NULL)
goto end;
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((template_cert = load_cert_pass(infile, 1, passin,
+ if ((template_cert = load_cert_pass(infile, certformat, 1, passin,
"template certificate")) == NULL)
goto end;
if (verbose)
/* credentials format */
static char *opt_certform_s = "PEM";
static int opt_certform = FORMAT_PEM;
-static char *opt_keyform_s = "PEM";
-static int opt_keyform = FORMAT_PEM;
+static char *opt_keyform_s = NULL;
+static int opt_keyform = FORMAT_UNDEF;
static char *opt_otherpass = NULL;
static char *opt_engine = NULL;
X509 *cert;
char *pass_string = get_passwd(pass, desc);
- cert = load_cert_pass(uri, 0, pass_string, desc);
+ cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc);
clear_free(pass_string);
return cert;
}
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
- int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+ int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
size_t secret_keylen = 0, secret_keyidlen = 0;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
unsigned char *secret_key = NULL, *secret_keyid = NULL;
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
- cert = load_cert(opt_arg(), "recipient certificate file");
+ cert = load_cert(opt_arg(), FORMAT_UNDEF,
+ "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if ((cert = load_cert(*argv, "recipient certificate file")) == NULL)
+ if ((cert = load_cert(*argv, FORMAT_UNDEF,
+ "recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile,
+ if ((recip = load_cert(recipfile, FORMAT_UNDEF,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (originatorfile != NULL) {
- if ((originator = load_cert(originatorfile,
+ if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
"originator certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(signerfile,
+ if ((signer = load_cert(signerfile, FORMAT_UNDEF,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL) {
ret = 2;
goto end;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
int i;
if (!opt_md(digestname, &digest))
goto opthelp;
}
- x = load_crl(infile, 1, "CRL");
+ x = load_crl(infile, informat, 1, "CRL");
if (x == NULL)
goto end;
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
- newcrl = load_crl(crldiff, 0, "other CRL");
+ newcrl = load_crl(crldiff, informat, 0, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
const char *sigfile = NULL;
const char *md_name = NULL;
OPTION_CHOICE o;
- int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+ int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
int modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
int private = 0;
EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
int numbits = -1, num = 0, genkey = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0;
int ret = 1, i, text = 0, private = 0;
char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
goto end;
}
} else {
- params = load_keyparams(infile, 1, "DSA", "DSA parameters");
+ params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
}
if (params == NULL) {
/* Error message should already have been displayed */
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
int check = 0;
char *asn1_encoding = NULL;
goto end;
}
} else {
- params_key = load_keyparams(infile, 1, "EC", "EC parameters");
+ params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
goto end;
if (point_format
goto end;
}
- pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
+ pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters");
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509_REQ *load_csr(const char *file, int format, const char *desc);
-X509 *load_cert_pass(const char *uri, int maybe_stdin,
+X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc);
-#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
-X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc);
+#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
+X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
+ const char *desc);
void cleanse(char *str);
void clear_free(char *str);
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
- const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
+ const char *keytype, const char *desc);
char *next_item(char *opt); /* in list separated by comma and/or space */
int load_cert_certs(const char *uri,
X509 **pcert, STACK_OF(X509) **pcerts,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc);
-int load_key_certs_crls(const char *uri, int maybe_stdin,
+int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
-int load_key_cert_crl(const char *uri, int maybe_stdin,
+int load_key_cert_crl(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
X509 **pcert, X509_CRL **pcrl);
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/store.h>
+#include <openssl/core_names.h>
#include "s_apps.h"
#include "apps.h"
#define IS_HTTPS(uri) ((uri) != NULL \
&& strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
-X509 *load_cert_pass(const char *uri, int maybe_stdin,
+X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc)
{
X509 *cert = NULL;
else if (IS_HTTP(uri))
cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */);
else
- (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
+ (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
NULL, NULL, NULL, &cert, NULL, NULL, NULL);
if (cert == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
return cert;
}
-X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
+X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
+ const char *desc)
{
X509_CRL *crl = NULL;
else if (IS_HTTP(uri))
crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
else
- (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+ (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
NULL, NULL, NULL, NULL, NULL, &crl, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
X509_REQ *req = NULL;
BIO *in;
+ if (format == FORMAT_UNDEF)
+ format = FORMAT_PEM;
if (desc == NULL)
desc = "CSR";
in = bio_open_default(file, 'r', format);
if (format == FORMAT_ENGINE) {
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
- (void)load_key_certs_crls(uri, may_stdin, pass, desc,
+ (void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
&pkey, NULL, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
if (format == FORMAT_ENGINE) {
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
- (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
+ (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
- const char *desc)
+EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
+ const char *keytype, const char *desc)
{
EVP_PKEY *params = NULL;
if (desc == NULL)
desc = "key parameters";
- (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+ (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
NULL, NULL, ¶ms, NULL, NULL, NULL, NULL);
if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
BIO_printf(bio_err,
return ret;
}
pass_string = get_passwd(pass, desc);
- ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
+ ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc,
+ NULL, NULL, NULL,
pcert, pcerts, NULL, NULL);
clear_free(pass_string);
const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
- int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
+ int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin,
+ pass, desc, NULL, NULL,
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
const char *pass, const char *desc)
{
int was_NULL = *crls == NULL;
- int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
+ int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc,
+ NULL, NULL, NULL,
NULL, NULL, NULL, crls);
if (!ret && was_NULL) {
return ret;
}
+static const char *format2string(int format)
+{
+ switch(format) {
+ case FORMAT_PEM:
+ return "PEM";
+ case FORMAT_ASN1:
+ return "DER";
+ }
+ return NULL;
+}
+
/* Set type expectation, but clear it if objects of different types expected. */
#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
/*
* In any case (also on error) the caller is responsible for freeing all members
* of *pcerts and *pcrls (as far as they are not NULL).
*/
-int load_key_certs_crls(const char *uri, int maybe_stdin,
+int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
EVP_PKEY **pparams,
pcrls != NULL ? "CRLs" : NULL;
int cnt_expectations = 0;
int expect = -1;
+ const char *input_type;
+ OSSL_PARAM itp[2];
+ const OSSL_PARAM *params = NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL) {
uidata.password = pass;
uidata.prompt_info = uri;
+ if ((input_type = format2string(format)) != NULL) {
+ itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
+ (char *)input_type, 0);
+ itp[1] = OSSL_PARAM_construct_end();
+ params = itp;
+ }
+
if (uri == NULL) {
BIO *bio;
bio = BIO_new_fp(stdin, 0);
if (bio != NULL) {
ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
- get_ui_method(), &uidata, NULL, NULL);
+ get_ui_method(), &uidata, params,
+ NULL, NULL);
BIO_free(bio);
}
} else {
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
- NULL, NULL);
+ params, NULL, NULL);
}
if (ctx == NULL) {
BIO_printf(bio_err, "Could not open file or uri for loading");
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
urlptr = get_dp_url(dp);
if (urlptr != NULL)
- return load_crl(urlptr, 0, "CRL via CDP");
+ return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP");
}
return NULL;
}
BIO_printf(bio_err, "Missing filename\n");
return 0;
}
- exc->cert = load_cert(exc->certfile, "Server Certificate");
+ exc->cert = load_cert(exc->certfile, exc->certform,
+ "Server Certificate");
if (exc->cert == NULL)
return 0;
if (exc->keyfile != NULL) {
path = opt_arg();
break;
case OPT_ISSUER:
- issuer = load_cert(opt_arg(), "issuer certificate");
+ issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
break;
case OPT_CERT:
X509_free(cert);
- cert = load_cert(opt_arg(), "certificate");
+ cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
if (rsignfile != NULL) {
if (rkeyfile == NULL)
rkeyfile = rsignfile;
- rsigner = load_cert(rsignfile, "responder certificate");
+ rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate");
if (rsigner == NULL) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL,
+ rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
"responder private key");
if (rkey == NULL)
goto end;
if (signfile != NULL) {
if (keyfile == NULL)
keyfile = signfile;
- signer = load_cert(signfile, "signer certificate");
+ signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
"signer certificates"))
goto end;
}
- key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
+ key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
"signer private key");
if (key == NULL)
goto end;
char *passin = NULL, *passout = NULL, *p8pass = NULL;
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
int private = 0, traditional = 0;
#ifndef OPENSSL_NO_SCRYPT
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
if ((pbe_nid == -1) && cipher == NULL)
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
- in = bio_open_default(infile, 'r', informat);
+ in = bio_open_default(infile, 'r',
+ informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
}
if (nocrypt) {
- if (informat == FORMAT_PEM) {
+ if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
goto end;
}
} else {
- if (informat == FORMAT_PEM) {
+ if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8 = d2i_PKCS8_bio(in, NULL);
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
OPTION_CHOICE o;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
#ifndef OPENSSL_NO_EC
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o;
- int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+ int buf_inlen = 0, siglen = -1;
+ int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
break;
case KEY_CERT:
- x = load_cert(keyfile, "Certificate");
+ x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
int days = UNSET_DAYS;
int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0;
int pkey_type = -1;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0;
int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
long newkey_len = -1;
BIO_printf(bio_err,
"Ignoring -CAkey option since no -CA option is given\n");
} else {
- if ((CAkey = load_key(CAkeyfile, FORMAT_PEM,
+ if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
0, passin, e, "issuer private key")) == NULL)
goto end;
}
"Need to give the -CAkey option if using -CA\n");
goto end;
}
- if ((CAcert = load_cert_pass(CAfile, 1, passin,
+ if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
"issuer certificate")) == NULL)
goto end;
if (!X509_check_private_key(CAcert, CAkey)) {
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
int private = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
OPTION_CHOICE o;
}
if (pubin) {
- int tmpformat = -1;
+ int tmpformat = FORMAT_UNDEF;
if (pubin == 2) {
if (informat == FORMAT_PEM)
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
size_t rsa_inlen, rsa_outlen = 0;
- int keyformat = FORMAT_PEM, keysize, ret = 1, rv;
+ int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv;
int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
OPTION_CHOICE o;
break;
case KEY_CERT:
- x = load_cert(keyfile, "Certificate");
+ x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
- int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
- int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+ int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF;
+ int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0;
int prexit = 0;
int sdebug = 0;
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0;
int sbuf_len, sbuf_off, cmdletters = 1;
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
- int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+ int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
int at_eof = 0;
}
if (cert_file != NULL) {
- cert = load_cert_pass(cert_file, 1, pass, "client certificate");
+ cert = load_cert_pass(cert_file, cert_format, 1, pass,
+ "client certificate");
if (cert == NULL)
goto end;
}
if (crl_file != NULL) {
X509_CRL *crl;
- crl = load_crl(crl_file, 0, "CRL");
+ crl = load_crl(crl_file, crl_format, 0, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
int no_dhe = 0;
int nocert = 0, ret = 1;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
- int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
- int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ int s_cert_format = FORMAT_UNDEF, s_key_format = FORMAT_UNDEF;
+ int s_dcert_format = FORMAT_UNDEF, s_dkey_format = FORMAT_UNDEF;
int rev = 0, naccept = -1, sdebug = 0;
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
- int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+ int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0;
char *host = NULL;
char *port = OPENSSL_strdup(PORT);
unsigned char *context = NULL;
if (s_key == NULL)
goto end;
- s_cert = load_cert_pass(s_cert_file, 1, pass, "server certificate");
+ s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass,
+ "server certificate");
if (s_cert == NULL)
goto end;
if (s_key2 == NULL)
goto end;
- s_cert2 = load_cert_pass(s_cert_file2, 1, pass,
+ s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass,
"second server certificate");
if (s_cert2 == NULL)
if (crl_file != NULL) {
X509_CRL *crl;
- crl = load_crl(crl_file, 0, "CRL");
+ crl = load_crl(crl_file, crl_format, 0, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
if (s_dkey == NULL)
goto end;
- s_dcert = load_cert_pass(s_dcert_file, 1, dpass,
+ s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass,
"second server certificate");
if (s_dcert == NULL) {
EVP_PKEY *dhpkey = NULL;
if (dhfile != NULL)
- dhpkey = load_keyparams(dhfile, 0, "DH", "DH parameters");
+ dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters");
else if (s_cert_file != NULL)
- dhpkey = load_keyparams(s_cert_file, 0, "DH", "DH parameters");
+ dhpkey = load_keyparams(s_cert_file, FORMAT_UNDEF, 0, "DH", "DH parameters");
if (dhpkey != NULL) {
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
if (ctx2 != NULL) {
if (dhfile != NULL) {
- EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, 0, "DH",
+ EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, FORMAT_UNDEF,
+ 0, "DH",
"DH parameters");
if (dhpkey2 != NULL) {
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
- FORMAT_PEM;
+ FORMAT_UNDEF;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
const char *mime_eol = "\n";
if (encerts == NULL)
goto end;
while (*argv != NULL) {
- cert = load_cert(*argv, "recipient certificate file");
+ cert = load_cert(*argv, FORMAT_UNDEF,
+ "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile,
+ if ((recip = load_cert(recipfile, FORMAT_UNDEF,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
char *spkstr = NULL, *prog;
const char *spkac = "SPKAC", *spksect = "default";
int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
- int keyformat = FORMAT_PEM;
+ int keyformat = FORMAT_UNDEF;
OPTION_CHOICE o;
prog = opt_init(argc, argv, spkac_options);
int ret = 1, items = 0;
if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
- NULL, NULL))
+ NULL, NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
ERR_print_errors(bio_err);
STACK_OF(X509) *chain = NULL;
int num_untrusted;
- x = load_cert(file, "certificate file");
+ x = load_cert(file, FORMAT_UNDEF, "certificate file");
if (x == NULL)
goto end;
char *prog;
int days = UNSET_DAYS; /* not explicitly set */
int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0;
- int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+ int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF;
int fingerprint = 0, reqfile = 0, checkend = 0;
- int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+ int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
int noout = 0, CA_createserial = 0, email = 0;
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
}
}
} else {
- x = load_cert_pass(infile, 1, passin, "certificate");
+ x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL)
goto end;
}
goto end;
if (CAfile != NULL) {
- xca = load_cert_pass(CAfile, 1, passin, "CA certificate");
+ xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL)
goto end;
}
return NULL;
if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
- NULL, NULL)) == NULL)
+ NULL, NULL, NULL)) == NULL)
goto err;
#ifndef OPENSSL_NO_SECURE_HEAP
# ifndef OPENSSL_NO_DEPRECATED_3_0
static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
+static int loader_set_params(OSSL_STORE_LOADER *loader,
+ OSSL_STORE_LOADER_CTX *loader_ctx,
+ const OSSL_PARAM params[], const char *propq)
+{
+ if (params != NULL) {
+ if (!loader->p_set_ctx_params(loader_ctx, params))
+ return 0;
+ }
+
+ if (propq != NULL) {
+ OSSL_PARAM propp[2];
+
+ if (OSSL_PARAM_locate_const(params,
+ OSSL_STORE_PARAM_PROPERTIES) != NULL)
+ /* use the propq from params */
+ return 1;
+
+ propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
+ (char *)propq, 0);
+ propp[1] = OSSL_PARAM_construct_end();
+
+ if (!loader->p_set_ctx_params(loader_ctx, propp))
+ return 0;
+ }
+ return 1;
+}
+
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
if (loader_ctx == NULL) {
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
- } else if (propq != NULL) {
- OSSL_PARAM params[2];
-
- params[0] = OSSL_PARAM_construct_utf8_string(
- OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
- params[1] = OSSL_PARAM_construct_end();
-
- if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
- (void)fetched_loader->p_close(loader_ctx);
- OSSL_STORE_LOADER_free(fetched_loader);
- fetched_loader = NULL;
- }
+ } else if(!loader_set_params(fetched_loader, loader_ctx,
+ params, propq)) {
+ (void)fetched_loader->p_close(loader_ctx);
+ OSSL_STORE_LOADER_free(fetched_loader);
+ fetched_loader = NULL;
}
loader = fetched_loader;
}
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
- return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
- post_process_data);
+ return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
+ post_process, post_process_data);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
|| (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
- } else if (propq != NULL) {
- OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
- NULL, 0),
- OSSL_PARAM_END
- };
-
- params[0].data = (void *)propq;
- if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
- (void)fetched_loader->p_close(loader_ctx);
- OSSL_STORE_LOADER_free(fetched_loader);
- fetched_loader = NULL;
- }
+ } else if (!loader_set_params(fetched_loader, loader_ctx,
+ params, propq)) {
+ (void)fetched_loader->p_close(loader_ctx);
+ OSSL_STORE_LOADER_free(fetched_loader);
+ fetched_loader = NULL;
}
loader = fetched_loader;
ossl_core_bio_free(cbio);
OSSL_STORE_CTX *ctx = NULL;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
- if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, NULL)) == NULL)
+ if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
+ NULL, NULL)) == NULL)
return 0;
/*
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
The given I<ui_method> and I<ui_data> will be reused by all
functions that use B<OSSL_STORE_CTX> when interaction is needed,
for instance to provide a password.
+The auxiliary B<OSSL_PARAM> parameters in I<params> can be set to further
+modify the store operation.
The given I<post_process> and I<post_process_data> will be reused by
OSSL_STORE_load() to manipulate or drop the value to be returned.
The I<post_process> function drops values by returning NULL, which
NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
OSSL_STORE_open() is similar to OSSL_STORE_open_ex() but uses NULL for
-the library context I<libctx> and property query I<propq>.
+the I<params>, the library context I<libctx> and property query I<propq>.
OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
more arguments not specified here.
/* You may want to pass properties for the provider implementation to use */
#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */
+/* OSSL_DECODER input type if a decoder is used by the store */
+#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */
# ifdef __cplusplus
}
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy.c
25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2 providers/implementations/signature/rsa.c
c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732 providers/implementations/signature/sm2sig.c
-c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd providers/implementations/storemgmt/file_store.c
+e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902 providers/implementations/storemgmt/file_store.c
291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab providers/implementations/storemgmt/file_store_der2obj.c
04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703 providers/prov_running.c
53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4 ssl/record/tls_pad.c
-b998b19b940b606688e4711014407c48c3fca4c58b2fdc60ac64c1cef94861c1 providers/fips-sources.checksums
+de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37 providers/fips-sources.checksums
*
*/
static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
- const char *input_type,
void *provctx)
{
struct file_ctx_st *ctx;
- if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL
- || (input_type != NULL
- && (ctx->_.file.input_type =
- OPENSSL_strdup(input_type)) == NULL)) {
+ if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
if (S_ISDIR(st.st_mode))
ctx = file_open_dir(path, uri, provctx);
else if ((bio = BIO_new_file(path, "rb")) == NULL
- || (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL)
+ || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
BIO_free_all(bio);
return ctx;
if (new_bio == NULL)
return NULL;
- ctx = file_open_stream(new_bio, NULL, NULL, provctx);
+ ctx = file_open_stream(new_bio, NULL, provctx);
if (ctx == NULL)
BIO_free(new_bio);
return ctx;
OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
OSSL_PARAM_END
};
return known_settable_ctx_params;
if (params == NULL)
return 1;
- p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
- if (p != NULL) {
- OPENSSL_free(ctx->_.file.propq);
- ctx->_.file.propq = NULL;
- if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
- return 0;
+ if (ctx->type != IS_DIR) {
+ /* these parameters are ignored for directories */
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
+ if (p != NULL) {
+ OPENSSL_free(ctx->_.file.propq);
+ ctx->_.file.propq = NULL;
+ if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
+ return 0;
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
+ if (p != NULL) {
+ OPENSSL_free(ctx->_.file.input_type);
+ ctx->_.file.input_type = NULL;
+ if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
+ return 0;
+ }
}
p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
&& TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing"))
&& TEST_ptr(ui_method= UI_create_method("DummyUI"))
&& TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method,
- NULL, NULL, NULL))
+ NULL, NULL, NULL, NULL))
&& TEST_false(OSSL_STORE_find(sctx, NULL))
&& TEST_true(OSSL_STORE_find(sctx, search));
UI_destroy_method(ui_method);
OSSL_STORE_INFO *info;
int ret = 0;
- ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL);
+ ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if (!TEST_ptr(ctx))
goto err;
&& TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default"))
&& TEST_ptr(bio = BIO_new_file(input, "r"))
&& TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL,
- NULL, NULL, NULL, NULL))
+ NULL, NULL, NULL, NULL, NULL))
&& TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE)
&& TEST_int_ne(ERR_GET_REASON(ERR_peek_error()),
OSSL_STORE_R_UNREGISTERED_SCHEME);