From: Dmitry Belyavskiy Date: Thu, 25 Sep 2025 13:38:53 +0000 (+0200) Subject: Document skey decoder X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d3288746455890ac0b368f56e55ac20fcb0f2479;p=thirdparty%2Fopenssl.git Document skey decoder Reviewed-by: Neil Horman Reviewed-by: Simo Sorce (Merged from https://github.com/openssl/openssl/pull/28278) --- diff --git a/apps/enc.c b/apps/enc.c index fa8adc8970d..1c47cbd80c6 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -731,19 +731,14 @@ int enc_main(int argc, char **argv) goto end; } } else { - char *storepass = NULL; + if (skeyuri != NULL) { + char *storepass = NULL; - if (!app_passwd(storepassarg, NULL, &storepass, NULL)) { - BIO_printf(bio_err, - "Error getting store password from 'storepass' argument\n"); - } - mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(), - skeymgmt != NULL ? skeymgmt : EVP_CIPHER_name(cipher), - app_get0_propq()); - if (mgmt == NULL) - goto end; + if (!app_passwd(storepassarg, NULL, &storepass, NULL)) { + BIO_printf(bio_err, + "Error getting store password from 'storepass' argument\n"); + } - if (skeyuri != NULL) { skey = load_skey(skeyuri, FORMAT_UNDEF, 0, storepass, 0); OPENSSL_free(storepass); if (skey == NULL) { diff --git a/apps/include/apps.h b/apps/include/apps.h index b4792a6f07c..2113669f5d7 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -156,7 +156,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls. + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, EVP_SKEY **pskey); EVP_SKEY *load_skey(const char *uri, int format, int maybe_stdin, const char *pass, int quiet); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 2a36c4215ab..77c70586ec5 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -856,14 +856,14 @@ static const char *format2string(int format) SET_EXPECT(val); \ } /* Provide (error msg) text for some of the credential types to be loaded. */ -#define FAIL_NAME \ - (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" \ - : pparams != NULL ? "key parameters" \ - : pcert != NULL ? "certificate" \ - : pcerts != NULL ? "certificates" \ - : pcrl != NULL ? "CRL" \ - : pcrls != NULL ? "CRLs" \ - : pskey != NULL ? "symmetric key" : NULL \ +#define FAIL_NAME \ + (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" \ + : pparams != NULL ? "key parameters" \ + : pcert != NULL ? "certificate" \ + : pcerts != NULL ? "certificates" \ + : pcrl != NULL ? "CRL" \ + : pcrls != NULL ? "CRLs" \ + : pskey != NULL ? "symmetric key" \ : NULL) /* * Load those types of credentials for which the result pointer is not NULL. diff --git a/doc/man7/provider-decoder.pod b/doc/man7/provider-decoder.pod index d19deec4af5..a69319c233b 100644 --- a/doc/man7/provider-decoder.pod +++ b/doc/man7/provider-decoder.pod @@ -143,6 +143,11 @@ An implementation with that input type decodes MSBLOB formatted data. An implementation with that input type decodes PVK formatted data. +=item raw + +An implementation with that input type decodes the provided data as raw bytes. +This is currently used for symmetric keys. + =back =item structure