diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-30 16:57:53 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-05-06 11:43:32 +0100 |
commit | d382e79632677f2457025be3d820e08d7ea12d85 (patch) | |
tree | 3a429b630ec1cce9656ee67434324c6930c677f4 | |
parent | b86fa8c55682169c88e14e616170d6caeb208865 (diff) |
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
The input type format is enforced only in case the file
type file store is used.
By default we use FORMAT_UNDEF meaning the input type
is not enforced.
Fixes #14569
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
38 files changed, 212 insertions, 143 deletions
@@ -274,7 +274,7 @@ int ca_main(int argc, char **argv) char def_dgst[80] = ""; char *dgst = NULL, *policy = NULL, *keyfile = NULL; char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; - int certformat = FORMAT_PEM, informat = FORMAT_PEM; + int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF; const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; const char *extensions = NULL, *extfile = NULL, *passinarg = NULL; char *passin = NULL; @@ -289,7 +289,7 @@ int ca_main(int argc, char **argv) size_t outdirlen = 0; int create_ser = 0, free_passin = 0, total = 0, total_done = 0; int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; - int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0; + int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int rand_ser = 0, i, j, selfsign = 0, def_ret; char *crl_lastupdate = NULL, *crl_nextupdate = NULL; @@ -594,7 +594,7 @@ end_of_options: && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL) goto end; - x509 = load_cert_pass(certfile, 1, passin, "CA certificate"); + x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate"); if (x509 == NULL) goto end; @@ -1287,7 +1287,7 @@ end_of_options: } else { X509 *revcert; - revcert = load_cert_pass(infile, 1, passin, + revcert = load_cert_pass(infile, informat, 1, passin, "certificate to be revoked"); if (revcert == NULL) goto end; @@ -1417,7 +1417,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat, EVP_PKEY *pktmp = NULL; int ok = -1, i; - if ((template_cert = load_cert_pass(infile, 1, passin, + if ((template_cert = load_cert_pass(infile, certformat, 1, passin, "template certificate")) == NULL) goto end; if (verbose) diff --git a/apps/cmp.c b/apps/cmp.c index fdd0043311..f64cb8c813 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -131,8 +131,8 @@ static int opt_revreason = CRL_REASON_NONE; /* credentials format */ static char *opt_certform_s = "PEM"; static int opt_certform = FORMAT_PEM; -static char *opt_keyform_s = "PEM"; -static int opt_keyform = FORMAT_PEM; +static char *opt_keyform_s = NULL; +static int opt_keyform = FORMAT_UNDEF; static char *opt_otherpass = NULL; static char *opt_engine = NULL; @@ -635,7 +635,7 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) X509 *cert; char *pass_string = get_passwd(pass, desc); - cert = load_cert_pass(uri, 0, pass_string, desc); + cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc); clear_free(pass_string); return cert; } diff --git a/apps/cms.c b/apps/cms.c index e512f1d3e8..f40049edac 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -292,7 +292,7 @@ int cms_main(int argc, char **argv) int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1; - int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; + int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF; size_t secret_keylen = 0, secret_keyidlen = 0; unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; unsigned char *secret_key = NULL, *secret_keyid = NULL; @@ -611,7 +611,8 @@ int cms_main(int argc, char **argv) if (operation == SMIME_ENCRYPT) { if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) goto end; - cert = load_cert(opt_arg(), "recipient certificate file"); + cert = load_cert(opt_arg(), FORMAT_UNDEF, + "recipient certificate file"); if (cert == NULL) goto end; sk_X509_push(encerts, cert); @@ -810,7 +811,8 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if ((cert = load_cert(*argv, "recipient certificate file")) == NULL) + if ((cert = load_cert(*argv, FORMAT_UNDEF, + "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); cert = NULL; @@ -826,7 +828,7 @@ int cms_main(int argc, char **argv) } if (recipfile != NULL && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, + if ((recip = load_cert(recipfile, FORMAT_UNDEF, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -834,7 +836,7 @@ int cms_main(int argc, char **argv) } if (originatorfile != NULL) { - if ((originator = load_cert(originatorfile, + if ((originator = load_cert(originatorfile, FORMAT_UNDEF, "originator certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -842,7 +844,7 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(signerfile, + if ((signer = load_cert(signerfile, FORMAT_UNDEF, "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -1048,7 +1050,7 @@ int cms_main(int argc, char **argv) signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, "signer certificate"); + signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); if (signer == NULL) { ret = 2; goto end; diff --git a/apps/crl.c b/apps/crl.c index 8f1babde6f..8904cc08c7 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -88,7 +88,7 @@ int crl_main(int argc, char **argv) const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog; OPTION_CHOICE o; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; + int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF; int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0; int i; @@ -211,7 +211,7 @@ int crl_main(int argc, char **argv) if (!opt_md(digestname, &digest)) goto opthelp; } - x = load_crl(infile, 1, "CRL"); + x = load_crl(infile, informat, 1, "CRL"); if (x == NULL) goto end; @@ -256,7 +256,7 @@ int crl_main(int argc, char **argv) BIO_puts(bio_err, "Missing CRL signing key\n"); goto end; } - newcrl = load_crl(crldiff, 0, "other CRL"); + newcrl = load_crl(crldiff, informat, 0, "other CRL"); if (!newcrl) goto end; pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key"); diff --git a/apps/dgst.c b/apps/dgst.c index fcc7fc8679..15f9e2e685 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -105,7 +105,7 @@ int dgst_main(int argc, char **argv) const char *sigfile = NULL; const char *md_name = NULL; OPTION_CHOICE o; - int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0; + int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0; int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; int xoflen = 0; unsigned char *buf = NULL, *sigbuf = NULL; diff --git a/apps/dsa.c b/apps/dsa.c index c00673a8ac..abb422132a 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -83,7 +83,7 @@ int dsa_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; + int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0; int modulus = 0, pubin = 0, pubout = 0, ret = 1; int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; int private = 0; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index c78d28ecb1..d7fb736b98 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -69,7 +69,7 @@ int dsaparam_main(int argc, char **argv) EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; int numbits = -1, num = 0, genkey = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0; + int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0; int ret = 1, i, text = 0, private = 0; char *infile = NULL, *outfile = NULL, *prog; OPTION_CHOICE o; @@ -181,7 +181,7 @@ int dsaparam_main(int argc, char **argv) goto end; } } else { - params = load_keyparams(infile, 1, "DSA", "DSA parameters"); + params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters"); } if (params == NULL) { /* Error message should already have been displayed */ @@ -73,7 +73,7 @@ int ec_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; + int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0; int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0; int check = 0; char *asn1_encoding = NULL; diff --git a/apps/ecparam.c b/apps/ecparam.c index e9e36d1d8b..a801ad69bf 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -240,7 +240,7 @@ int ecparam_main(int argc, char **argv) goto end; } } else { - params_key = load_keyparams(infile, 1, "EC", "EC parameters"); + params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters"); if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC")) goto end; if (point_format diff --git a/apps/gendsa.c b/apps/gendsa.c index 6d1c91d230..f4bd0fe09e 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -121,7 +121,7 @@ int gendsa_main(int argc, char **argv) goto end; } - pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters"); + pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters"); out = bio_open_owner(outfile, FORMAT_PEM, private); if (out == NULL) diff --git a/apps/include/apps.h b/apps/include/apps.h index a8556b8132..207ed41bc7 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -108,18 +108,19 @@ char *get_passwd(const char *pass, const char *desc); int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); X509_REQ *load_csr(const char *file, int format, const char *desc); -X509 *load_cert_pass(const char *uri, int maybe_stdin, +X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc); -#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc) -X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc); +#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) +X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, + const char *desc); void cleanse(char *str); void clear_free(char *str); EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); -EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype, - const char *desc); +EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc); char *next_item(char *opt); /* in list separated by comma and/or space */ int load_cert_certs(const char *uri, X509 **pcert, STACK_OF(X509) **pcerts, @@ -133,13 +134,13 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, const char *pass, const char *desc); int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc); -int load_key_certs_crls(const char *uri, int maybe_stdin, +int load_key_certs_crls(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); -int load_key_cert_crl(const char *uri, int maybe_stdin, +int load_key_cert_crl(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, X509 **pcert, X509_CRL **pcrl); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index bfd938b555..f0a9ffc93a 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -38,6 +38,7 @@ #include <openssl/bn.h> #include <openssl/ssl.h> #include <openssl/store.h> +#include <openssl/core_names.h> #include "s_apps.h" #include "apps.h" @@ -478,7 +479,7 @@ CONF *app_load_config_modules(const char *configfile) #define IS_HTTPS(uri) ((uri) != NULL \ && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0) -X509 *load_cert_pass(const char *uri, int maybe_stdin, +X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc) { X509 *cert = NULL; @@ -490,7 +491,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, else if (IS_HTTP(uri)) cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */); else - (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, NULL, NULL, NULL, &cert, NULL, NULL, NULL); if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -499,7 +500,8 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, return cert; } -X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc) +X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, + const char *desc) { X509_CRL *crl = NULL; @@ -510,7 +512,7 @@ X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc) else if (IS_HTTP(uri)) crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */); else - (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, NULL, NULL, NULL, NULL, NULL, &crl, NULL); if (crl == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -524,6 +526,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) X509_REQ *req = NULL; BIO *in; + if (format == FORMAT_UNDEF) + format = FORMAT_PEM; if (desc == NULL) desc = "CSR"; in = bio_open_default(file, 'r', format); @@ -570,7 +574,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin, if (format == FORMAT_ENGINE) { uri = allocated_uri = make_engine_uri(e, uri, desc); } - (void)load_key_certs_crls(uri, may_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, &pkey, NULL, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); @@ -589,22 +593,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, if (format == FORMAT_ENGINE) { uri = allocated_uri = make_engine_uri(e, uri, desc); } - (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, NULL, &pkey, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; } -EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype, - const char *desc) +EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc) { EVP_PKEY *params = NULL; if (desc == NULL) desc = "key parameters"; - (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { BIO_printf(bio_err, @@ -698,7 +702,8 @@ int load_cert_certs(const char *uri, return ret; } pass_string = get_passwd(pass, desc); - ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL, + ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc, + NULL, NULL, NULL, pcert, pcerts, NULL, NULL); clear_free(pass_string); @@ -800,7 +805,8 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, const char *pass, const char *desc) { int was_NULL = *certs == NULL; - int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL, + int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin, + pass, desc, NULL, NULL, NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { @@ -818,7 +824,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc) { int was_NULL = *crls == NULL; - int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL, + int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc, + NULL, NULL, NULL, NULL, NULL, NULL, crls); if (!ret && was_NULL) { @@ -828,6 +835,17 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, return ret; } +static const char *format2string(int format) +{ + switch(format) { + case FORMAT_PEM: + return "PEM"; + case FORMAT_ASN1: + return "DER"; + } + return NULL; +} + /* Set type expectation, but clear it if objects of different types expected. */ #define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0); /* @@ -843,7 +861,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, * In any case (also on error) the caller is responsible for freeing all members * of *pcerts and *pcrls (as far as they are not NULL). */ -int load_key_certs_crls(const char *uri, int maybe_stdin, +int load_key_certs_crls(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, EVP_PKEY **pparams, @@ -863,6 +881,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, pcrls != NULL ? "CRLs" : NULL; int cnt_expectations = 0; int expect = -1; + const char *input_type; + OSSL_PARAM itp[2]; + const OSSL_PARAM *params = NULL; /* TODO make use of the engine reference 'eng' when loading pkeys */ if (ppkey != NULL) { @@ -915,6 +936,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, uidata.password = pass; uidata.prompt_info = uri; + if ((input_type = format2string(format)) != NULL) { + itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, + (char *)input_type, 0); + itp[1] = OSSL_PARAM_construct_end(); + params = itp; + } + if (uri == NULL) { BIO *bio; @@ -927,12 +955,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, bio = BIO_new_fp(stdin, 0); if (bio != NULL) { ctx = OSSL_STORE_attach(bio, "file", libctx, propq, - get_ui_method(), &uidata, NULL, NULL); + get_ui_method(), &uidata, params, + NULL, NULL); BIO_free(bio); } } else { ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, - NULL, NULL); + params, NULL, NULL); } if (ctx == NULL) { BIO_printf(bio_err, "Could not open file or uri for loading"); @@ -2322,7 +2351,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) DIST_POINT *dp = sk_DIST_POINT_value(crldp, i); urlptr = get_dp_url(dp); if (urlptr != NULL) - return load_crl(urlptr, 0, "CRL via CDP"); + return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP"); } return NULL; } diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 6824567c70..0bb4b6c436 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1019,7 +1019,8 @@ int load_excert(SSL_EXCERT **pexc) BIO_printf(bio_err, "Missing filename\n"); return 0; } - exc->cert = load_cert(exc->certfile, "Server Certificate"); + exc->cert = load_cert(exc->certfile, exc->certform, + "Server Certificate"); if (exc->cert == NULL) return 0; if (exc->keyfile != NULL) { diff --git a/apps/ocsp.c b/apps/ocsp.c index d59cd1eb59..355b4127c8 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -402,7 +402,7 @@ int ocsp_main(int argc, char **argv) path = opt_arg(); break; case OPT_ISSUER: - issuer = load_cert(opt_arg(), "issuer certificate"); + issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate"); if (issuer == NULL) goto end; if (issuers == NULL) { @@ -414,7 +414,7 @@ int ocsp_main(int argc, char **argv) break; case OPT_CERT: X509_free(cert); - cert = load_cert(opt_arg(), "certificate"); + cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate"); if (cert == NULL) goto end; if (cert_id_md == NULL) @@ -565,7 +565,7 @@ int ocsp_main(int argc, char **argv) if (rsignfile != NULL) { if (rkeyfile == NULL) rkeyfile = rsignfile; - rsigner = load_cert(rsignfile, "responder certificate"); + rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate"); if (rsigner == NULL) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; @@ -581,7 +581,7 @@ int ocsp_main(int argc, char **argv) BIO_printf(bio_err, "Error getting password\n"); goto end; } - rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL, + rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL, "responder private key"); if (rkey == NULL) goto end; @@ -661,7 +661,7 @@ redo_accept: if (signfile != NULL) { if (keyfile == NULL) keyfile = signfile; - signer = load_cert(signfile, "signer certificate"); + signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate"); if (signer == NULL) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; @@ -671,7 +671,7 @@ redo_accept: "signer certificates")) goto end; } - key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL, + key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL, "signer private key"); if (key == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index d7cb2d6672..6b09b909eb 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -83,7 +83,7 @@ int pkcs8_main(int argc, char **argv) char *passin = NULL, *passout = NULL, *p8pass |