diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-26 20:40:48 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-14 17:26:49 +0100 |
| commit | 0e89b396197f75993c8d64c07b4af6aa2d97e2af (patch) | |
| tree | a79eb907eefb1c1cd5a84891564511e8e5f6879b /apps/include | |
| parent | b7cc2d2f295efc342cd46e7e59f93e0ac0472dc0 (diff) | |
apps/x509 etc.: allow private key input when public key is expected
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
Diffstat (limited to 'apps/include')
| -rw-r--r-- | apps/include/apps.h | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/apps/include/apps.h b/apps/include/apps.h index a8b63fea8d..e603d07868 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -66,8 +66,8 @@ BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); CONF *app_load_config_bio(BIO *in, const char *filename); -#define app_load_config(filename) app_load_config_internal(filename, 0) -#define app_load_config_quiet(filename) app_load_config_internal(filename, 1) +# define app_load_config(filename) app_load_config_internal(filename, 0) +# define app_load_config_quiet(filename) app_load_config_internal(filename, 1) CONF *app_load_config_internal(const char *filename, int quiet); CONF *app_load_config_verbose(const char *filename, int verbose); int app_load_modules(const CONF *config); @@ -100,7 +100,7 @@ int progress_cb(EVP_PKEY_CTX *ctx); int chopup_args(ARGS *arg, char *buf); void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); -void print_bignum_var(BIO *, const BIGNUM *, const char*, +void print_bignum_var(BIO *, const BIGNUM *, const char *, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); int set_nameopt(const char *arg); @@ -117,13 +117,14 @@ X509_REQ *load_csr(const char *file, int format, const char *desc); X509_REQ *load_csr_autofmt(const char *infile, int format, const char *desc); X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc); -#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) +# define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, const char *desc); void cleanse(char *str); void clear_free(char *str); EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); +/* first try reading public key, on failure resort to loading private key */ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, @@ -145,15 +146,11 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc); int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, + const char *pass, const char *desc, int quiet, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); -int load_key_cert_crl(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - X509 **pcert, X509_CRL **pcrl); X509_STORE *setup_verify(const char *CAfile, int noCAfile, const char *CApath, int noCApath, const char *CAstore, int noCAstore); @@ -199,10 +196,9 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, # define DB_type 0 # define DB_exp_date 1 # define DB_rev_date 2 -# define DB_serial 3 /* index - unique */ +# define DB_serial 3 /* index - unique */ # define DB_file 4 -# define DB_name 5 /* index - unique when active and not - * disabled */ +# define DB_name 5 /* index - unique when active and not disabled */ # define DB_NUMBER 6 # define DB_TYPE_REV 'R' /* Revoked */ @@ -243,8 +239,8 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); void free_index(CA_DB *db); # define index_name_cmp_noconst(a, b) \ - index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ - (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) + index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ + (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); int parse_yesno(const char *str, int def); @@ -271,12 +267,11 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, extern char *psk_key; - unsigned char *next_protos_parse(size_t *outlen, const char *in); int check_cert_attributes(BIO *bio, X509 *x, - const char *checkhost, - const char *checkemail, const char *checkip, int print); + const char *checkhost, const char *checkemail, + const char *checkip, int print); void store_setup_crl_download(X509_STORE *st); @@ -310,16 +305,16 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, # define EXT_COPY_ADD 1 # define EXT_COPY_ALL 2 -# define NETSCAPE_CERT_HDR "certificate" +# define NETSCAPE_CERT_HDR "certificate" -# define APP_PASS_LEN 1024 +# define APP_PASS_LEN 1024 /* * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits * so that the first bit will never be one, so that the DER encoding * rules won't force a leading octet. */ -# define SERIAL_RAND_BITS 159 +# define SERIAL_RAND_BITS 159 int app_isdir(const char *); int app_access(const char *, int flag); |