diff options
Diffstat (limited to 'apps/lib/apps.c')
-rw-r--r-- | apps/lib/apps.c | 61 |
1 files changed, 45 insertions, 16 deletions
diff --git a/apps/lib/apps.c b/apps/lib/apps.c index bfd938b555..f0a9ffc93a 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -38,6 +38,7 @@ #include <openssl/bn.h> #include <openssl/ssl.h> #include <openssl/store.h> +#include <openssl/core_names.h> #include "s_apps.h" #include "apps.h" @@ -478,7 +479,7 @@ CONF *app_load_config_modules(const char *configfile) #define IS_HTTPS(uri) ((uri) != NULL \ && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0) -X509 *load_cert_pass(const char *uri, int maybe_stdin, +X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc) { X509 *cert = NULL; @@ -490,7 +491,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, else if (IS_HTTP(uri)) cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */); else - (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, NULL, NULL, NULL, &cert, NULL, NULL, NULL); if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -499,7 +500,8 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, return cert; } -X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc) +X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, + const char *desc) { X509_CRL *crl = NULL; @@ -510,7 +512,7 @@ X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc) else if (IS_HTTP(uri)) crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */); else - (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, NULL, NULL, NULL, NULL, NULL, &crl, NULL); if (crl == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -524,6 +526,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc) X509_REQ *req = NULL; BIO *in; + if (format == FORMAT_UNDEF) + format = FORMAT_PEM; if (desc == NULL) desc = "CSR"; in = bio_open_default(file, 'r', format); @@ -570,7 +574,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin, if (format == FORMAT_ENGINE) { uri = allocated_uri = make_engine_uri(e, uri, desc); } - (void)load_key_certs_crls(uri, may_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, &pkey, NULL, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); @@ -589,22 +593,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, if (format == FORMAT_ENGINE) { uri = allocated_uri = make_engine_uri(e, uri, desc); } - (void)load_key_certs_crls(uri, maybe_stdin, pass, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, NULL, &pkey, NULL, NULL, NULL, NULL, NULL); OPENSSL_free(allocated_uri); return pkey; } -EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype, - const char *desc) +EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc) { EVP_PKEY *params = NULL; if (desc == NULL) desc = "key parameters"; - (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc, + (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { BIO_printf(bio_err, @@ -698,7 +702,8 @@ int load_cert_certs(const char *uri, return ret; } pass_string = get_passwd(pass, desc); - ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL, + ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc, + NULL, NULL, NULL, pcert, pcerts, NULL, NULL); clear_free(pass_string); @@ -800,7 +805,8 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, const char *pass, const char *desc) { int was_NULL = *certs == NULL; - int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL, + int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin, + pass, desc, NULL, NULL, NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { @@ -818,7 +824,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, const char *pass, const char *desc) { int was_NULL = *crls == NULL; - int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL, + int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc, + NULL, NULL, NULL, NULL, NULL, NULL, crls); if (!ret && was_NULL) { @@ -828,6 +835,17 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, return ret; } +static const char *format2string(int format) +{ + switch(format) { + case FORMAT_PEM: + return "PEM"; + case FORMAT_ASN1: + return "DER"; + } + return NULL; +} + /* Set type expectation, but clear it if objects of different types expected. */ #define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0); /* @@ -843,7 +861,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, * In any case (also on error) the caller is responsible for freeing all members * of *pcerts and *pcrls (as far as they are not NULL). */ -int load_key_certs_crls(const char *uri, int maybe_stdin, +int load_key_certs_crls(const char *uri, int format, int maybe_stdin, const char *pass, const char *desc, EVP_PKEY **ppkey, EVP_PKEY **ppubkey, EVP_PKEY **pparams, @@ -863,6 +881,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, pcrls != NULL ? "CRLs" : NULL; int cnt_expectations = 0; int expect = -1; + const char *input_type; + OSSL_PARAM itp[2]; + const OSSL_PARAM *params = NULL; /* TODO make use of the engine reference 'eng' when loading pkeys */ if (ppkey != NULL) { @@ -915,6 +936,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, uidata.password = pass; uidata.prompt_info = uri; + if ((input_type = format2string(format)) != NULL) { + itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, + (char *)input_type, 0); + itp[1] = OSSL_PARAM_construct_end(); + params = itp; + } + if (uri == NULL) { BIO *bio; @@ -927,12 +955,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, bio = BIO_new_fp(stdin, 0); if (bio != NULL) { ctx = OSSL_STORE_attach(bio, "file", libctx, propq, - get_ui_method(), &uidata, NULL, NULL); + get_ui_method(), &uidata, params, + NULL, NULL); BIO_free(bio); } } else { ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, - NULL, NULL); + params, NULL, NULL); } if (ctx == NULL) { BIO_printf(bio_err, "Could not open file or uri for loading"); @@ -2322,7 +2351,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) DIST_POINT *dp = sk_DIST_POINT_value(crldp, i); urlptr = get_dp_url(dp); if (urlptr != NULL) - return load_crl(urlptr, 0, "CRL via CDP"); + return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP"); } return NULL; } |