Browse Source

cmdline app: add provider commandline options.

Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.

Add a -provider_path option to allow the path to providers to be specified.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
master
Pauli 3 years ago
parent
commit
6bd4e3f231
97 changed files with 587 additions and 47 deletions
  1. +6
    -1
      apps/ca.c
  2. +6
    -1
      apps/ciphers.c
  3. +6
    -0
      apps/cms.c
  4. +7
    -1
      apps/crl.c
  5. +8
    -1
      apps/crl2p7.c
  6. +6
    -1
      apps/dgst.c
  7. +6
    -1
      apps/dhparam.c
  8. +7
    -1
      apps/dsa.c
  9. +6
    -1
      apps/dsaparam.c
  10. +7
    -1
      apps/ec.c
  11. +6
    -1
      apps/ecparam.c
  12. +6
    -1
      apps/enc.c
  13. +6
    -1
      apps/gendsa.c
  14. +9
    -1
      apps/genpkey.c
  15. +6
    -1
      apps/genrsa.c
  16. +19
    -0
      apps/include/opt.h
  17. +8
    -1
      apps/kdf.c
  18. +51
    -0
      apps/lib/app_provider.c
  19. +1
    -1
      apps/lib/build.info
  20. +8
    -1
      apps/list.c
  21. +8
    -1
      apps/mac.c
  22. +8
    -1
      apps/nseq.c
  23. +6
    -1
      apps/ocsp.c
  24. +6
    -1
      apps/passwd.c
  25. +6
    -1
      apps/pkcs12.c
  26. +8
    -1
      apps/pkcs7.c
  27. +6
    -1
      apps/pkcs8.c
  28. +7
    -1
      apps/pkey.c
  29. +8
    -1
      apps/pkeyparam.c
  30. +6
    -1
      apps/pkeyutl.c
  31. +8
    -1
      apps/prime.c
  32. +6
    -1
      apps/rand.c
  33. +8
    -1
      apps/rehash.c
  34. +6
    -1
      apps/req.c
  35. +8
    -1
      apps/rsa.c
  36. +6
    -1
      apps/rsautl.c
  37. +6
    -1
      apps/s_client.c
  38. +7
    -1
      apps/s_server.c
  39. +7
    -1
      apps/s_time.c
  40. +6
    -1
      apps/smime.c
  41. +6
    -1
      apps/speed.c
  42. +8
    -1
      apps/spkac.c
  43. +6
    -1
      apps/srp.c
  44. +7
    -1
      apps/storeutl.c
  45. +6
    -1
      apps/ts.c
  46. +8
    -1
      apps/verify.c
  47. +6
    -1
      apps/x509.c
  48. +39
    -3
      crypto/provider_core.c
  49. +3
    -0
      doc/man1/openssl-ca.pod.in
  50. +3
    -0
      doc/man1/openssl-ciphers.pod.in
  51. +3
    -0
      doc/man1/openssl-cms.pod.in
  52. +3
    -0
      doc/man1/openssl-crl.pod.in
  53. +3
    -0
      doc/man1/openssl-crl2pkcs7.pod.in
  54. +3
    -0
      doc/man1/openssl-dgst.pod.in
  55. +3
    -0
      doc/man1/openssl-dhparam.pod.in
  56. +3
    -0
      doc/man1/openssl-dsa.pod.in
  57. +3
    -0
      doc/man1/openssl-dsaparam.pod.in
  58. +3
    -0
      doc/man1/openssl-ec.pod.in
  59. +3
    -0
      doc/man1/openssl-ecparam.pod.in
  60. +3
    -0
      doc/man1/openssl-enc.pod.in
  61. +3
    -0
      doc/man1/openssl-gendsa.pod.in
  62. +3
    -0
      doc/man1/openssl-genpkey.pod.in
  63. +3
    -0
      doc/man1/openssl-genrsa.pod.in
  64. +3
    -0
      doc/man1/openssl-kdf.pod.in
  65. +3
    -0
      doc/man1/openssl-list.pod.in
  66. +3
    -0
      doc/man1/openssl-mac.pod.in
  67. +3
    -0
      doc/man1/openssl-nseq.pod.in
  68. +3
    -0
      doc/man1/openssl-ocsp.pod.in
  69. +3
    -0
      doc/man1/openssl-passwd.pod.in
  70. +3
    -0
      doc/man1/openssl-pkcs12.pod.in
  71. +3
    -0
      doc/man1/openssl-pkcs7.pod.in
  72. +3
    -0
      doc/man1/openssl-pkcs8.pod.in
  73. +3
    -0
      doc/man1/openssl-pkey.pod.in
  74. +3
    -0
      doc/man1/openssl-pkeyparam.pod.in
  75. +3
    -0
      doc/man1/openssl-pkeyutl.pod.in
  76. +3
    -0
      doc/man1/openssl-prime.pod.in
  77. +3
    -0
      doc/man1/openssl-rand.pod.in
  78. +4
    -0
      doc/man1/openssl-rehash.pod.in
  79. +3
    -0
      doc/man1/openssl-req.pod.in
  80. +3
    -0
      doc/man1/openssl-rsa.pod.in
  81. +3
    -0
      doc/man1/openssl-rsautl.pod.in
  82. +3
    -0
      doc/man1/openssl-s_client.pod.in
  83. +3
    -0
      doc/man1/openssl-s_server.pod.in
  84. +3
    -0
      doc/man1/openssl-s_time.pod.in
  85. +3
    -0
      doc/man1/openssl-smime.pod.in
  86. +3
    -0
      doc/man1/openssl-speed.pod.in
  87. +3
    -0
      doc/man1/openssl-spkac.pod.in
  88. +3
    -0
      doc/man1/openssl-srp.pod.in
  89. +3
    -0
      doc/man1/openssl-storeutl.pod.in
  90. +5
    -0
      doc/man1/openssl-ts.pod.in
  91. +3
    -0
      doc/man1/openssl-verify.pod.in
  92. +3
    -0
      doc/man1/openssl-x509.pod.in
  93. +20
    -0
      doc/man1/openssl.pod
  94. +9
    -0
      doc/man3/OSSL_PROVIDER.pod
  95. +11
    -0
      doc/perlvars.pm
  96. +3
    -0
      include/openssl/provider.h
  97. +1
    -0
      util/libcrypto.num

+ 6
- 1
apps/ca.c View File

@ -148,7 +148,7 @@ typedef enum OPTION_choice {
OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
OPT_RAND_SERIAL,
OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID,
OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID, OPT_PROV_ENUM,
/* Do not change the order here; see related case statements below */
OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
} OPTION_CHOICE;
@ -237,6 +237,7 @@ const OPTIONS ca_options[] = {
{"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"certreq", 0, 0, "Certificate requests to be signed (optional)"},
@ -361,6 +362,10 @@ opthelp:
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_KEY:
key = opt_arg();
break;


+ 6
- 1
apps/ciphers.c View File

@ -27,7 +27,7 @@ typedef enum OPTION_choice {
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S
OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
@ -67,6 +67,7 @@ const OPTIONS ciphers_options[] = {
#endif
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cipher", 0, 0, "Cipher string to decode (optional)"},
@ -169,6 +170,10 @@ int ciphers_main(int argc, char **argv)
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argv = opt_rest();


+ 6
- 0
apps/cms.c View File

@ -83,6 +83,7 @@ typedef enum OPTION_choice {
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE,
OPT_R_ENUM,
OPT_PROV_ENUM,
OPT_V_ENUM,
OPT_CIPHER,
OPT_ORIGINATOR
@ -220,6 +221,7 @@ const OPTIONS cms_options[] = {
OPT_R_OPTIONS,
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cert", 0, 0, "Recipient certs (optional; used only when encrypting)"},
@ -621,6 +623,10 @@ int cms_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();


+ 7
- 1
apps/crl.c View File

@ -24,7 +24,7 @@ typedef enum OPTION_choice {
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_TEXT, OPT_HASH,
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
@ -69,6 +69,7 @@ const OPTIONS crl_options[] = {
"Do not load certificates from the default certificates directory"},
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -193,6 +194,11 @@ int crl_main(int argc, char **argv)
case OPT_MD:
if (!opt_md(opt_unknown(), &digest))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 8
- 1
apps/crl2p7.c View File

@ -23,7 +23,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
@ -40,6 +41,8 @@ const OPTIONS crl2pkcs7_options[] = {
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -93,6 +96,10 @@ int crl2pkcs7_main(int argc, char **argv)
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/dgst.c View File

@ -42,7 +42,7 @@ typedef enum OPTION_choice {
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
@ -82,6 +82,7 @@ const OPTIONS dgst_options[] = {
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"file", 0, 0, "Files to digest (optional; default is stdin)"},
@ -208,6 +209,10 @@ int dgst_main(int argc, char **argv)
goto opthelp;
md = m;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/dhparam.c View File

@ -41,7 +41,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_DSAPARAM, OPT_C, OPT_2, OPT_3, OPT_5,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
@ -73,6 +73,7 @@ const OPTIONS dhparam_options[] = {
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
@ -151,6 +152,10 @@ int dhparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 7
- 1
apps/dsa.c View File

@ -35,7 +35,8 @@ typedef enum OPTION_choice {
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsa_options[] = {
@ -66,6 +67,7 @@ const OPTIONS dsa_options[] = {
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -147,6 +149,10 @@ int dsa_main(int argc, char **argv)
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/dsaparam.c View File

@ -36,7 +36,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
@ -62,6 +62,7 @@ const OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
@ -122,6 +123,10 @@ int dsaparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_NOOUT:
noout = 1;
break;


+ 7
- 1
apps/ec.c View File

@ -40,7 +40,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
OPT_NO_PUBLIC, OPT_CHECK
OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ec_options[] = {
@ -70,6 +70,8 @@ const OPTIONS ec_options[] = {
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -161,6 +163,10 @@ int ec_main(int argc, char **argv)
case OPT_CHECK:
check = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/ecparam.c View File

@ -31,7 +31,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
@ -67,6 +67,7 @@ const OPTIONS ecparam_options[] = {
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -169,6 +170,10 @@ int ecparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;


+ 6
- 1
apps/enc.c View File

@ -45,7 +45,7 @@ typedef enum OPTION_choice {
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
@ -97,6 +97,7 @@ const OPTIONS enc_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -288,6 +289,10 @@ int enc_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
if (opt_num_rest() != 0) {


+ 6
- 1
apps/gendsa.c View File

@ -31,7 +31,7 @@ NON_EMPTY_TRANSLATION_UNIT
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
@ -47,6 +47,7 @@ const OPTIONS gendsa_options[] = {
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
@ -92,6 +93,10 @@ int gendsa_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;


+ 9
- 1
apps/genpkey.c View File

@ -24,7 +24,8 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS genpkey_options[] = {
@ -46,6 +47,8 @@ const OPTIONS genpkey_options[] = {
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
OPT_PROV_OPTIONS,
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
@ -131,6 +134,11 @@ int genpkey_main(int argc, char **argv)
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
goto end;
}
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/genrsa.c View File

@ -41,7 +41,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_ENGINE,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
@ -66,6 +66,7 @@ const OPTIONS genrsa_options[] = {
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Size of key in bits"},
@ -121,6 +122,10 @@ opthelp:
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;


+ 19
- 0
apps/include/opt.h View File

@ -265,6 +265,24 @@
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Provider options.
*/
# define OPT_PROV_ENUM \
OPT_PROV__FIRST=1600, \
OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \
OPT_PROV__LAST
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
{ "provider", OPT_PROV_PROVIDER, 's', "Provder to load (can be specified multiple times)" }, \
{ "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
case OPT_PROV_PROVIDER: \
case OPT_PROV_PROVIDER_PATH
/*
* Option parsing.
*/
@ -348,6 +366,7 @@ char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
int opt_provider(int i);
void opt_help(const OPTIONS * list);
void opt_print(const OPTIONS * opt, int doingparams, int width);
int opt_format_error(const char *s, unsigned long flags);


+ 8
- 1
apps/kdf.c View File

@ -19,7 +19,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT
OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS kdf_options[] = {
@ -36,6 +37,8 @@ const OPTIONS kdf_options[] = {
{"binary", OPT_BIN, '-',
"Output in binary format (default is hexadecimal)"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"kdf_name", 0, 0, "Name of the KDF algorithm"},
{NULL}
@ -80,6 +83,10 @@ opthelp:
if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto err;
break;
}
}
argc = opt_num_rest();


+ 51
- 0
apps/lib/app_provider.c View File

@ -0,0 +1,51 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include <openssl/err.h>
#include <openssl/provider.h>
/*
* See comments in opt_verify for explanation of this.
*/
enum prov_range { OPT_PROV_ENUM };
static int opt_provider_load(const char *provider)
{
OSSL_PROVIDER *prov;
prov = OSSL_PROVIDER_load(NULL, provider);
if (prov == NULL) {
opt_printf_stderr("%s: unable to load provider %s\n",
opt_getprog(), provider);
return 0;
}
return 1;
}
static int opt_provider_path(const char *path)
{
if (path != NULL && *path == '\0')
path = NULL;
return OSSL_PROVIDER_set_default_search_path(NULL, path);
}
int opt_provider(int opt)
{
switch ((enum prov_range)opt) {
case OPT_PROV__FIRST:
case OPT_PROV__LAST:
return 1;
case OPT_PROV_PROVIDER:
return opt_provider_load(opt_arg());
case OPT_PROV_PROVIDER_PATH:
return opt_provider_path(opt_arg());
}
return 0;
}

+ 1
- 1
apps/lib/build.info View File

@ -9,7 +9,7 @@ ENDIF
# Source for libapps
$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
columns.c app_params.c names.c
columns.c app_params.c names.c app_provider.c
IF[{- !$disabled{apps} -}]
LIBS{noinst}=../libapps.a


+ 8
- 1
apps/list.c View File

@ -617,7 +617,8 @@ typedef enum HELPLIST_CHOICE {
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED,
OPT_KDF_ALGORITHMS, OPT_MISSING_HELP, OPT_OBJECTS
OPT_KDF_ALGORITHMS, OPT_MISSING_HELP, OPT_OBJECTS,
OPT_PROV_ENUM
} HELPLIST_CHOICE;
const OPTIONS list_options[] = {
@ -655,6 +656,8 @@ const OPTIONS list_options[] = {
"List options for specified command"},
{"objects", OPT_OBJECTS, '-',
"List built in objects (OID<->name mappings)"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -741,6 +744,10 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
return 1;
break;
}
done = 1;
}


+ 8
- 1
apps/mac.c View File

@ -21,7 +21,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT
OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS mac_options[] = {
@ -40,6 +41,8 @@ const OPTIONS mac_options[] = {
{"binary", OPT_BIN, '-',
"Output in binary format (default is hexadecimal)"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"mac_name", 0, 0, "MAC algorithm"},
{NULL}
@ -89,6 +92,10 @@ opthelp:
if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto err;
break;
}
}
argc = opt_num_rest();


+ 8
- 1
apps/nseq.c View File

@ -16,7 +16,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_TOSEQ, OPT_IN, OPT_OUT
OPT_TOSEQ, OPT_IN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS nseq_options[] = {
@ -29,6 +30,8 @@ const OPTIONS nseq_options[] = {
OPT_SECTION("Output"),
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
{"out", OPT_OUT, '>', "Output file"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -62,6 +65,10 @@ int nseq_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/ocsp.c View File

@ -137,7 +137,7 @@ typedef enum OPTION_choice {
OPT_RCID,
OPT_V_ENUM,
OPT_MD,
OPT_MULTI
OPT_MULTI, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ocsp_options[] = {
@ -230,6 +230,7 @@ const OPTIONS ocsp_options[] = {
{"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -541,6 +542,10 @@ int ocsp_main(int argc, char **argv)
multi = atoi(opt_arg());
# endif
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
if (trailing_md) {


+ 6
- 1
apps/passwd.c View File

@ -58,7 +58,7 @@ typedef enum OPTION_choice {
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
@ -90,6 +90,7 @@ const OPTIONS passwd_options[] = {
#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"password", 0, 0, "Password text to digest (optional)"},
@ -191,6 +192,10 @@ int passwd_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/pkcs12.c View File

@ -58,7 +58,7 @@ typedef enum OPTION_choice {
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs12_options[] = {
@ -130,6 +130,7 @@ const OPTIONS pkcs12_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -307,6 +308,10 @@ int pkcs12_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 8
- 1
apps/pkcs7.c View File

@ -23,7 +23,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs7_options[] = {
@ -45,6 +46,8 @@ const OPTIONS pkcs7_options[] = {
{"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
{"print_certs", OPT_PRINT_CERTS, '-',
"Print_certs print any certs or crl in the input"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -99,6 +102,10 @@ int pkcs7_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/pkcs8.c View File

@ -26,7 +26,7 @@ typedef enum OPTION_choice {
#endif
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
OPT_TRADITIONAL,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs8_options[] = {
@ -63,6 +63,7 @@ const OPTIONS pkcs8_options[] = {
#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -127,6 +128,10 @@ int pkcs8_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_TRADITIONAL:
traditional = 1;
break;


+ 7
- 1
apps/pkey.c View File

@ -37,7 +37,8 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkey_options[] = {
@ -72,6 +73,7 @@ const OPTIONS pkey_options[] = {
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
{"noout", OPT_NOOUT, '-', "Don't output the key"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -177,6 +179,10 @@ int pkey_main(int argc, char **argv)
ec_asn1_flag = i;
break;
#endif
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 8
- 1
apps/pkeyparam.c View File

@ -19,7 +19,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
OPT_ENGINE, OPT_CHECK
OPT_ENGINE, OPT_CHECK,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
@ -37,6 +38,8 @@ const OPTIONS pkeyparam_options[] = {
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print parameters as text"},
{"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -81,6 +84,10 @@ int pkeyparam_main(int argc, char **argv)
case OPT_CHECK:
check = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/pkeyutl.c View File

@ -44,7 +44,7 @@ typedef enum OPTION_choice {
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
OPT_KDFLEN, OPT_R_ENUM,
OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
OPT_RAWIN, OPT_DIGEST
} OPTION_CHOICE;
@ -92,6 +92,7 @@ const OPTIONS pkeyutl_options[] = {
{"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -165,6 +166,10 @@ int pkeyutl_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;


+ 8
- 1
apps/prime.c View File

@ -15,7 +15,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS prime_options[] = {
@ -32,6 +33,8 @@ const OPTIONS prime_options[] = {
{"safe", OPT_SAFE, '-',
"When used with -generate, generate a safe prime"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"number", 0, 0, "Number(s) to check for primality if not generating"},
{NULL}
@ -72,6 +75,10 @@ opthelp:
/* ignore parameter and argument */
opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/rand.c View File

@ -21,7 +21,7 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
@ -39,6 +39,7 @@ const OPTIONS rand_options[] = {
{"hex", OPT_HEX, '-', "Hex encode output"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"num", 0, 0, "Number of bytes to generate"},
@ -81,6 +82,10 @@ int rand_main(int argc, char **argv)
case OPT_HEX:
format = FORMAT_TEXT;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 8
- 1
apps/rehash.c View File

@ -447,7 +447,8 @@ static int do_dir(const char *dirname, enum Hash h)
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rehash_options[] = {
@ -463,6 +464,8 @@ const OPTIONS rehash_options[] = {
OPT_SECTION("Output"),
{"v", OPT_VERBOSE, '-', "Verbose output"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"directory", 0, 0, "One or more directories to process (optional)"},
{NULL}
@ -499,6 +502,10 @@ int rehash_main(int argc, char **argv)
case OPT_VERBOSE:
verbose = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/req.c View File

@ -91,7 +91,7 @@ typedef enum OPTION_choice {
OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS,
OPT_REQEXTS, OPT_PRECERT, OPT_MD, OPT_SM2ID, OPT_SM2HEXID,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS req_options[] = {
@ -160,6 +160,7 @@ const OPTIONS req_options[] = {
{"modulus", OPT_MODULUS, '-', "RSA modulus"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -331,6 +332,10 @@ int req_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_NEWKEY:
keyalg = opt_arg();
newreq = 1;


+ 8
- 1
apps/rsa.c View File

@ -36,7 +36,8 @@ typedef enum OPTION_choice {
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rsa_options[] = {
@ -71,6 +72,8 @@ const OPTIONS rsa_options[] = {
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
OPT_PROV_OPTIONS,
{NULL}
};
@ -160,6 +163,10 @@ int rsa_main(int argc, char **argv)
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/rsautl.c View File

@ -37,7 +37,7 @@ typedef enum OPTION_choice {
OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rsautl_options[] = {
@ -72,6 +72,7 @@ const OPTIONS rsautl_options[] = {
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -169,6 +170,10 @@ int rsautl_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/s_client.c View File

@ -600,7 +600,7 @@ typedef enum OPTION_choice {
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
OPT_SCTP_LABEL_BUG,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
@ -817,6 +817,7 @@ const OPTIONS s_client_options[] = {
{"chainCAfile", OPT_CHAINCAFILE, '<',
"CA file for certificate chain (PEM format)"},
OPT_X_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"host:port", 0, 0, "Where to connect; same as -connect option"},
@ -1225,6 +1226,10 @@ int s_client_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_IGN_EOF:
c_ign_eof = 1;
break;


+ 7
- 1
apps/s_server.c View File

@ -757,7 +757,8 @@ typedef enum OPTION_choice {
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
OPT_X_ENUM
OPT_X_ENUM,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_server_options[] = {
@ -992,6 +993,7 @@ const OPTIONS s_server_options[] = {
{"chainCAfile", OPT_CHAINCAFILE, '<',
"CA file for certificate chain (PEM format)"},
OPT_X_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -1566,6 +1568,10 @@ int s_server_main(int argc, char *argv[])
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_SERVERNAME:
tlsextcbp.servername = opt_arg();
break;


+ 7
- 1
apps/s_time.c View File

@ -48,7 +48,8 @@ typedef enum OPTION_choice {
OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3
OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_time_options[] = {
@ -99,6 +100,7 @@ const OPTIONS s_time_options[] = {
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store URI"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -226,6 +228,10 @@ int s_time_main(int argc, char **argv)
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();


+ 6
- 1
apps/smime.c View File

@ -42,7 +42,7 @@ typedef enum OPTION_choice {
OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE,
OPT_R_ENUM,
OPT_R_ENUM, OPT_PROV_ENUM,
OPT_V_ENUM,
OPT_IN, OPT_INFORM, OPT_OUT,
OPT_OUTFORM, OPT_CONTENT
@ -121,6 +121,7 @@ const OPTIONS smime_options[] = {
OPT_R_OPTIONS,
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cert", 0, 0, "Recipient certs, used when encrypting"},
@ -244,6 +245,10 @@ int smime_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;


+ 6
- 1
apps/speed.c View File

@ -253,7 +253,7 @@ static int opt_found(const char *name, unsigned int *result,
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
} OPTION_CHOICE;
@ -301,6 +301,7 @@ const OPTIONS speed_options[] = {