leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cmdline app: add provider commandline options. 

Add a -provider option to allow providers to be loaded. This option can be
specified multiple times.

Add a -provider_path option to allow the path to providers to be specified.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11167)
master
Pauli 2020-02-25 14:29:30 +10:00
parent 5e98904c23
commit 6bd4e3f231
97 changed files with 587 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/ca.c
View File

@ -148,7 +148,7 @@ typedef enum OPTION_choice {
OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
OPT_RAND_SERIAL,
OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID,
OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID, OPT_PROV_ENUM,
/* Do not change the order here; see related case statements below */
OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
} OPTION_CHOICE;
@ -237,6 +237,7 @@ const OPTIONS ca_options[] = {
{"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"certreq", 0, 0, "Certificate requests to be signed (optional)"},
@ -361,6 +362,10 @@ opthelp:
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_KEY:
key = opt_arg();
break;

7
apps/ciphers.c
View File

@ -27,7 +27,7 @@ typedef enum OPTION_choice {
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S
OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
@ -67,6 +67,7 @@ const OPTIONS ciphers_options[] = {
#endif
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cipher", 0, 0, "Cipher string to decode (optional)"},
@ -169,6 +170,10 @@ int ciphers_main(int argc, char **argv)
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argv = opt_rest();

6
apps/cms.c
View File

@ -83,6 +83,7 @@ typedef enum OPTION_choice {
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE,
OPT_R_ENUM,
OPT_PROV_ENUM,
OPT_V_ENUM,
OPT_CIPHER,
OPT_ORIGINATOR
@ -220,6 +221,7 @@ const OPTIONS cms_options[] = {
OPT_R_OPTIONS,
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cert", 0, 0, "Recipient certs (optional; used only when encrypting)"},
@ -621,6 +623,10 @@ int cms_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();

8
apps/crl.c
View File

@ -24,7 +24,7 @@ typedef enum OPTION_choice {
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_TEXT, OPT_HASH,
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
@ -69,6 +69,7 @@ const OPTIONS crl_options[] = {
"Do not load certificates from the default certificates directory"},
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -193,6 +194,11 @@ int crl_main(int argc, char **argv)
case OPT_MD:
if (!opt_md(opt_unknown(), &digest))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

9
apps/crl2p7.c
View File

@ -23,7 +23,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
@ -40,6 +41,8 @@ const OPTIONS crl2pkcs7_options[] = {
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -93,6 +96,10 @@ int crl2pkcs7_main(int argc, char **argv)
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/dgst.c
View File

@ -42,7 +42,7 @@ typedef enum OPTION_choice {
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
@ -82,6 +82,7 @@ const OPTIONS dgst_options[] = {
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"file", 0, 0, "Files to digest (optional; default is stdin)"},
@ -208,6 +209,10 @@ int dgst_main(int argc, char **argv)
goto opthelp;
md = m;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/dhparam.c
View File

@ -41,7 +41,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_DSAPARAM, OPT_C, OPT_2, OPT_3, OPT_5,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
@ -73,6 +73,7 @@ const OPTIONS dhparam_options[] = {
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
@ -151,6 +152,10 @@ int dhparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

8
apps/dsa.c
View File

@ -35,7 +35,8 @@ typedef enum OPTION_choice {
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsa_options[] = {
@ -66,6 +67,7 @@ const OPTIONS dsa_options[] = {
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -147,6 +149,10 @@ int dsa_main(int argc, char **argv)
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/dsaparam.c
View File

@ -36,7 +36,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
@ -62,6 +62,7 @@ const OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
@ -122,6 +123,10 @@ int dsaparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_NOOUT:
noout = 1;
break;

8
apps/ec.c
View File

@ -40,7 +40,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
OPT_NO_PUBLIC, OPT_CHECK
OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ec_options[] = {
@ -70,6 +70,8 @@ const OPTIONS ec_options[] = {
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -161,6 +163,10 @@ int ec_main(int argc, char **argv)
case OPT_CHECK:
check = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/ecparam.c
View File

@ -31,7 +31,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
@ -67,6 +67,7 @@ const OPTIONS ecparam_options[] = {
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -169,6 +170,10 @@ int ecparam_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;

7
apps/enc.c
View File

@ -45,7 +45,7 @@ typedef enum OPTION_choice {
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
@ -97,6 +97,7 @@ const OPTIONS enc_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -288,6 +289,10 @@ int enc_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
if (opt_num_rest() != 0) {

7
apps/gendsa.c
View File

@ -31,7 +31,7 @@ NON_EMPTY_TRANSLATION_UNIT
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
@ -47,6 +47,7 @@ const OPTIONS gendsa_options[] = {
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
@ -92,6 +93,10 @@ int gendsa_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;

10
apps/genpkey.c
View File

@ -24,7 +24,8 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS genpkey_options[] = {
@ -46,6 +47,8 @@ const OPTIONS genpkey_options[] = {
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
OPT_PROV_OPTIONS,
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
@ -131,6 +134,11 @@ int genpkey_main(int argc, char **argv)
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
goto end;
}
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/genrsa.c
View File

@ -41,7 +41,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_ENGINE,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
@ -66,6 +66,7 @@ const OPTIONS genrsa_options[] = {
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"numbits", 0, 0, "Size of key in bits"},
@ -121,6 +122,10 @@ opthelp:
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;

19
apps/include/opt.h
View File

@ -265,6 +265,24 @@
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Provider options.
*/
# define OPT_PROV_ENUM \
OPT_PROV__FIRST=1600, \
OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \
OPT_PROV__LAST
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
{ "provider", OPT_PROV_PROVIDER, 's', "Provder to load (can be specified multiple times)" }, \
{ "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
case OPT_PROV_PROVIDER: \
case OPT_PROV_PROVIDER_PATH
/*
* Option parsing.
*/
@ -348,6 +366,7 @@ char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
int opt_provider(int i);
void opt_help(const OPTIONS * list);
void opt_print(const OPTIONS * opt, int doingparams, int width);
int opt_format_error(const char *s, unsigned long flags);

9
apps/kdf.c
View File

@ -19,7 +19,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT
OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS kdf_options[] = {
@ -36,6 +37,8 @@ const OPTIONS kdf_options[] = {
{"binary", OPT_BIN, '-',
"Output in binary format (default is hexadecimal)"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"kdf_name", 0, 0, "Name of the KDF algorithm"},
{NULL}
@ -80,6 +83,10 @@ opthelp:
if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto err;
break;
}
}
argc = opt_num_rest();

51
apps/lib/app_provider.c Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include <openssl/err.h>
#include <openssl/provider.h>
/*
* See comments in opt_verify for explanation of this.
*/
enum prov_range { OPT_PROV_ENUM };
static int opt_provider_load(const char *provider)
{
OSSL_PROVIDER *prov;
prov = OSSL_PROVIDER_load(NULL, provider);
if (prov == NULL) {
opt_printf_stderr("%s: unable to load provider %s\n",
opt_getprog(), provider);
return 0;
}
return 1;
}
static int opt_provider_path(const char *path)
{
if (path != NULL && *path == '\0')
path = NULL;
return OSSL_PROVIDER_set_default_search_path(NULL, path);
}
int opt_provider(int opt)
{
switch ((enum prov_range)opt) {
case OPT_PROV__FIRST:
case OPT_PROV__LAST:
return 1;
case OPT_PROV_PROVIDER:
return opt_provider_load(opt_arg());
case OPT_PROV_PROVIDER_PATH:
return opt_provider_path(opt_arg());
}
return 0;
}

2
apps/lib/build.info
View File

@ -9,7 +9,7 @@ ENDIF
# Source for libapps
$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
columns.c app_params.c names.c
columns.c app_params.c names.c app_provider.c
IF[{- !$disabled{apps} -}]
LIBS{noinst}=../libapps.a

9
apps/list.c
View File

@ -617,7 +617,8 @@ typedef enum HELPLIST_CHOICE {
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED,
OPT_KDF_ALGORITHMS, OPT_MISSING_HELP, OPT_OBJECTS
OPT_KDF_ALGORITHMS, OPT_MISSING_HELP, OPT_OBJECTS,
OPT_PROV_ENUM
} HELPLIST_CHOICE;
const OPTIONS list_options[] = {
@ -655,6 +656,8 @@ const OPTIONS list_options[] = {
"List options for specified command"},
{"objects", OPT_OBJECTS, '-',
"List built in objects (OID<->name mappings)"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -741,6 +744,10 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
return 1;
break;
}
done = 1;
}

9
apps/mac.c
View File

@ -21,7 +21,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT
OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS mac_options[] = {
@ -40,6 +41,8 @@ const OPTIONS mac_options[] = {
{"binary", OPT_BIN, '-',
"Output in binary format (default is hexadecimal)"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"mac_name", 0, 0, "MAC algorithm"},
{NULL}
@ -89,6 +92,10 @@ opthelp:
if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto err;
break;
}
}
argc = opt_num_rest();

9
apps/nseq.c
View File

@ -16,7 +16,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_TOSEQ, OPT_IN, OPT_OUT
OPT_TOSEQ, OPT_IN, OPT_OUT,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS nseq_options[] = {
@ -29,6 +30,8 @@ const OPTIONS nseq_options[] = {
OPT_SECTION("Output"),
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
{"out", OPT_OUT, '>', "Output file"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -62,6 +65,10 @@ int nseq_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/ocsp.c
View File

@ -137,7 +137,7 @@ typedef enum OPTION_choice {
OPT_RCID,
OPT_V_ENUM,
OPT_MD,
OPT_MULTI
OPT_MULTI, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ocsp_options[] = {
@ -230,6 +230,7 @@ const OPTIONS ocsp_options[] = {
{"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
OPT_V_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -541,6 +542,10 @@ int ocsp_main(int argc, char **argv)
multi = atoi(opt_arg());
# endif
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
if (trailing_md) {

7
apps/passwd.c
View File

@ -58,7 +58,7 @@ typedef enum OPTION_choice {
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
@ -90,6 +90,7 @@ const OPTIONS passwd_options[] = {
#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"password", 0, 0, "Password text to digest (optional)"},
@ -191,6 +192,10 @@ int passwd_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/pkcs12.c
View File

@ -58,7 +58,7 @@ typedef enum OPTION_choice {
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs12_options[] = {
@ -130,6 +130,7 @@ const OPTIONS pkcs12_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -307,6 +308,10 @@ int pkcs12_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

9
apps/pkcs7.c
View File

@ -23,7 +23,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs7_options[] = {
@ -45,6 +46,8 @@ const OPTIONS pkcs7_options[] = {
{"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
{"print_certs", OPT_PRINT_CERTS, '-',
"Print_certs print any certs or crl in the input"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -99,6 +102,10 @@ int pkcs7_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/pkcs8.c
View File

@ -26,7 +26,7 @@ typedef enum OPTION_choice {
#endif
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
OPT_TRADITIONAL,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs8_options[] = {
@ -63,6 +63,7 @@ const OPTIONS pkcs8_options[] = {
#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -127,6 +128,10 @@ int pkcs8_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_TRADITIONAL:
traditional = 1;
break;

8
apps/pkey.c
View File

@ -37,7 +37,8 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkey_options[] = {
@ -72,6 +73,7 @@ const OPTIONS pkey_options[] = {
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
{"noout", OPT_NOOUT, '-', "Don't output the key"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -177,6 +179,10 @@ int pkey_main(int argc, char **argv)
ec_asn1_flag = i;
break;
#endif
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

9
apps/pkeyparam.c
View File

@ -19,7 +19,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
OPT_ENGINE, OPT_CHECK
OPT_ENGINE, OPT_CHECK,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
@ -37,6 +38,8 @@ const OPTIONS pkeyparam_options[] = {
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print parameters as text"},
{"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
OPT_PROV_OPTIONS,
{NULL}
};
@ -81,6 +84,10 @@ int pkeyparam_main(int argc, char **argv)
case OPT_CHECK:
check = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/pkeyutl.c
View File

@ -44,7 +44,7 @@ typedef enum OPTION_choice {
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
OPT_KDFLEN, OPT_R_ENUM,
OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
OPT_RAWIN, OPT_DIGEST
} OPTION_CHOICE;
@ -92,6 +92,7 @@ const OPTIONS pkeyutl_options[] = {
{"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -165,6 +166,10 @@ int pkeyutl_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;

9
apps/prime.c
View File

@ -15,7 +15,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS prime_options[] = {
@ -32,6 +33,8 @@ const OPTIONS prime_options[] = {
{"safe", OPT_SAFE, '-',
"When used with -generate, generate a safe prime"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"number", 0, 0, "Number(s) to check for primality if not generating"},
{NULL}
@ -72,6 +75,10 @@ opthelp:
/* ignore parameter and argument */
opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/rand.c
View File

@ -21,7 +21,7 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
@ -39,6 +39,7 @@ const OPTIONS rand_options[] = {
{"hex", OPT_HEX, '-', "Hex encode output"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"num", 0, 0, "Number of bytes to generate"},
@ -81,6 +82,10 @@ int rand_main(int argc, char **argv)
case OPT_HEX:
format = FORMAT_TEXT;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

9
apps/rehash.c
View File

@ -447,7 +447,8 @@ static int do_dir(const char *dirname, enum Hash h)
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rehash_options[] = {
@ -463,6 +464,8 @@ const OPTIONS rehash_options[] = {
OPT_SECTION("Output"),
{"v", OPT_VERBOSE, '-', "Verbose output"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"directory", 0, 0, "One or more directories to process (optional)"},
{NULL}
@ -499,6 +502,10 @@ int rehash_main(int argc, char **argv)
case OPT_VERBOSE:
verbose = 1;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/req.c
View File

@ -91,7 +91,7 @@ typedef enum OPTION_choice {
OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS,
OPT_REQEXTS, OPT_PRECERT, OPT_MD, OPT_SM2ID, OPT_SM2HEXID,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS req_options[] = {
@ -160,6 +160,7 @@ const OPTIONS req_options[] = {
{"modulus", OPT_MODULUS, '-', "RSA modulus"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -331,6 +332,10 @@ int req_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_NEWKEY:
keyalg = opt_arg();
newreq = 1;

9
apps/rsa.c
View File

@ -36,7 +36,8 @@ typedef enum OPTION_choice {
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rsa_options[] = {
@ -71,6 +72,8 @@ const OPTIONS rsa_options[] = {
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
OPT_PROV_OPTIONS,
{NULL}
};
@ -160,6 +163,10 @@ int rsa_main(int argc, char **argv)
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/rsautl.c
View File

@ -37,7 +37,7 @@ typedef enum OPTION_choice {
OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS rsautl_options[] = {
@ -72,6 +72,7 @@ const OPTIONS rsautl_options[] = {
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
{NULL}
};
@ -169,6 +170,10 @@ int rsautl_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
argc = opt_num_rest();

7
apps/s_client.c
View File

@ -600,7 +600,7 @@ typedef enum OPTION_choice {
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
OPT_SCTP_LABEL_BUG,
OPT_R_ENUM
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
@ -817,6 +817,7 @@ const OPTIONS s_client_options[] = {
{"chainCAfile", OPT_CHAINCAFILE, '<',
"CA file for certificate chain (PEM format)"},
OPT_X_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"host:port", 0, 0, "Where to connect; same as -connect option"},
@ -1225,6 +1226,10 @@ int s_client_main(int argc, char **argv)
if (!opt_rand(o))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
case OPT_IGN_EOF: