leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make the -inform option to be respected if possible

Browse Source 
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
master
Tomas Mraz 2 years ago committed by Matt Caswell
parent b86fa8c556
commit d382e79632
38 changed files with 212 additions and 143 deletions
Show Stats Download Patch File Download Diff File

10
apps/ca.c
Unescape View File

@ -274,7 +274,7 @@ int ca_main(int argc, char **argv)
char def_dgst[80] = "";
char *dgst = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
int certformat = FORMAT_PEM, informat = FORMAT_PEM;
int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF;
const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
char *passin = NULL;
@ -289,7 +289,7 @@ int ca_main(int argc, char **argv)
size_t outdirlen = 0;
int create_ser = 0, free_passin = 0, total = 0, total_done = 0;
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0;
int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int rand_ser = 0, i, j, selfsign = 0, def_ret;
char *crl_lastupdate = NULL, *crl_nextupdate = NULL;
@ -594,7 +594,7 @@ end_of_options:
&& (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
goto end;
x509 = load_cert_pass(certfile, 1, passin, "CA certificate");
x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate");
if (x509 == NULL)
goto end;
@ -1287,7 +1287,7 @@ end_of_options:
} else {
X509 *revcert;
revcert = load_cert_pass(infile, 1, passin,
revcert = load_cert_pass(infile, informat, 1, passin,
"certificate to be revoked");
if (revcert == NULL)
goto end;
@ -1417,7 +1417,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
if ((template_cert = load_cert_pass(infile, 1, passin,
if ((template_cert = load_cert_pass(infile, certformat, 1, passin,
"template certificate")) == NULL)
goto end;
if (verbose)

6
apps/cmp.c
Unescape View File

@ -131,8 +131,8 @@ static int opt_revreason = CRL_REASON_NONE;
/* credentials format */
static char *opt_certform_s = "PEM";
static int opt_certform = FORMAT_PEM;
static char *opt_keyform_s = "PEM";
static int opt_keyform = FORMAT_PEM;
static char *opt_keyform_s = NULL;
static int opt_keyform = FORMAT_UNDEF;
static char *opt_otherpass = NULL;
static char *opt_engine = NULL;
@ -635,7 +635,7 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc)
X509 *cert;
char *pass_string = get_passwd(pass, desc);
cert = load_cert_pass(uri, 0, pass_string, desc);
cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc);
clear_free(pass_string);
return cert;
}

16
apps/cms.c
Unescape View File

@ -292,7 +292,7 @@ int cms_main(int argc, char **argv)
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
size_t secret_keylen = 0, secret_keyidlen = 0;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
unsigned char *secret_key = NULL, *secret_keyid = NULL;
@ -611,7 +611,8 @@ int cms_main(int argc, char **argv)
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
cert = load_cert(opt_arg(), "recipient certificate file");
cert = load_cert(opt_arg(), FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
@ -810,7 +811,8 @@ int cms_main(int argc, char **argv)
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
if ((cert = load_cert(*argv, "recipient certificate file")) == NULL)
if ((cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
@ -826,7 +828,7 @@ int cms_main(int argc, char **argv)
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile,
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@ -834,7 +836,7 @@ int cms_main(int argc, char **argv)
}
if (originatorfile != NULL) {
if ((originator = load_cert(originatorfile,
if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
"originator certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@ -842,7 +844,7 @@ int cms_main(int argc, char **argv)
}
if (operation == SMIME_SIGN_RECEIPT) {
if ((signer = load_cert(signerfile,
if ((signer = load_cert(signerfile, FORMAT_UNDEF,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@ -1048,7 +1050,7 @@ int cms_main(int argc, char **argv)
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, "signer certificate");
signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL) {
ret = 2;
goto end;

6
apps/crl.c
Unescape View File

@ -88,7 +88,7 @@ int crl_main(int argc, char **argv)
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
int i;
@ -211,7 +211,7 @@ int crl_main(int argc, char **argv)
if (!opt_md(digestname, &digest))
goto opthelp;
}
x = load_crl(infile, 1, "CRL");
x = load_crl(infile, informat, 1, "CRL");
if (x == NULL)
goto end;
@ -256,7 +256,7 @@ int crl_main(int argc, char **argv)
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, 0, "other CRL");
newcrl = load_crl(crldiff, informat, 0, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");

2
apps/dgst.c
Unescape View File

@ -105,7 +105,7 @@ int dgst_main(int argc, char **argv)
const char *sigfile = NULL;
const char *md_name = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;

2
apps/dsa.c
Unescape View File

@ -83,7 +83,7 @@ int dsa_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
int modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
int private = 0;

4
apps/dsaparam.c
Unescape View File

@ -69,7 +69,7 @@ int dsaparam_main(int argc, char **argv)
EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0;
int ret = 1, i, text = 0, private = 0;
char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
@ -181,7 +181,7 @@ int dsaparam_main(int argc, char **argv)
goto end;
}
} else {
params = load_keyparams(infile, 1, "DSA", "DSA parameters");
params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
}
if (params == NULL) {
/* Error message should already have been displayed */

2
apps/ec.c
Unescape View File

@ -73,7 +73,7 @@ int ec_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
int check = 0;
char *asn1_encoding = NULL;

2
apps/ecparam.c
Unescape View File

@ -240,7 +240,7 @@ int ecparam_main(int argc, char **argv)
goto end;
}
} else {
params_key = load_keyparams(infile, 1, "EC", "EC parameters");
params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
goto end;
if (point_format

2
apps/gendsa.c
Unescape View File

@ -121,7 +121,7 @@ int gendsa_main(int argc, char **argv)
goto end;
}
pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters");
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)

15
apps/include/apps.h
Unescape View File

@ -108,18 +108,19 @@ char *get_passwd(const char *pass, const char *desc);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509_REQ *load_csr(const char *file, int format, const char *desc);
X509 *load_cert_pass(const char *uri, int maybe_stdin,
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc);
#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc);
#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
const char *desc);
void cleanse(char *str);
void clear_free(char *str);
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
const char *desc);
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
const char *keytype, const char *desc);
char *next_item(char *opt); /* in list separated by comma and/or space */
int load_cert_certs(const char *uri,
X509 **pcert, STACK_OF(X509) **pcerts,
@ -133,13 +134,13 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc);
int load_key_certs_crls(const char *uri, int maybe_stdin,
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
int load_key_cert_crl(const char *uri, int maybe_stdin,
int load_key_cert_crl(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
X509 **pcert, X509_CRL **pcrl);

61
apps/lib/apps.c
Unescape View File

@ -38,6 +38,7 @@
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/store.h>
#include <openssl/core_names.h>
#include "s_apps.h"
#include "apps.h"
@ -478,7 +479,7 @@ CONF *app_load_config_modules(const char *configfile)
#define IS_HTTPS(uri) ((uri) != NULL \
&& strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
X509 *load_cert_pass(const char *uri, int maybe_stdin,
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc)
{
X509 *cert = NULL;
@ -490,7 +491,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
else if (IS_HTTP(uri))
cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */);
else
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
NULL, NULL, NULL, &cert, NULL, NULL, NULL);
if (cert == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
@ -499,7 +500,8 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
return cert;
}
X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
const char *desc)
{
X509_CRL *crl = NULL;
@ -510,7 +512,7 @@ X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
else if (IS_HTTP(uri))
crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
else
(void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
(void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
NULL, NULL, NULL, NULL, NULL, &crl, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
@ -524,6 +526,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc)
X509_REQ *req = NULL;
BIO *in;
if (format == FORMAT_UNDEF)
format = FORMAT_PEM;
if (desc == NULL)
desc = "CSR";
in = bio_open_default(file, 'r', format);
@ -570,7 +574,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
if (format == FORMAT_ENGINE) {
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
(void)load_key_certs_crls(uri, may_stdin, pass, desc,
(void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
&pkey, NULL, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
@ -589,22 +593,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
if (format == FORMAT_ENGINE) {
uri = allocated_uri = make_engine_uri(e, uri, desc);
}
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}
EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
const char *desc)
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
const char *keytype, const char *desc)
{
EVP_PKEY *params = NULL;
if (desc == NULL)
desc = "key parameters";
(void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
(void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
NULL, NULL, &params, NULL, NULL, NULL, NULL);
if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
BIO_printf(bio_err,
@ -698,7 +702,8 @@ int load_cert_certs(const char *uri,
return ret;
}
pass_string = get_passwd(pass, desc);
ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc,
NULL, NULL, NULL,
pcert, pcerts, NULL, NULL);
clear_free(pass_string);
@ -800,7 +805,8 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin,
pass, desc, NULL, NULL,
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
@ -818,7 +824,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc)
{
int was_NULL = *crls == NULL;
int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc,
NULL, NULL, NULL,
NULL, NULL, NULL, crls);
if (!ret && was_NULL) {
@ -828,6 +835,17 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
return ret;
}
static const char *format2string(int format)
{
switch(format) {
case FORMAT_PEM:
return "PEM";
case FORMAT_ASN1:
return "DER";
}
return NULL;
}
/* Set type expectation, but clear it if objects of different types expected. */
#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
/*
@ -843,7 +861,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
* In any case (also on error) the caller is responsible for freeing all members
* of *pcerts and *pcrls (as far as they are not NULL).
*/
int load_key_certs_crls(const char *uri, int maybe_stdin,
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
EVP_PKEY **pparams,
@ -863,6 +881,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
pcrls != NULL ? "CRLs" : NULL;
int cnt_expectations = 0;
int expect = -1;
const char *input_type;
OSSL_PARAM itp[2];
const OSSL_PARAM *params = NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL) {
@ -915,6 +936,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
uidata.password = pass;
uidata.prompt_info = uri;
if ((input_type = format2string(format)) != NULL) {
itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
(char *)input_type, 0);
itp[1] = OSSL_PARAM_construct_end();
params = itp;
}
if (uri == NULL) {
BIO *bio;
@ -927,12 +955,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
bio = BIO_new_fp(stdin, 0);
if (bio != NULL) {
ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
get_ui_method(), &uidata, NULL, NULL);
get_ui_method(), &uidata, params,
NULL, NULL);
BIO_free(bio);
}
} else {
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
NULL, NULL);
params, NULL, NULL);
}
if (ctx == NULL) {
BIO_printf(bio_err, "Could not open file or uri for loading");
@ -2322,7 +2351,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
urlptr = get_dp_url(dp);
if (urlptr != NULL)
return load_crl(urlptr, 0, "CRL via CDP");
return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP");
}
return NULL;
}

3
apps/lib/s_cb.c
Unescape View File

@ -1019,7 +1019,8 @@ int load_excert(SSL_EXCERT **pexc)
BIO_printf(bio_err, "Missing filename\n");
return 0;
}
exc->cert = load_cert(exc->certfile, "Server Certificate");
exc->cert = load_cert(exc->certfile, exc->certform,
"Server Certificate");
if (exc->cert == NULL)
return 0;
if (exc->keyfile != NULL) {

12
apps/ocsp.c
Unescape View File

@ -402,7 +402,7 @@ int ocsp_main(int argc, char **argv)
path = opt_arg();
break;
case OPT_ISSUER:
issuer = load_cert(opt_arg(), "issuer certificate");
issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
@ -414,7 +414,7 @@ int ocsp_main(int argc, char **argv)
break;
case OPT_CERT:
X509_free(cert);
cert = load_cert(opt_arg(), "certificate");
cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
@ -565,7 +565,7 @@ int ocsp_main(int argc, char **argv)
if (rsignfile != NULL) {
if (rkeyfile == NULL)
rkeyfile = rsignfile;
rsigner = load_cert(rsignfile, "responder certificate");
rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate");
if (rsigner == NULL) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
@ -581,7 +581,7 @@ int ocsp_main(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL,
rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
"responder private key");
if (rkey == NULL)
goto end;
@ -661,7 +661,7 @@ redo_accept:
if (signfile != NULL) {
if (keyfile == NULL)
keyfile = signfile;
signer = load_cert(signfile, "signer certificate");
signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
@ -671,7 +671,7 @@ redo_accept:
"signer certificates"))
goto end;
}
key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
"signer private key");
if (key == NULL)
goto end;

9
apps/pkcs8.c
Unescape View File

@ -83,7 +83,7 @@ int pkcs8_main(int argc, char **argv)
char *passin = NULL, *passout = NULL, *p8pass = NULL;
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
int private = 0, traditional = 0;
#ifndef OPENSSL_NO_SCRYPT
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
@ -214,7 +214,8 @@ int pkcs8_main(int argc, char **argv)
if ((pbe_nid == -1) && cipher == NULL)
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
in = bio_open_default(infile, 'r', informat);
in = bio_open_default(infile, 'r',
informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
@ -298,7 +299,7 @@ int pkcs8_main(int argc, char **argv)
}
if (nocrypt) {
if (informat == FORMAT_PEM) {
if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
@ -307,7 +308,7 @@ int pkcs8_main(int argc, char **argv)
goto end;
}
} else {
if (informat == FORMAT_PEM) {
if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8 = d2i_PKCS8_bio(in, NULL);

2
apps/pkey.c
Unescape View File

@ -75,7 +75,7 @@ int pkey_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
#ifndef OPENSSL_NO_EC

5
apps/pkeyutl.c
Unescape View File

@ -111,7 +111,8 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
int buf_inlen = 0, siglen = -1;
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
@ -555,7 +556,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
break;
case KEY_CERT:
x = load_cert(keyfile, "Certificate");
x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);

6
apps/req.c
Unescape View File

@ -256,7 +256,7 @@ int req_main(int argc, char **argv)
int days = UNSET_DAYS;
int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0;
int pkey_type = -1;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0;
int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
long newkey_len = -1;
@ -762,7 +762,7 @@ int req_main(int argc, char **argv)
BIO_printf(bio_err,
"Ignoring -CAkey option since no -CA option is given\n");
} else {
if ((CAkey = load_key(CAkeyfile, FORMAT_PEM,
if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
0, passin, e, "issuer private key")) == NULL)
goto end;
}
@ -777,7 +777,7 @@ int req_main(int argc, char **argv)
"Need to give the -CAkey option if using -CA\n");
goto end;
}
if ((CAcert = load_cert_pass(CAfile, 1, passin,
if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
"issuer certificate")) == NULL)
goto end;
if (!X509_check_private_key(CAcert, CAkey)) {

4
apps/rsa.c
Unescape View File

@ -96,7 +96,7 @@ int rsa_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
int private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
OPTION_CHOICE o;
@ -204,7 +204,7 @@ int rsa_main(int argc, char **argv)
}
if (pubin) {
int tmpformat = -1;
int tmpformat = FORMAT_UNDEF;
if (pubin == 2) {
if (informat == FORMAT_PEM)

4
apps/rsautl.c
Unescape View File

@ -81,7 +81,7 @@ int rsautl_main(int argc, char **argv)
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
size_t rsa_inlen, rsa_outlen = 0;
int keyformat = FORMAT_PEM, keysize, ret = 1, rv;
int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv;
int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
OPTION_CHOICE o;
@ -196,7 +196,7 @@ int rsautl_main(int argc, char **argv)
break;
case KEY_CERT:
x = load_cert(keyfile, "Certificate");
x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);

11
apps/s_client.c
Unescape View File

@ -815,15 +815,15 @@ int s_client_main(int argc, char **argv)
struct timeval timeout, *timeoutp;
fd_set readfds, writefds;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF;
int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0;
int prexit = 0;
int sdebug = 0;
int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0;
int sbuf_len, sbuf_off, cmdletters = 1;
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
int at_eof = 0;
@ -1620,7 +1620,8 @@ int s_client_main(int argc, char **argv)
}
if (cert_file != NULL) {
cert = load_cert_pass(cert_file, 1, pass, "client certificate");
cert = load_cert_pass(cert_file, cert_format, 1, pass,
"client certificate");
if (cert == NULL)
goto end;
}
@ -1632,7 +1633,7 @@ int s_client_main(int argc, char **argv)
if (crl_file != NULL) {
X509_CRL *crl;
crl = load_crl(crl_file, 0, "CRL");
crl = load_crl(crl_file, crl_format, 0, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();

22
apps/s_server.c
Unescape View File

@ -978,11 +978,11 @@ int s_server_main(int argc, char *argv[])
int no_dhe = 0;
int nocert = 0, ret = 1;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
int s_cert_format = FORMAT_UNDEF, s_key_format = FORMAT_UNDEF;
int s_dcert_format = FORMAT_UNDEF, s_dkey_format = FORMAT_UNDEF;
int rev = 0, naccept = -1, sdebug = 0;
int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0;
char *host = NULL;
char *port = OPENSSL_strdup(PORT);
unsigned char *context = NULL;
@ -1688,7 +1688,8 @@ int s_server_main(int argc, char *argv[])
if (s_key == NULL)
goto end;
s_cert = load_cert_pass(s_cert_file, 1, pass, "server certificate");
s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass,
"server certificate");
if (s_cert == NULL)
goto end;
@ -1704,7 +1705,7 @@ int s_server_main(int argc, char *argv[])
if (s_key2 == NULL)
goto end;
s_cert2 = load_cert_pass(s_cert_file2, 1, pass,
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass,
"second server certificate");
if (s_cert2 == NULL)
@ -1727,7 +1728,7 @@ int s_server_main(int argc, char *argv[])
if (crl_file != NULL) {
X509_CRL *crl;
crl = load_crl(crl_file, 0, "CRL");
crl = load_crl(crl_file, crl_format, 0, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
@ -1749,7 +1750,7 @@ int s_server_main(int argc, char *argv[])
if (s_dkey == NULL)
goto end;
s_dcert = load_cert_pass(s_dcert_file, 1, dpass,
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass,
"second server certificate");
if (s_dcert == NULL) {
@ -1975,9 +1976,9 @@ int s_server_main(int argc, char *argv[])
EVP_PKEY *dhpkey = NULL;
if (dhfile != NULL)
dhpkey = load_keyparams(dhfile, 0, "DH", "DH parameters");
dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters");
else if (s_cert_file != NULL)
dhpkey = load_keyparams(s_cert_file, 0, "DH", "DH parameters");
dhpkey = load_keyparams(s_cert_file, FORMAT_UNDEF, 0, "DH", "DH parameters");
if (dhpkey != NULL) {
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@ -2009,7 +2010,8 @@ int s_server_main(int argc, char *argv[])
if (ctx2 != NULL) {
if (dhfile != NULL) {
EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, 0, "DH",
EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, FORMAT_UNDEF,
0, "DH",
"DH parameters");
if (dhpkey2 != NULL) {

9
apps/smime.c
Unescape View File

@ -151,7 +151,7 @@ int smime_main(int argc, char **argv)
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
FORMAT_PEM;
FORMAT_UNDEF;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
const char *mime_eol = "\n";
@ -449,7 +449,8 @@ int smime_main(int argc, char **argv)
if (encerts == NULL)
goto end;
while (*argv != NULL) {
cert = load_cert(*argv, "recipient certificate file");
cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
@ -466,7 +467,7 @@ int smime_main(int argc, char **argv)
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile,
if ((recip = load_cert(recipfile, FORMAT_UNDEF,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@ -573,7 +574,7 @@ int smime_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, "signer certificate");
signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key");

2
apps/spkac.c
Unescape View File

@ -67,7 +67,7 @@ int spkac_main(int argc, char **argv)
char *spkstr = NULL, *prog;
const char *spkac = "SPKAC", *spksect = "default";
int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
int keyformat = FORMAT_PEM;
int keyformat = FORMAT_UNDEF;
OPTION_CHOICE o;
prog = opt_init(argc, argv, spkac_options);

2
apps/storeutl.c
Unescape View File

@ -358,7 +358,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int ret = 1, items = 0;
if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
NULL, NULL))
NULL, NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
ERR_print_errors(bio_err);

2
apps/verify.c
Unescape View File

@ -253,7 +253,7 @@ static int check(X509_STORE *ctx, const char *file,
STACK_OF(X509) *chain = NULL;
int num_untrusted;
x = load_cert(file, "certificate file");
x = load_cert(file, FORMAT_UNDEF, "certificate file");
if (x == NULL)
goto end;

8
apps/x509.c
Unescape View File

@ -266,9 +266,9 @@ int x509_main(int argc, char **argv)
char *prog;
int days = UNSET_DAYS; /* not explicitly set */
int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0;
int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF;
int fingerprint = 0, reqfile = 0, checkend = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
int noout = 0, CA_createserial = 0, email = 0;
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
@ -719,7 +719,7 @@ int x509_main(int argc, char **argv)
}
}
} else {
x = load_cert_pass(infile, 1, passin, "certificate");
x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL)
goto end;
}
@ -734,7 +734,7 @@ int x509_main(int argc, char **argv)
goto end;
if (CAfile != NULL) {
xca = load_cert_pass(CAfile, 1, passin, "CA certificate");
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL)
goto end;
}

2
crypto/pem/pem_pkey.c
Unescape View File

@ -55,7 +55,7 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
return NULL;
if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
NULL, NULL)) == NULL)
NULL, NULL, NULL)) == NULL)
goto err;
#ifndef OPENSSL_NO_SECURE_HEAP
# ifndef OPENSSL_NO_DEPRECATED_3_0

68
crypto/store/store_lib.c
Unescape View File

@ -32,9 +32,37 @@
static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
static int loader_set_params(OSSL_STORE_LOADER *loader,
OSSL_STORE_LOADER_CTX *loader_ctx,
const OSSL_PARAM params[], const char *propq)
{
if (params != NULL) {
if (!loader->p_set_ctx_params(loader_ctx, params))
return 0;
}
if (propq != NULL) {
OSSL_PARAM propp[2];
if (OSSL_PARAM_locate_const(params,
OSSL_STORE_PARAM_PROPERTIES) != NULL)
/* use the propq from params */
return 1;
propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
(char *)propq, 0);
propp[1] = OSSL_PARAM_construct_end();
if (!loader->p_set_ctx_params(loader_ctx, propp))
return 0;
}
return 1;
}
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
@ -103,18 +131,11 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
if (loader_ctx == NULL) {
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
} else if (propq != NULL) {
OSSL_PARAM params[2];
params[0] = OSSL_PARAM_construct_utf8_string(
OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
params[1] = OSSL_PARAM_construct_end();
if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
(void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
}
} else if(!loader_set_params(fetched_loader, loader_ctx,
params, propq)) {
(void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
}
loader = fetched_loader;
}
@ -187,8 +208,8 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
post_process_data);
return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
post_process, post_process_data);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
@ -927,6 +948,7 @@ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
@ -957,19 +979,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
|| (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
} else if (propq != NULL) {
OSSL_PARAM params[] = {
OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
NULL, 0),
OSSL_PARAM_END
};
params[0].data = (void *)propq;
if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
(void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
}
} else if (!loader_set_params(fetched_loader, loader_ctx,
params, propq)) {
(void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
}
loader = fetched_loader;
ossl_core_bio_free(cbio);

3
crypto/x509/by_store.c
Unescape View File

@ -21,7 +21,8 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
OSSL_STORE_CTX *ctx = NULL;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, NULL)) == NULL)
if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
NULL, NULL)) == NULL)
return 0;
/*

1
doc/man3/OSSL_STORE_attach.pod
Unescape View File

@ -11,6 +11,7 @@ OSSL_STORE_attach - Functions to read objects from a BIO
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);

5
doc/man3/OSSL_STORE_open.pod
Unescape View File

@ -24,6 +24,7 @@ OSSL_STORE_error, OSSL_STORE_close
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
@ -68,6 +69,8 @@ B<OSSL_STORE_CTX> with all necessary internal information.
The given I<ui_method> and I<ui_data> will be reused by all
functions that use B<OSSL_STORE_CTX> when interaction is needed,
for instance to provide a password.
The auxiliary B<OSSL_PARAM> parameters in I<params> can be set to further
modify the store operation.
The given I<post_process> and I<post_process_data> will be reused by
OSSL_STORE_load() to manipulate or drop the value to be returned.
The I<post_process> function drops values by returning NULL, which
@ -76,7 +79,7 @@ the next object, until I<post_process> returns something other than
NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
OSSL_STORE_open() is similar to OSSL_STORE_open_ex() but uses NULL for
the library context I<libctx> and property query I<propq>.
the I<params>, the library context I<libctx> and property query I<propq>.
OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
more arguments not specified here.

2
include/openssl/core_names.h
Unescape View File

@ -545,6 +545,8 @@ extern "C" {
/* You may want to pass properties for the provider implementation to use */
#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */
/* OSSL_DECODER input type if a decoder is used by the store */
#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */
# ifdef __cplusplus
}

2
include/openssl/store.h
Unescape View File

@ -59,6 +59,7 @@ OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data,
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);