Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c

This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-05-06 13:51:50 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-05-15 20:20:08 +0200
commit: 6d382c74b375f1f8c44f04ec3de95ff781598a3b (patch)
tree: 4991b57879da3810fbf912c3d169232755380432 /apps/ca.c
parent: Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning (diff)
download: openssl-6d382c74b375f1f8c44f04ec3de95ff781598a3b.tar.xz
openssl-6d382c74b375f1f8c44f04ec3de95ff781598a3b.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/apps/ca.c b/apps/ca.c
index a18ff0998e..d91b39c91c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -215,12 +215,12 @@ const OPTIONS ca_options[] = {
     OPT_SECTION("Signing"),
     {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
     {"keyfile", OPT_KEYFILE, 's', "Private key"},
-    {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"},
     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
     {"cert", OPT_CERT, '<', "The CA cert"},
     {"certform", OPT_CERTFORM, 'F',
-     "certificate input format (DER or PEM); default PEM"},
+     "certificate input format (DER/PEM/P12); has no effect"},
     {"selfsign", OPT_SELFSIGN, '-',
      "Sign a cert with the key associated with it"},
     {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
@@ -385,7 +385,7 @@ opthelp:
             certfile = opt_arg();
             break;
         case OPT_CERTFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &certformat))
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &certformat))
                 goto opthelp;
             break;
         case OPT_SELFSIGN:
@@ -573,8 +573,7 @@ end_of_options:
         }
     }
     pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
-    if (key != NULL)
-        OPENSSL_cleanse(key, strlen(key));
+    cleanse(key);
     if (pkey == NULL)
         /* load_key() has already printed an appropriate message */
         goto end;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-05-06 13:51:50 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-05-15 20:20:08 +0200
commit	6d382c74b375f1f8c44f04ec3de95ff781598a3b (patch)
tree	4991b57879da3810fbf912c3d169232755380432 /apps/ca.c
parent	Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning (diff)
download	openssl-6d382c74b375f1f8c44f04ec3de95ff781598a3b.tar.xz openssl-6d382c74b375f1f8c44f04ec3de95ff781598a3b.zip