Use OSSL_STORE for load_key() and load_pubkey() in apps/lib/apps.c#11745
Use OSSL_STORE for load_key() and load_pubkey() in apps/lib/apps.c#11745
Conversation
This also adds STORE_load_key_cert_crl(), STORE_load_pkey(), STORE_load_cert(), STORE_load_crl(), get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc.
|
I'm going to generalize |
| key = dup_bio_in(format); | ||
| } else { | ||
| key = bio_open_default(file, 'r', format); | ||
| bio = dup_bio_in(format); |
There was a problem hiding this comment.
It's possible to use the STORE API with stdin. The function is calledd OSSL_STORE_attach and is to be used in place of OSSL_STORE_open when you want it to handle a BIO using some chosen scheme. The OSSL_STORE functionality knows how to handle streamed data, it uses the cache buffer to catch the first 4KiB and uses that to find out (guess) the format.
There was a problem hiding this comment.
Hmm, would be nice, but OSSL_STORE_attach() does not exist, just undocumented internal functions ossl_store_attach_pem_bio() and ossl_store_file_attach_pem_bio_int().
How if I export something like
OSSL_STORE_attach(bio, ui_method, ui_data) =
ossl_store_attach_pem_bio(bio, ui_method, ui_data, NULL, NULL)
?
There was a problem hiding this comment.
Ah, right, it could be that it's because I looked at my own effort to do the same thing, where that is indeed already done, #7390
I should probably split that one out a bit.
| key = dup_bio_in(format); | ||
| } else { | ||
| key = bio_open_default(file, 'r', format); | ||
| bio = dup_bio_in(format); |
There was a problem hiding this comment.
Again, OSSL_STORE_attach. That will probably also simplify your code, as you really shouldn't need to care about the format at all, except for ENGINE.
There was a problem hiding this comment.
Yes, and for the exotic legacy formats FORMAT_MSBLOB and FORMAT_PVK.
There was a problem hiding this comment.
Oops, these two legacy formats FORMAT_MSBLOB and FORMAT_PVK are relevant for load_key, while for load_pubkey it is only FORMAT_MSBLOB.
Or does OSSL_STORE support these as well?
There was a problem hiding this comment.
I've verified that the legacy format are not supported by OSSL_STORE,
so in #11755 I kept their support in apps/lib/apps.c.
| * May yield partial result even if rv == 0. | ||
| */ | ||
| int STORE_load_key_cert_crl(const char *uri, const char *pass, const char *desc, | ||
| EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl) |
There was a problem hiding this comment.
I don't see why you're making duplicates of the already existing load_ functions. They aren't precious in an absolute stability manner, libapps is an internal library.
There was a problem hiding this comment.
Good point, so I'll merge them, and tend to add/"export" just
load_key_cert_crl(const char *uri, const char *pass, const char *desc,
EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl)
for its flexibility loading multiple credentials from the same PEM or PKCS#12 file.
|
Errr.....why did openssl-machine close this and delete the branch???? |
|
Ah! @DDvO - did you accidentally create this branch in the main github openssl repo rather than in your private fork? It seems that's where it was and got deleted when openssl-machine mirrored the main repo. |
|
Argh, indeed I accidentally had pushed this PR to the wrong remote :-( This is the new (meanwhile extended) commit: siemens@8f636f1 |
Unfortunately, I think so. |
|
So I've resurrected this as #11755, which already includes further improvements. |
4 participants
This is a further spin-off of PR #11470 according to #11470 (comment) by @mattcaswell.
This also adds
STORE_load_key_cert_crl(), STORE_load_pkey(),
STORE_load_cert(), STORE_load_crl(),
get_passwd(), cleanse(), and clear_free()
to be used also in
apps/cmp.cetc.