Commit d328874645 for openssl.org
commit d3288746455890ac0b368f56e55ac20fcb0f2479
Author: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Thu Sep 25 15:38:53 2025 +0200
Document skey decoder
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/28278)
diff --git a/apps/enc.c b/apps/enc.c
index fa8adc8970..1c47cbd80c 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -731,19 +731,14 @@ int enc_main(int argc, char **argv)
goto end;
}
} else {
- char *storepass = NULL;
+ if (skeyuri != NULL) {
+ char *storepass = NULL;
- if (!app_passwd(storepassarg, NULL, &storepass, NULL)) {
- BIO_printf(bio_err,
- "Error getting store password from 'storepass' argument\n");
- }
- mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(),
- skeymgmt != NULL ? skeymgmt : EVP_CIPHER_name(cipher),
- app_get0_propq());
- if (mgmt == NULL)
- goto end;
+ if (!app_passwd(storepassarg, NULL, &storepass, NULL)) {
+ BIO_printf(bio_err,
+ "Error getting store password from 'storepass' argument\n");
+ }
- if (skeyuri != NULL) {
skey = load_skey(skeyuri, FORMAT_UNDEF, 0, storepass, 0);
OPENSSL_free(storepass);
if (skey == NULL) {
diff --git a/apps/include/apps.h b/apps/include/apps.h
index b4792a6f07..2113669f5d 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -156,7 +156,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls.
+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
EVP_SKEY **pskey);
EVP_SKEY *load_skey(const char *uri, int format, int maybe_stdin,
const char *pass, int quiet);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 2a36c4215a..77c70586ec 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -856,14 +856,14 @@ static const char *format2string(int format)
SET_EXPECT(val); \
}
/* Provide (error msg) text for some of the credential types to be loaded. */
-#define FAIL_NAME \
- (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" \
- : pparams != NULL ? "key parameters" \
- : pcert != NULL ? "certificate" \
- : pcerts != NULL ? "certificates" \
- : pcrl != NULL ? "CRL" \
- : pcrls != NULL ? "CRLs" \
- : pskey != NULL ? "symmetric key" : NULL \
+#define FAIL_NAME \
+ (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" \
+ : pparams != NULL ? "key parameters" \
+ : pcert != NULL ? "certificate" \
+ : pcerts != NULL ? "certificates" \
+ : pcrl != NULL ? "CRL" \
+ : pcrls != NULL ? "CRLs" \
+ : pskey != NULL ? "symmetric key" \
: NULL)
/*
* Load those types of credentials for which the result pointer is not NULL.
diff --git a/doc/man7/provider-decoder.pod b/doc/man7/provider-decoder.pod
index d19deec4af..a69319c233 100644
--- a/doc/man7/provider-decoder.pod
+++ b/doc/man7/provider-decoder.pod
@@ -143,6 +143,11 @@ An implementation with that input type decodes MSBLOB formatted data.
An implementation with that input type decodes PVK formatted data.
+=item raw
+
+An implementation with that input type decodes the provided data as raw bytes.
+This is currently used for symmetric keys.
+
=back
=item structure