Skip to content

Commit 1d72c3d

Browse files
olszomalmtrojnar
olszomal
authored and
mtrojnar
committed
Improve key/cert loading logic and standardize usage file argument names
1 parent d792e8d commit 1d72c3d

File tree

1 file changed

+36
-36
lines changed

1 file changed

+36
-36
lines changed

osslsigncode.c

Lines changed: 36 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -3606,11 +3606,11 @@ static void usage(const char *argv0, const char *cmd)
36063606
printf("%1s[ --help ]\n\n", "");
36073607
}
36083608
if (on_list(cmd, cmds_sign)) {
3609-
printf("%1s[ sign ] -pkcs12 <pkcs12file> | ( [ -certs <certfile> | -spc <certfile> ]\n", "");
3609+
printf("%1s[ sign ] -pkcs12 <file> | ( [ -certs <file|URI> | -spc <file> ]\n", "");
36103610
#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L
3611-
printf("%12s( -key <keyfile> | ( -key <pkcs11 key URI> -pkcs11module <module> [ -pkcs11cert <pkcs11 cert URI> ] )\n", "");
3611+
printf("%12s( -key <file|URI> [ -pkcs11module <module> ] [ -pkcs11cert <pkcs11 cert URI> ] )\n", "");
36123612
#else /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
3613-
printf("%12s-key <keyfile> )\n", "");
3613+
printf("%12s-key <file|URI> )\n", "");
36143614
#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
36153615
#if OPENSSL_VERSION_NUMBER>=0x30000000L
36163616
printf("%12s[ -provider <provider> | ", "");
@@ -3620,7 +3620,7 @@ static void usage(const char *argv0, const char *cmd)
36203620
#endif /* OPENSSL_NO_ENGINE */
36213621
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
36223622
#ifndef OPENSSL_NO_ENGINE
3623-
printf("%s( -engine <engine> [ -login ] [ -engineCtrl <command[:parameter]> ] ) ] ) )\n", "");
3623+
printf("%s( -engine <engine> [ -login ] [ -engineCtrl <command[:parameter]> ] ) ] )\n", "");
36243624
#endif /* OPENSSL_NO_ENGINE */
36253625
#if OPENSSL_VERSION_NUMBER>=0x30000000L
36263626
printf("%12s[ -nolegacy ]\n", "");
@@ -3631,73 +3631,73 @@ static void usage(const char *argv0, const char *cmd)
36313631
#endif /* PROVIDE_ASKPASS */
36323632
printf("%1s[ -readpass <file> ]\n", "");
36333633
printf("%12s(use \"-\" with readpass to read from stdin)\n", "");
3634-
printf("%12s[ -ac <crosscertfile> ]\n", "");
3634+
printf("%12s[ -ac <file> ]\n", "");
36353635
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36363636
printf("%12s[ -n <desc> ] [ -i <url> ] [ -jp <level> ] [ -comm ]\n", "");
36373637
printf("%12s[ -ph ]\n", "");
36383638
printf("%12s[ -t <timestampurl> [ -t ... ] [ -p <proxy> ] [ -noverifypeer ]\n", "");
36393639
printf("%12s[ -ts <timestampurl> [ -ts ... ] [ -p <proxy> ] [ -noverifypeer ] ]\n", "");
3640-
printf("%12s[ -TSA-certs <TSA-certfile> ] [ -TSA-key <TSA-keyfile> ]\n", "");
3640+
printf("%12s[ -TSA-certs <file> ] [ -TSA-key <file> ]\n", "");
36413641
printf("%12s[ -TSA-time <unix-time> ]\n", "");
3642-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3643-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3642+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3643+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
36443644
printf("%12s[ -time <unix-time> ]\n", "");
3645-
printf("%12s[ -addUnauthenticatedBlob [ -blobFile <blobfile> ] ]\n", "");
3645+
printf("%12s[ -addUnauthenticatedBlob [ -blobFile <file> ] ]\n", "");
36463646
printf("%12s[ -nest ]\n", "");
36473647
printf("%12s[ -verbose ]\n", "");
36483648
printf("%12s[ -add-msi-dse ]\n", "");
36493649
printf("%12s[ -pem ]\n", "");
3650-
printf("%12s[ -in ] <infile> [-out ] <outfile>\n\n", "");
3650+
printf("%12s[ -in ] <file> [-out ] <file>\n\n", "");
36513651
}
36523652
if (on_list(cmd, cmds_extract_data)) {
36533653
printf("%1sextract-data [ -pem ]\n", "");
36543654
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36553655
printf("%12s[ -ph ]\n", "");
36563656
printf("%12s[ -add-msi-dse ]\n", "");
3657-
printf("%12s[ -in ] <infile> [ -out ] <datafile>\n\n", "");
3657+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36583658
}
36593659
if (on_list(cmd, cmds_add)) {
3660-
printf("%1sadd [ -addUnauthenticatedBlob [ -blobFile <blobfile> ] ]\n", "");
3660+
printf("%1sadd [ -addUnauthenticatedBlob [ -blobFile <file> ] ]\n", "");
36613661
printf("%12s[ -t <timestampurl> [ -t ... ] [ -p <proxy> ] [ -noverifypeer ]\n", "");
36623662
printf("%12s[ -ts <timestampurl> [ -ts ... ] [ -p <proxy> ] [ -noverifypeer ] ]\n", "");
3663-
printf("%12s[ -TSA-certs <TSA-certfile> ] [ -TSA-key <TSA-keyfile> ]\n", "");
3663+
printf("%12s[ -TSA-certs <file> ] [ -TSA-key <file> ]\n", "");
36643664
printf("%12s[ -TSA-time <unix-time> ]\n", "");
3665-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3666-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3665+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3666+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
36673667
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36683668
printf("%12s[ -index <index> ]\n", "");
36693669
printf("%12s[ -verbose ]\n", "");
36703670
printf("%12s[ -add-msi-dse ]\n", "");
3671-
printf("%12s[ -in ] <infile> [ -out ] <outfile>\n\n", "");
3671+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36723672
}
36733673
if (on_list(cmd, cmds_attach)) {
3674-
printf("%1sattach-signature [ -sigin ] <sigfile>\n", "");
3675-
printf("%12s[ -CAfile <infile> ]\n", "");
3676-
printf("%12s[ -CRLfile <infile> ]\n", "");
3677-
printf("%12s[ -TSA-CAfile <infile> ]\n", "");
3678-
printf("%12s[ -TSA-CRLfile <infile> ]\n", "");
3674+
printf("%1sattach-signature [ -sigin ] <file>\n", "");
3675+
printf("%12s[ -CAfile <file> ]\n", "");
3676+
printf("%12s[ -CRLfile <file> ]\n", "");
3677+
printf("%12s[ -TSA-CAfile <file> ]\n", "");
3678+
printf("%12s[ -TSA-CRLfile <file> ]\n", "");
36793679
printf("%12s[ -time <unix-time> ]\n", "");
36803680
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36813681
printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", "");
36823682
printf("%12s[ -nest ]\n", "");
36833683
printf("%12s[ -add-msi-dse ]\n", "");
3684-
printf("%12s[ -in ] <infile> [ -out ] <outfile>\n\n", "");
3684+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36853685
}
36863686
if (on_list(cmd, cmds_extract)) {
36873687
printf("%1sextract-signature [ -pem ]\n", "");
3688-
printf("%12s[ -in ] <infile> [ -out ] <sigfile>\n\n", "");
3688+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36893689
}
36903690
if (on_list(cmd, cmds_remove))
3691-
printf("%1sremove-signature [ -in ] <infile> [ -out ] <outfile>\n\n", "");
3691+
printf("%1sremove-signature [ -in ] <file> [ -out ] <file>\n\n", "");
36923692
if (on_list(cmd, cmds_verify)) {
3693-
printf("%1sverify [ -in ] <infile>\n", "");
3694-
printf("%12s[ -c | -catalog <infile> ]\n", "");
3695-
printf("%12s[ -CAfile <infile> ]\n", "");
3696-
printf("%12s[ -CRLfile <infile> ]\n", "");
3697-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3698-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3699-
printf("%12s[ -TSA-CAfile <infile> ]\n", "");
3700-
printf("%12s[ -TSA-CRLfile <infile> ]\n", "");
3693+
printf("%1sverify [ -in ] <file>\n", "");
3694+
printf("%12s[ -c | -catalog <file> ]\n", "");
3695+
printf("%12s[ -CAfile <file> ]\n", "");
3696+
printf("%12s[ -CRLfile <file> ]\n", "");
3697+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3698+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
3699+
printf("%12s[ -TSA-CAfile <file> ]\n", "");
3700+
printf("%12s[ -TSA-CRLfile <file> ]\n", "");
37013701
printf("%12s[ -p <proxy> ]\n", "");
37023702
printf("%12s[ -index <index> ]\n", "");
37033703
printf("%12s[ -ignore-timestamp ]\n", "");
@@ -3858,7 +3858,7 @@ static void help_for(const char *argv0, const char *cmd)
38583858
if (on_list(cmd, cmds_CAfile))
38593859
printf("%-24s= the file containing one or more trusted certificates in PEM format\n", "-CAfile");
38603860
if (on_list(cmd, cmds_certs))
3861-
printf("%-24s= the signing certificate to use\n", "-certs, -spc");
3861+
printf("%-24s= certificate chain (signing cert + intermediates)\n", "-certs, -spc");
38623862
if (on_list(cmd, cmds_comm))
38633863
printf("%-24s= set commercial purpose (default: individual purpose)\n", "-comm");
38643864
if (on_list(cmd, cmds_CRLfile))
@@ -3883,7 +3883,7 @@ static void help_for(const char *argv0, const char *cmd)
38833883
printf("%-24s= disable legacy mode and don't automatically load the legacy provider\n", "-nolegacy");
38843884
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
38853885
if (on_list(cmd, cmds_key))
3886-
printf("%-24s= the private key to use or PKCS#11 URI identifies a key in the token\n", "-key");
3886+
printf("%-24s= private key (optionally with signing cert) from file or URI\n", "-key");
38873887
if (on_list(cmd, cmds_n))
38883888
printf("%-24s= specifies a description of the signed content\n", "-n");
38893889
if (on_list(cmd, cmds_nest))
@@ -4365,8 +4365,8 @@ static int read_crypto_params(GLOBAL_OPTIONS *options)
43654365
(void)provider_load(options->provider);
43664366
}
43674367
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
4368-
/* Load the private key ('-key' option) */
4369-
load_objects_from_store(options->keyfile, options->pass, &options->pkey, NULL, NULL);
4368+
/* Load the private key and the signing certificate ('-key' option) */
4369+
load_objects_from_store(options->keyfile, options->pass, &options->pkey, options->certs, NULL);
43704370
}
43714371
#if OPENSSL_VERSION_NUMBER<0x1010108f
43724372
/* Workaround for OpenSSL 1.1.1g and older, where the store API does not

0 commit comments

Comments
 (0)