Extend all the loading functions to take an engine pointer, a pass
authorRichard Levitte <levitte@openssl.org>
Wed, 30 May 2001 15:29:28 +0000 (15:29 +0000)
committerRichard Levitte <levitte@openssl.org>
Wed, 30 May 2001 15:29:28 +0000 (15:29 +0000)
string (some engines may have certificates protected by a PIN!) and
a description to put into error messages.

Also, have our own password callback that we can send both a password
and some prompt info to.  The default password callback in EVP assumes
that the passed parameter is a password, which isn't always the right
thing, and the ENGINE code (at least the nCipher one) makes other
assumptions...

Also, in spite of having the functions to load keys, some utilities
did the loading all by themselves...  That's changed too.

apps/apps.c
apps/apps.h
apps/ca.c
apps/dgst.c
apps/ocsp.c
apps/req.c
apps/rsautl.c
apps/smime.c
apps/x509.c

index 4aeabdfa38189f5e5c62cb2858269a851a9ca2cf..659a3ad7fd03a2b1514ca44fde3f2fb00598c9a7 100644 (file)
@@ -369,6 +369,57 @@ int dump_cert_text (BIO *out, X509 *x)
         return 0;
 }
 
+int password_callback(char *buf, int bufsiz, int verify,
+       PW_CB_DATA *cb_data)
+       {
+       int i,j;
+       char prompt[80];
+       const char *prompt_info = NULL;
+       const char *password = NULL;
+
+       if (cb_data)
+               {
+               if (cb_data->password)
+                       password = cb_data->password;
+               if (cb_data->prompt_info)
+                       prompt_info = cb_data->prompt_info;
+               }
+
+       if(password) {
+               i=strlen(password);
+               i=(i > bufsiz)?bufsiz:i;
+               memcpy(buf,password,i);
+               return(i);
+       }
+
+       if (EVP_get_pw_prompt())
+               BIO_snprintf(prompt, sizeof(prompt)-1, EVP_get_pw_prompt(),
+                       prompt_info ? prompt_info : "");
+       else
+               BIO_snprintf(prompt, sizeof(prompt)-1,
+                       "Enter pass phrase for %s:",
+                       prompt_info ? prompt_info : "");
+
+       for (;;)
+               {
+               i=EVP_read_pw_string(buf,bufsiz,prompt,verify);
+               if (i != 0)
+                       {
+                       BIO_printf(bio_err,"aborted!\n");
+                       memset(buf,0,(unsigned int)bufsiz);
+                       return(-1);
+                       }
+               j=strlen(buf);
+               if (j < PW_MIN_LENGTH)
+                       {
+                       BIO_printf(bio_err,"phrase is too short, needs to be at least %d chars\n",PW_MIN_LENGTH);
+                       }
+               else
+                       break;
+               }
+       return(j);
+       }
+
 static char *app_get_pass(BIO *err, char *arg, int keepbio);
 
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
@@ -470,7 +521,8 @@ int add_oid_section(BIO *err, LHASH *conf)
        return 1;
 }
 
-X509 *load_cert(BIO *err, char *file, int format)
+X509 *load_cert(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *cert_descrip)
        {
        ASN1_HEADER *ah=NULL;
        BUF_MEM *buf=NULL;
@@ -492,7 +544,9 @@ X509 *load_cert(BIO *err, char *file, int format)
                {
                if (BIO_read_filename(cert,file) <= 0)
                        {
-                       perror(file);
+                       BIO_printf(err, "Error opening %s %s\n",
+                               cert_descrip, file);
+                       ERR_print_errors(err);
                        goto end;
                        }
                }
@@ -543,7 +597,8 @@ X509 *load_cert(BIO *err, char *file, int format)
                ah->data=NULL;
                }
        else if (format == FORMAT_PEM)
-               x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+               x=PEM_read_bio_X509_AUX(cert,NULL,
+                       (pem_password_cb *)password_callback, NULL);
        else if (format == FORMAT_PKCS12)
                {
                PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
@@ -553,7 +608,8 @@ X509 *load_cert(BIO *err, char *file, int format)
                p12 = NULL;
                }
        else    {
-               BIO_printf(err,"bad input format specified for input cert\n");
+               BIO_printf(err,"bad input format specified for %s\n",
+                       cert_descrip);
                goto end;
                }
 end:
@@ -568,10 +624,15 @@ end:
        return(x);
        }
 
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
+EVP_PKEY *load_key(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *key_descrip)
        {
        BIO *key=NULL;
        EVP_PKEY *pkey=NULL;
+       PW_CB_DATA cb_data;
+
+       cb_data.password = pass;
+       cb_data.prompt_info = file;
 
        if (file == NULL)
                {
@@ -583,7 +644,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
                if (!e)
                        BIO_printf(bio_err,"no engine specified\n");
                else
-                       pkey = ENGINE_load_private_key(e, file, pass);
+                       pkey = ENGINE_load_private_key(e, file,
+                               (pem_password_cb *)password_callback, &cb_data);
                goto end;
                }
        key=BIO_new(BIO_s_file());
@@ -594,7 +656,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
                }
        if (BIO_read_filename(key,file) <= 0)
                {
-               perror(file);
+               BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+               ERR_print_errors(err);
                goto end;
                }
        if (format == FORMAT_ASN1)
@@ -603,7 +666,8 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
                }
        else if (format == FORMAT_PEM)
                {
-               pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+               pkey=PEM_read_bio_PrivateKey(key,NULL,
+                       (pem_password_cb *)password_callback, &cb_data);
                }
        else if (format == FORMAT_PKCS12)
                {
@@ -615,20 +679,25 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
                }
        else
                {
-               BIO_printf(err,"bad input format specified for key\n");
+               BIO_printf(err,"bad input format specified for key file\n");
                goto end;
                }
  end:
        if (key != NULL) BIO_free(key);
        if (pkey == NULL)
-               BIO_printf(err,"unable to load Private Key\n");
+               BIO_printf(err,"unable to load %s\n", key_descrip);
        return(pkey);
        }
 
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *key_descrip)
        {
        BIO *key=NULL;
        EVP_PKEY *pkey=NULL;
+       PW_CB_DATA cb_data;
+
+       cb_data.password = pass;
+       cb_data.prompt_info = file;
 
        if (file == NULL)
                {
@@ -640,7 +709,8 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
                if (!e)
                        BIO_printf(bio_err,"no engine specified\n");
                else
-                       pkey = ENGINE_load_public_key(e, file, NULL);
+                       pkey = ENGINE_load_public_key(e, file,
+                               (pem_password_cb *)password_callback, &cb_data);
                goto end;
                }
        key=BIO_new(BIO_s_file());
@@ -651,7 +721,8 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
                }
        if (BIO_read_filename(key,file) <= 0)
                {
-               perror(file);
+               BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+               ERR_print_errors(err);
                goto end;
                }
        if (format == FORMAT_ASN1)
@@ -660,27 +731,33 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
                }
        else if (format == FORMAT_PEM)
                {
-               pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
+               pkey=PEM_read_bio_PUBKEY(key,NULL,
+                       (pem_password_cb *)password_callback, &cb_data);
                }
        else
                {
-               BIO_printf(err,"bad input format specified for key\n");
+               BIO_printf(err,"bad input format specified for key file\n");
                goto end;
                }
  end:
        if (key != NULL) BIO_free(key);
        if (pkey == NULL)
-               BIO_printf(err,"unable to load Public Key\n");
+               BIO_printf(err,"unable to load %s\n", key_descrip);
        return(pkey);
        }
 
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *cert_descrip)
        {
        BIO *certs;
        int i;
        STACK_OF(X509) *othercerts = NULL;
        STACK_OF(X509_INFO) *allcerts = NULL;
        X509_INFO *xi;
+       PW_CB_DATA cb_data;
+
+       cb_data.password = pass;
+       cb_data.prompt_info = file;
 
        if((certs = BIO_new(BIO_s_file())) == NULL)
                {
@@ -694,7 +771,9 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
                {
                if (BIO_read_filename(certs,file) <= 0)
                        {
-                       perror(file);
+                       BIO_printf(err, "Error opening %s %s\n",
+                               cert_descrip, file);
+                       ERR_print_errors(err);
                        goto end;
                        }
                }
@@ -708,7 +787,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
                        othercerts = NULL;
                        goto end;
                        }
-               allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+               allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+                               (pem_password_cb *)password_callback, &cb_data);
                for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
                        {
                        xi = sk_X509_INFO_value (allcerts, i);
@@ -721,7 +801,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
                goto end;
                }
        else    {
-               BIO_printf(err,"bad input format specified for input cert\n");
+               BIO_printf(err,"bad input format specified for %s\n",
+                       cert_descrip);
                goto end;
                }
 end:
index 96dafd972d0f524540ca5dcccfdf686e8887cec0..a2b72f087838bb028185bc604ac03ba80079c6d2 100644 (file)
@@ -142,6 +142,16 @@ typedef struct args_st
        int count;
        } ARGS;
 
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+       {
+       const void *password;
+       const char *prompt_info;
+       } PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+       PW_CB_DATA *cb_data);
+
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
@@ -157,10 +167,14 @@ int set_ext_copy(int *copy_type, const char *arg);
 int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
-X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
+X509 *load_cert(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+       const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 
 #define FORMAT_UNDEF    0
index a4bc7bd6fe448845c047d3f6f7492a5dc33a22b0..921e1f184068a6113452256df762d8ff9101673d 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -702,34 +702,12 @@ bad:
                BIO_printf(bio_err,"Error getting password\n");
                goto err;
                }
-       if (keyform == FORMAT_ENGINE)
-               {
-               if (!e)
-                       {
-                       BIO_printf(bio_err,"no engine specified\n");
-                       goto err;
-                       }
-               pkey = ENGINE_load_private_key(e, keyfile, key);
-               }
-       else if (keyform == FORMAT_PEM)
-               {
-               if (BIO_read_filename(in,keyfile) <= 0)
-                       {
-                       perror(keyfile);
-                       BIO_printf(bio_err,"trying to load CA private key\n");
-                       goto err;
-                       }
-               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-               }
-       else
-               {
-               BIO_printf(bio_err,"bad input format specified for key file\n");
-               goto err;
-               }
+       pkey = load_key(bio_err, keyfile, keyform, key, e, 
+               "CA private key");
        if (key) memset(key,0,strlen(key));
        if (pkey == NULL)
                {
-               BIO_printf(bio_err,"unable to load CA private key\n");
+               /* load_key() has already printed an appropriate message */
                goto err;
                }
 
index a6b2e309c42d4772fb70816044aeb2f7d3ef7f0e..a010ba071960814cab4251fcee84f01d09b220ea 100644 (file)
@@ -289,52 +289,19 @@ int MAIN(int argc, char **argv)
 
        if(keyfile)
                {
-               if (keyform == FORMAT_PEM)
-                       {
-                       BIO *keybio;
-                       keybio = BIO_new_file(keyfile, "r");
-                       if(!keybio)
-                               {
-                               BIO_printf(bio_err,
-                                       "Error opening key file %s\n",
-                                       keyfile);
-                               ERR_print_errors(bio_err);
-                               goto end;
-                               }
-                       if(want_pub) 
-                               sigkey = PEM_read_bio_PUBKEY(keybio,
-                                       NULL, NULL, NULL);
-                       else
-                               sigkey = PEM_read_bio_PrivateKey(keybio,
-                                       NULL, NULL, NULL);
-                       BIO_free(keybio);
-                       }
-               else if (keyform == FORMAT_ENGINE)
-                       {
-                       if (!e)
-                               {
-                               BIO_printf(bio_err,"no engine specified\n");
-                               goto end;
-                               }
-                       if (want_pub)
-                               sigkey = ENGINE_load_public_key(e, keyfile, NULL);
-                       else
-                               sigkey = ENGINE_load_private_key(e, keyfile, NULL);
-                       }
+               if (want_pub)
+                       sigkey = load_pubkey(bio_err, keyfile, keyform, NULL,
+                               e, "key file");
                else
+                       sigkey = load_key(bio_err, keyfile, keyform, NULL,
+                               e, "key file");
+               if (!sigkey)
                        {
-                       BIO_printf(bio_err,
-                               "bad input format specified for key file\n");
+                       /* load_[pub]key() has already printed an appropriate
+                          message */
                        goto end;
                        }
-               
-               if(!sigkey) {
-                       BIO_printf(bio_err, "Error reading key file %s\n",
-                                                               keyfile);
-                       ERR_print_errors(bio_err);
-                       goto end;
                }
-       }
 
        if(sigfile && sigkey) {
                BIO *sigbio;
index ba456fc58faffebbf22b7850b29aa346ed2ff2c4..16207a62837cbe1edf2f9822c80a37dda25828e8 100644 (file)
@@ -82,6 +82,7 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
+       ENGINE *e = NULL;
        char **args;
        char *host = NULL, *port = NULL, *path = "/";
        char *reqin = NULL, *respin = NULL;
@@ -326,7 +327,8 @@ int MAIN(int argc, char **argv)
                                {
                                args++;
                                X509_free(issuer);
-                               issuer = load_cert(bio_err, *args, FORMAT_PEM);
+                               issuer = load_cert(bio_err, *args, FORMAT_PEM,
+                                       NULL, e, "issuer certificate");
                                if(!issuer) goto end;
                                }
                        else badarg = 1;
@@ -337,7 +339,8 @@ int MAIN(int argc, char **argv)
                                {
                                args++;
                                X509_free(cert);
-                               cert = load_cert(bio_err, *args, FORMAT_PEM);
+                               cert = load_cert(bio_err, *args, FORMAT_PEM,
+                                       NULL, e, "certificate");
                                if(!cert) goto end;
                                if(!add_ocsp_cert(&req, cert, issuer, ids))
                                        goto end;
@@ -445,7 +448,8 @@ int MAIN(int argc, char **argv)
        if (signfile)
                {
                if (!keyfile) keyfile = signfile;
-               signer = load_cert(bio_err, signfile, FORMAT_PEM);
+               signer = load_cert(bio_err, signfile, FORMAT_PEM,
+                       NULL, e, "signer certificate");
                if (!signer)
                        {
                        BIO_printf(bio_err, "Error loading signer certificate\n");
@@ -453,13 +457,17 @@ int MAIN(int argc, char **argv)
                        }
                if (sign_certfile)
                        {
-                       sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM);
+                       sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+                               NULL, e, "signer certificates");
                        if (!sign_other) goto end;
                        }
-               key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL);
+               key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL,
+                       "signer private key");
                if (!key)
                        {
+#if 0                  /* An appropriate message has already been printed */
                        BIO_printf(bio_err, "Error loading signer private key\n");
+#endif
                        goto end;
                        }
                if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
@@ -565,7 +573,8 @@ int MAIN(int argc, char **argv)
        if(!store) goto end;
        if (verify_certfile)
                {
-               verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM);
+               verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+                       NULL, e, "validator certificate");
                if (!verify_other) goto end;
                }
 
index f422d3e0b7684c452db3f31813a4f5cab86a8cbc..429eb9d4a0e781768bb91579d73ca2d7a3ba7bd3 100644 (file)
@@ -606,40 +606,12 @@ bad:
 
        if (keyfile != NULL)
                {
-               if (keyform == FORMAT_ENGINE)
+               pkey = load_key(bio_err, keyfile, keyform, NULL, e,
+                       "Private Key");
+               if (!pkey)
                        {
-                       if (!e)
-                               {
-                               BIO_printf(bio_err,"no engine specified\n");
-                               goto end;
-                               }
-                       pkey = ENGINE_load_private_key(e, keyfile, NULL);
-                       }
-               else
-                       {
-                       if (BIO_read_filename(in,keyfile) <= 0)
-                               {
-                               perror(keyfile);
-                               goto end;
-                               }
-
-                       if (keyform == FORMAT_ASN1)
-                               pkey=d2i_PrivateKey_bio(in,NULL);
-                       else if (keyform == FORMAT_PEM)
-                               {
-                               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
-                                       passin);
-                               }
-                       else
-                               {
-                               BIO_printf(bio_err,"bad input format specified for X509 request\n");
-                               goto end;
-                               }
-                       }
-
-               if (pkey == NULL)
-                       {
-                       BIO_printf(bio_err,"unable to load Private key\n");
+                       /* load_key() has already printed an appropriate
+                          message */
                        goto end;
                        }
                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
index 662c11a70bdc1ad59524ad66932de6215f7888c6..86aa95d38a6b26456bf0e888a6c4a550d57abc6d 100644 (file)
@@ -180,15 +180,18 @@ int MAIN(int argc, char **argv)
        
        switch(key_type) {
                case KEY_PRIVKEY:
-               pkey = load_key(bio_err, keyfile, keyform, NULL, e);
+               pkey = load_key(bio_err, keyfile, keyform,
+                       NULL, e, "Private Key");
                break;
 
                case KEY_PUBKEY:
-               pkey = load_pubkey(bio_err, keyfile, keyform, e);
+               pkey = load_pubkey(bio_err, keyfile, keyform,
+                       NULL, e, "Public Key");
                break;
 
                case KEY_CERT:
-               x = load_cert(bio_err, keyfile, keyform);
+               x = load_cert(bio_err, keyfile, keyform,
+                       NULL, e, "Certificate");
                if(x) {
                        pkey = X509_get_pubkey(x);
                        X509_free(x);
@@ -197,7 +200,6 @@ int MAIN(int argc, char **argv)
        }
 
        if(!pkey) {
-               BIO_printf(bio_err, "Error loading key\n");
                return 1;
        }
 
index ede9531c55766893c71081302eb5354876740889..869933459b53a886b90e6fd1e18a92e5c4239678 100644 (file)
@@ -372,8 +372,11 @@ int MAIN(int argc, char **argv)
                }
                encerts = sk_X509_new_null();
                while (*args) {
-                       if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
+                       if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+                               NULL, e, "recipient certificate file"))) {
+#if 0                          /* An appropriate message is already printed */
                                BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
                                goto end;
                        }
                        sk_X509_push(encerts, cert);
@@ -383,23 +386,32 @@ int MAIN(int argc, char **argv)
        }
 
        if(signerfile && (operation == SMIME_SIGN)) {
-               if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
+               if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+                       e, "signer certificate"))) {
+#if 0                  /* An appropri message has already been printed */
                        BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
                        goto end;
                }
        }
 
        if(certfile) {
-               if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
+               if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+                       e, "certificate file"))) {
+#if 0                  /* An appropriate message has already been printed */
                        BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
                        ERR_print_errors(bio_err);
                        goto end;
                }
        }
 
        if(recipfile && (operation == SMIME_DECRYPT)) {
-               if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
+               if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+                       e, "recipient certificate file"))) {
+#if 0                  /* An appropriate message has alrady been printed */
                        BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
                        ERR_print_errors(bio_err);
                        goto end;
                }
@@ -412,18 +424,10 @@ int MAIN(int argc, char **argv)
        } else keyfile = NULL;
 
        if(keyfile) {
-                if (keyform == FORMAT_ENGINE) {
-                       if (!e) {
-                               BIO_printf(bio_err,"no engine specified\n");
-                               goto end;
-                       }
-                        key = ENGINE_load_private_key(e, keyfile, passin);
-                } else {
-                        if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
-                                BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
-                               ERR_print_errors(bio_err);
-                               goto end;
-                        }
+               key = load_key(bio_err, keyfile, keyform, passin, e,
+                              "signing key file");
+               if (!key) {
+                       goto end;
                 }
        }
 
index 391bb3eef9504521a8a567ed4a2323bf9d797861..5be90740c66e6a1fb01f621d5d98bc54a6d17a78 100644 (file)
@@ -619,12 +619,12 @@ bad:
                EVP_PKEY_free(pkey);
                }
        else
-               x=load_cert(bio_err,infile,informat);
+               x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
 
        if (x == NULL) goto end;
        if (CA_flag)
                {
-               xca=load_cert(bio_err,CAfile,CAformat);
+               xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
                if (xca == NULL) goto end;
                }
 
@@ -874,7 +874,8 @@ bad:
                                if (Upkey == NULL)
                                        {
                                        Upkey=load_key(bio_err,
-                                               keyfile,keyformat, passin, e);
+                                               keyfile,keyformat, passin, e,
+                                               "Private key");
                                        if (Upkey == NULL) goto end;
                                        }
 #ifndef OPENSSL_NO_DSA
@@ -893,7 +894,7 @@ bad:
                                        {
                                        CApkey=load_key(bio_err,
                                                CAkeyfile,CAkeyformat, passin,
-                                               e);
+                                               e, "CA Private Key");
                                        if (CApkey == NULL) goto end;
                                        }
 #ifndef OPENSSL_NO_DSA
@@ -920,7 +921,8 @@ bad:
                                else
                                        {
                                        pk=load_key(bio_err,
-                                               keyfile,FORMAT_PEM, passin, e);
+                                               keyfile,FORMAT_PEM, passin, e,
+                                               "request key");
                                        if (pk == NULL) goto end;
                                        }