Skip to content

Commit b01ffae

Browse files
olszomalolszomal
committed
Improve key/cert loading logic and standardize usage file argument names
1 parent 5ac11e9 commit b01ffae

File tree

1 file changed

+36
-36
lines changed

1 file changed

+36
-36
lines changed

osslsigncode.c

Lines changed: 36 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -3605,11 +3605,11 @@ static void usage(const char *argv0, const char *cmd)
36053605
printf("%1s[ --help ]\n\n", "");
36063606
}
36073607
if (on_list(cmd, cmds_sign)) {
3608-
printf("%1s[ sign ] -pkcs12 <pkcs12file> | ( [ -certs <certfile> | -spc <certfile> ]\n", "");
3608+
printf("%1s[ sign ] -pkcs12 <file> | ( [ -certs <file|URI> | -spc <file> ]\n", "");
36093609
#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L
3610-
printf("%12s( -key <keyfile> | ( -key <pkcs11 key URI> -pkcs11module <module> [ -pkcs11cert <pkcs11 cert URI> ] )\n", "");
3610+
printf("%12s( -key <file|URI> [ -pkcs11module <module> ] [ -pkcs11cert <pkcs11 cert URI> ] )\n", "");
36113611
#else /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
3612-
printf("%12s-key <keyfile> )\n", "");
3612+
printf("%12s-key <file|URI> )\n", "");
36133613
#endif /* !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER>=0x30000000L */
36143614
#if OPENSSL_VERSION_NUMBER>=0x30000000L
36153615
printf("%12s[ -provider <provider> | ", "");
@@ -3619,7 +3619,7 @@ static void usage(const char *argv0, const char *cmd)
36193619
#endif /* OPENSSL_NO_ENGINE */
36203620
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
36213621
#ifndef OPENSSL_NO_ENGINE
3622-
printf("%s( -engine <engine> [ -login ] [ -engineCtrl <command[:parameter]> ] ) ] ) )\n", "");
3622+
printf("%s( -engine <engine> [ -login ] [ -engineCtrl <command[:parameter]> ] ) ] )\n", "");
36233623
#endif /* OPENSSL_NO_ENGINE */
36243624
#if OPENSSL_VERSION_NUMBER>=0x30000000L
36253625
printf("%12s[ -nolegacy ]\n", "");
@@ -3630,73 +3630,73 @@ static void usage(const char *argv0, const char *cmd)
36303630
#endif /* PROVIDE_ASKPASS */
36313631
printf("%1s[ -readpass <file> ]\n", "");
36323632
printf("%12s(use \"-\" with readpass to read from stdin)\n", "");
3633-
printf("%12s[ -ac <crosscertfile> ]\n", "");
3633+
printf("%12s[ -ac <file> ]\n", "");
36343634
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36353635
printf("%12s[ -n <desc> ] [ -i <url> ] [ -jp <level> ] [ -comm ]\n", "");
36363636
printf("%12s[ -ph ]\n", "");
36373637
printf("%12s[ -t <timestampurl> [ -t ... ] [ -p <proxy> ] [ -noverifypeer ]\n", "");
36383638
printf("%12s[ -ts <timestampurl> [ -ts ... ] [ -p <proxy> ] [ -noverifypeer ] ]\n", "");
3639-
printf("%12s[ -TSA-certs <TSA-certfile> ] [ -TSA-key <TSA-keyfile> ]\n", "");
3639+
printf("%12s[ -TSA-certs <file> ] [ -TSA-key <file> ]\n", "");
36403640
printf("%12s[ -TSA-time <unix-time> ]\n", "");
3641-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3642-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3641+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3642+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
36433643
printf("%12s[ -time <unix-time> ]\n", "");
3644-
printf("%12s[ -addUnauthenticatedBlob [ -blobFile <blobfile> ] ]\n", "");
3644+
printf("%12s[ -addUnauthenticatedBlob [ -blobFile <file> ] ]\n", "");
36453645
printf("%12s[ -nest ]\n", "");
36463646
printf("%12s[ -verbose ]\n", "");
36473647
printf("%12s[ -add-msi-dse ]\n", "");
36483648
printf("%12s[ -pem ]\n", "");
3649-
printf("%12s[ -in ] <infile> [-out ] <outfile>\n\n", "");
3649+
printf("%12s[ -in ] <file> [-out ] <file>\n\n", "");
36503650
}
36513651
if (on_list(cmd, cmds_extract_data)) {
36523652
printf("%1sextract-data [ -pem ]\n", "");
36533653
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36543654
printf("%12s[ -ph ]\n", "");
36553655
printf("%12s[ -add-msi-dse ]\n", "");
3656-
printf("%12s[ -in ] <infile> [ -out ] <datafile>\n\n", "");
3656+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36573657
}
36583658
if (on_list(cmd, cmds_add)) {
3659-
printf("%1sadd [ -addUnauthenticatedBlob [ -blobFile <blobfile> ] ]\n", "");
3659+
printf("%1sadd [ -addUnauthenticatedBlob [ -blobFile <file> ] ]\n", "");
36603660
printf("%12s[ -t <timestampurl> [ -t ... ] [ -p <proxy> ] [ -noverifypeer ]\n", "");
36613661
printf("%12s[ -ts <timestampurl> [ -ts ... ] [ -p <proxy> ] [ -noverifypeer ] ]\n", "");
3662-
printf("%12s[ -TSA-certs <TSA-certfile> ] [ -TSA-key <TSA-keyfile> ]\n", "");
3662+
printf("%12s[ -TSA-certs <file> ] [ -TSA-key <file> ]\n", "");
36633663
printf("%12s[ -TSA-time <unix-time> ]\n", "");
3664-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3665-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3664+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3665+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
36663666
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36673667
printf("%12s[ -index <index> ]\n", "");
36683668
printf("%12s[ -verbose ]\n", "");
36693669
printf("%12s[ -add-msi-dse ]\n", "");
3670-
printf("%12s[ -in ] <infile> [ -out ] <outfile>\n\n", "");
3670+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36713671
}
36723672
if (on_list(cmd, cmds_attach)) {
3673-
printf("%1sattach-signature [ -sigin ] <sigfile>\n", "");
3674-
printf("%12s[ -CAfile <infile> ]\n", "");
3675-
printf("%12s[ -CRLfile <infile> ]\n", "");
3676-
printf("%12s[ -TSA-CAfile <infile> ]\n", "");
3677-
printf("%12s[ -TSA-CRLfile <infile> ]\n", "");
3673+
printf("%1sattach-signature [ -sigin ] <file>\n", "");
3674+
printf("%12s[ -CAfile <file> ]\n", "");
3675+
printf("%12s[ -CRLfile <file> ]\n", "");
3676+
printf("%12s[ -TSA-CAfile <file> ]\n", "");
3677+
printf("%12s[ -TSA-CRLfile <file> ]\n", "");
36783678
printf("%12s[ -time <unix-time> ]\n", "");
36793679
printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", "");
36803680
printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", "");
36813681
printf("%12s[ -nest ]\n", "");
36823682
printf("%12s[ -add-msi-dse ]\n", "");
3683-
printf("%12s[ -in ] <infile> [ -out ] <outfile>\n\n", "");
3683+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36843684
}
36853685
if (on_list(cmd, cmds_extract)) {
36863686
printf("%1sextract-signature [ -pem ]\n", "");
3687-
printf("%12s[ -in ] <infile> [ -out ] <sigfile>\n\n", "");
3687+
printf("%12s[ -in ] <file> [ -out ] <file>\n\n", "");
36883688
}
36893689
if (on_list(cmd, cmds_remove))
3690-
printf("%1sremove-signature [ -in ] <infile> [ -out ] <outfile>\n\n", "");
3690+
printf("%1sremove-signature [ -in ] <file> [ -out ] <file>\n\n", "");
36913691
if (on_list(cmd, cmds_verify)) {
3692-
printf("%1sverify [ -in ] <infile>\n", "");
3693-
printf("%12s[ -c | -catalog <infile> ]\n", "");
3694-
printf("%12s[ -CAfile <infile> ]\n", "");
3695-
printf("%12s[ -CRLfile <infile> ]\n", "");
3696-
printf("%12s[ -HTTPS-CAfile <infile> ]\n", "");
3697-
printf("%12s[ -HTTPS-CRLfile <infile> ]\n", "");
3698-
printf("%12s[ -TSA-CAfile <infile> ]\n", "");
3699-
printf("%12s[ -TSA-CRLfile <infile> ]\n", "");
3692+
printf("%1sverify [ -in ] <file>\n", "");
3693+
printf("%12s[ -c | -catalog <file> ]\n", "");
3694+
printf("%12s[ -CAfile <file> ]\n", "");
3695+
printf("%12s[ -CRLfile <file> ]\n", "");
3696+
printf("%12s[ -HTTPS-CAfile <file> ]\n", "");
3697+
printf("%12s[ -HTTPS-CRLfile <file> ]\n", "");
3698+
printf("%12s[ -TSA-CAfile <file> ]\n", "");
3699+
printf("%12s[ -TSA-CRLfile <file> ]\n", "");
37003700
printf("%12s[ -p <proxy> ]\n", "");
37013701
printf("%12s[ -index <index> ]\n", "");
37023702
printf("%12s[ -ignore-timestamp ]\n", "");
@@ -3857,7 +3857,7 @@ static void help_for(const char *argv0, const char *cmd)
38573857
if (on_list(cmd, cmds_CAfile))
38583858
printf("%-24s= the file containing one or more trusted certificates in PEM format\n", "-CAfile");
38593859
if (on_list(cmd, cmds_certs))
3860-
printf("%-24s= the signing certificate to use\n", "-certs, -spc");
3860+
printf("%-24s= certificate chain (signing cert + intermediates)\n", "-certs, -spc");
38613861
if (on_list(cmd, cmds_comm))
38623862
printf("%-24s= set commercial purpose (default: individual purpose)\n", "-comm");
38633863
if (on_list(cmd, cmds_CRLfile))
@@ -3882,7 +3882,7 @@ static void help_for(const char *argv0, const char *cmd)
38823882
printf("%-24s= disable legacy mode and don't automatically load the legacy provider\n", "-nolegacy");
38833883
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
38843884
if (on_list(cmd, cmds_key))
3885-
printf("%-24s= the private key to use or PKCS#11 URI identifies a key in the token\n", "-key");
3885+
printf("%-24s= private key (optionally with signing cert) from file or URI\n", "-key");
38863886
if (on_list(cmd, cmds_n))
38873887
printf("%-24s= specifies a description of the signed content\n", "-n");
38883888
if (on_list(cmd, cmds_nest))
@@ -4364,8 +4364,8 @@ static int read_crypto_params(GLOBAL_OPTIONS *options)
43644364
(void)provider_load(options->provider);
43654365
}
43664366
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
4367-
/* Load the private key ('-key' option) */
4368-
load_objects_from_store(options->keyfile, options->pass, &options->pkey, NULL, NULL);
4367+
/* Load the private key and the signing certificate ('-key' option) */
4368+
load_objects_from_store(options->keyfile, options->pass, &options->pkey, options->certs, NULL);
43694369
}
43704370
#if OPENSSL_VERSION_NUMBER<0x1010108f
43714371
/* Workaround for OpenSSL 1.1.1g and older, where the store API does not

0 commit comments

Comments
 (0)