Make better use of load_cert, load_certs and load_key.

apps/pkcs8.c

@@ -217,21 +217,13 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 	}
-	if (topk8) {
-		if(informat == FORMAT_PEM)
-			pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
-		else if(informat == FORMAT_ASN1)
-			pkey = d2i_PrivateKey_bio(in, NULL);
-		else {
-			BIO_printf(bio_err, "Bad format specified for key\n");
-			return (1);
-		}
+	if (topk8)
+		{
+		BIO_free(in); /* Not needed in this section */
+		pkey = load_key(bio_err, infile, informat, passin, e, "key");
 		if (!pkey) {
-			BIO_printf(bio_err, "Error reading key\n", outfile);
-			ERR_print_errors(bio_err);
 			return (1);
 		}
-		BIO_free(in);
 		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			BIO_printf(bio_err, "Error converting key\n", outfile);
 			ERR_print_errors(bio_err);

apps/spkac.c

@@ -84,7 +84,7 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
-	BIO *in = NULL,*out = NULL, *key = NULL;
+	BIO *in = NULL,*out = NULL;
 	int verify=0,noout=0,pubkey=0;
 	char *infile = NULL,*outfile = NULL,*prog;
 	char *passargin = NULL, *passin = NULL;
@@ -182,17 +182,10 @@ bad:
         e = setup_engine(bio_err, engine, 0);
 
 	if(keyfile) {
-		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
-		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
-		if(!key) {
-			BIO_printf(bio_err, "Error opening key file\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
+		pkey = load_key(bio_err,
+				strcmp(keyfile, "-") ? keyfile : NULL,
+				FORMAT_PEM, passin, e, "private key");
 		if(!pkey) {
-			BIO_printf(bio_err, "Error reading private key\n");
-			ERR_print_errors(bio_err);
 			goto end;
 		}
 		spki = NETSCAPE_SPKI_new();
@@ -296,8 +289,8 @@ end:
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
 	BIO_free_all(out);
-	BIO_free(key);
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);
+	apps_shutdown();
 	EXIT(ret);
 	}

apps/verify.c

@@ -71,7 +71,7 @@
 #define PROG	verify_main
 
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
 static STACK_OF(X509) *load_untrusted(char *file);
 static int v_verbose=0, vflags = 0;
 
@@ -208,10 +208,10 @@ int MAIN(int argc, char **argv)
 		}
 	}
 
-	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
+	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
 	else
 		for (i=0; i<argc; i++)
-			check(cert_ctx,argv[i], untrusted, trusted, purpose);
+			check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
 	ret=0;
 end:
 	if (ret == 1) {
@@ -227,42 +227,19 @@ end:
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
+	apps_shutdown();
 	EXIT(ret);
 	}
 
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
 	{
 	X509 *x=NULL;
-	BIO *in=NULL;
 	int i=0,ret=0;
 	X509_STORE_CTX *csc;
 
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+	x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
 	if (x == NULL)
-		{
-		fprintf(stdout,"%s: unable to load certificate file\n",
-			(file == NULL)?"stdin":file);
-		ERR_print_errors(bio_err);
 		goto end;
-		}
 	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
 
 	csc = X509_STORE_CTX_new();
@@ -288,7 +265,6 @@ end:
 	else
 		ERR_print_errors(bio_err);
 	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
 
 	return(ret);
 	}