Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
a19d3ac
README.md: update list of tested (build) tool versions
DDvO Jun 24, 2026
84760bb
ocsp.c:get_ocsp_resp(): fix error handling on missing/wrong nonce or …
DDvO Jun 24, 2026
de4ddd5
ocsp.c:get_ocsp_resp(): disable use of nonces unless defined SECUTILS…
DDvO Jun 24, 2026
60d84a8
files_dv.c: add missing buffer size info and bounds check to get_cano…
DDvO Jun 25, 2026
b152158
crypto.{c,h}: make author info more correct
DDvO Jun 24, 2026
c900c0d
AESGCM_encrypt(): add missing checks for output buffer size and integ…
DDvO Jun 24, 2026
204cb3e
AESGCM_decrypt(): add missing checks for output buffer size and integ…
DDvO Jun 25, 2026
7be5b01
TLS_connect(): fix double free of connection BIO
DDvO Jun 25, 2026
430d9f1
credentials.h: fix doc of CREDENTIALS_get() and CREDENTIALS_store(): …
DDvO Jun 25, 2026
7806147
credentials.h: improve description of which kind of protection can be…
DDvO Jun 25, 2026
ef9cda5
credentials.h,files_dv.h: point out when no secure password cannot be…
DDvO Jun 25, 2026
5e6dfac
files_icv.{c,h}: point out when no secure ICV can be derived
DDvO Jun 25, 2026
1fcb054
icvutil.c: point out when no secure ICV can be obtained
DDvO Jun 25, 2026
ffaeeda
files_icv.c: remove redundant inner '#ifdef SECUTILS_USE_ICV'
DDvO Jun 25, 2026
51873c2
config.c: make CONF_load_config() fail on ctx != NULL with SECUTILS_U…
DDvO Jun 25, 2026
ba9791a
store.c: make STORE_load_more_check() and STORE_load_crl_dir() fail o…
DDvO Jun 25, 2026
5724cae
store.h,trusted.h: point out that no ICV-based check is done if ctx =…
DDvO Jun 25, 2026
dab2e8b
CMakeLists.txt: add missing clean_all item (pkgconfig file {PROJECT_N…
DDvO Jun 26, 2026
1f66bc6
crypto.h: state that for AESGCM_{en,de}crypt_final, tag_len should be…
DDvO Jun 30, 2026
91cda7b
crypto.h: fix AESGCM_encrypt_final() doc nits
DDvO Jun 30, 2026
7363cb3
UTIL_url_encode(): prevent out-of-array access on char lookup for hig…
DDvO Jun 30, 2026
b1d228f
files_dv.c getBase64Password(): do not trace-log DV-based password
DDvO Jun 30, 2026
a770bb2
verify.h,store.h: point out that X509_V_ERR_CERT_NOT_YET_VALID is tur…
DDvO Jun 30, 2026
1e5a6f1
CONN_load_ASN1_http(): add warning when using trivial unauthenticated…
DDvO Jun 30, 2026
c555a3b
CONN_load_{ASN1,crl,OCSP}_http(): add note that with https URLs, thes…
DDvO Jun 30, 2026
ee328bd
crls.c check_cert_status_cdps(): fix wrongly using base CRL entry whe…
DDvO Jun 30, 2026
e3697d7
crls.c check_cert_status_cdps(): refactor introducing n_base and impr…
DDvO Jun 30, 2026
b1441ad
store.h,crls.h,oscp.h: add note that the use of URLs taken from cert …
DDvO Jun 30, 2026
14270b4
UTIL_safe_string_copy(): fix handling of the case that source is too …
DDvO Jun 30, 2026
5be8d99
fix use of ASN1_STRING_get0_data(): check for invalid string data, e.…
DDvO Jun 30, 2026
b9cb641
crl_mgmt.c get_crl_from_cache(): add missing checks for nextUpdate po…
DDvO Jun 30, 2026
2a2f27f
crl_mgmt.c get_crl_by_download_or_from_cache(): cache only CRLs havin…
DDvO Jun 30, 2026
1b17bbf
icvutil.c,operators.h,cdp_util.{c,h},crl_mgmt.{c,h}: make author info…
DDvO Jun 30, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ if(NOT TARGET clean_all)
COMMAND ${CMAKE_BUILD_TOOL} clean
COMMAND find . -name "*.o" -o -regex "./libsecutils[0-9-].*" | xargs rm
COMMAND rm -rf debian/{tmp,libsecutils,libsecutils-dev,libsecutils-bin}
COMMAND rm -rf ${CMAKE_CURRENT_BINARY_DIR}/src/${PROJECT_NAME}.pc
COMMAND find . -type d -name "build" | xargs -r rm -r
# cowardly not doing rm -r ${CMAKE_BINARY_DIR}

Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ also on a virtual machine or the Windows Subsystem for Linux ([WSL](https://docs
and with MacOS.

The following network and development tools are needed or recommended.
* Git (for getting the software, tested versions include 2.7.2, 2.11.0, 2.20, 2.34.1, 2.48.0)
* CMake (for using [`CMakeLists.txt`](CMakeLists.txt), tested versions include 3.18.4, 3.22.1, 3.27.7, 3.31.5)
* Git (for getting the software, tested versions include 2.7.2, 2.11.0, 2.20, 2.34.1, 2.48.0, 2.53.0)
* CMake (for using [`CMakeLists.txt`](CMakeLists.txt), tested versions include 3.18.4, 3.22.1, 3.27.7, 3.31.5, 4.3.0)
* GNU make (tested versions include 3.81, 4.1, 4.2.1, 4.3)
* GNU C compiler (gcc, tested versions include 5.4.0, 7.3.0, 8.3.0, 10.2.1, 11.4.0, 12.2.0)
or clang (tested versions include 14.0.3, 17.0.3, 19.1.1)
* GNU C compiler (gcc, tested versions include 5.4.0, 7.3.0, 8.3.0, 10.2.1, 11.4.0, 12.2.0, 13.3.0)
or clang (tested versions include 14.0.3, 17.0.3, 19.1.1, 22.1.1)

The following OSS components are used.
* OpenSSL development edition, at least version 3.0. Tested, among others,
Expand Down
2 changes: 0 additions & 2 deletions src/libsecutils/include/secutils/certstatus/cdp_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
*
* @copyright Copyright (c) Siemens Mobility GmbH, 2021
*
* @author David von Oheimb <david.von.oheimb@siemens.com>
*
* This work is licensed under the terms of the Apache Software License
* 2.0. See the COPYING file in the top-level directory.
*
Expand Down
2 changes: 0 additions & 2 deletions src/libsecutils/include/secutils/certstatus/crl_mgmt.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
*
* @copyright Copyright (c) Siemens Mobility GmbH, 2021
*
* @author David von Oheimb <david.von.oheimb@siemens.com>
*
* This work is licensed under the terms of the Apache Software License
* 2.0. See the COPYING file in the top-level directory.
*
Expand Down
3 changes: 3 additions & 0 deletions src/libsecutils/include/secutils/certstatus/crls.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ bool CRL_check(const char *src, OPTIONAL X509_CRL *crl, OPTIONAL const X509_VERI
* @brief retrieve CRL in DER format (ASN.1) from given CRL distribution point
*
* @param url the location of the CDP
* @note when given an https URL, uses trivial unauthenticated TLS
* @param timeout number of seconds the HTTP transaction may take, or 0 for infinite or -1 for default
* @param max_resp_len the maximal size of the response message, or 0 for the OpenSSL default: 100 kiB
* @param desc description of the CRL to use for any error messages, or null
Expand All @@ -65,6 +66,8 @@ int check_cert_crls(X509_STORE_CTX* ctx, OPTIONAL STACK_OF(X509_CRL) * crls, con

/*!
* @brief check the revocation status of the certificate at current error depth in ctx using CDPs
* @note This does not limit the use of URLs taken from CDP entries in the certificate.
* Thus any referenced online endpoints and local file locations may get accessed.
*
* @param ctx pointer to verification context structure including the cert to check
* @return 1 on success, 0 on rejection (i.e., cert revoked), -2 on no CRL available, -1 on other error
Expand Down
6 changes: 6 additions & 0 deletions src/libsecutils/include/secutils/certstatus/ocsp.h
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
* @brief obtain OCSP response from given OCSP responder
*
* @param url the location of the OCSP responder
* @note when given an https URL, uses trivial unauthenticated TLS
* @param timeout number of seconds the HTTP transaction may take, or 0 for infinite or -1 for default
* @param req the OCSP request to send
* @param desc description of contents to use for any error messages, or null
Expand All @@ -45,6 +46,7 @@ static const int OCSP_DEFAULT_TIMEOUT = 10; /* in seconds */
/*!
* @brief check cert status using the given OCSP response
* @note the OCSP response may be obtained using an OCSP request or OCSP stapling
* @note at this level, any nonce and cert ID relating request and response cannot be checked
*
* @param ts pointer to trust store containing verification parameters
* @param untrusted a stack of certs that may be used for chain building, or null
Expand All @@ -59,6 +61,10 @@ int check_ocsp_resp(X509_STORE* ts, STACK_OF(X509) *untrusted,
/*!
* @brief check cert revocation status via OCSP.
* @note tries using any AIA entries (if enabled) then try any given fallback OCSP responder URLs, in the given order
* @note This does not limit the use of URLs taken from AIA entries in the certificate.
* Thus any referenced online endpoints and local file locations may get accessed.
* @note to avoid performance penalty on OCSP responders, does not use nonce for
* replay protection when retrieving OCSP response unless defined SECUTILS_OCSP_USE_NONCE
*
* @param ctx verification context containing verification parameters etc.
* @param untrusted a stack of certs that may be used for chain building, or null
Expand Down
2 changes: 2 additions & 0 deletions src/libsecutils/include/secutils/connections/http.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
* @brief obtain ASN.1 response from given server
*
* @param url the location of the server
* @note when given an https URL, uses trivial unauthenticated TLS -
* so use with care; this is okay for retrieving CRLs and OCSP responses
* @param timeout number of seconds the HTTP transaction may take, or 0 for infinite
* @param max_resp_len the maximal size of the response message, or 0 for the default: 100k
* @param content_type the content type of the request, or null
Expand Down
21 changes: 12 additions & 9 deletions src/libsecutils/include/secutils/credentials/credentials.h
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,8 @@ void CREDENTIALS_free(OPTIONAL CREDENTIALS* creds);

/*!*****************************************************************************
* @brief load asymmetric credentials from the given file(s) and optionally crypto engine
* @note If used, encryption indirectly also protects integrity&authenticity of file-based storage.
* @note If used, password-based decryption indirectly
* also checks integrity&authenticity of file-based storage.
*
* @param certs name of file holding certificate and optional chain, or null
* @param key name of file holding private key or an engine key identifier, or null
Expand All @@ -173,9 +174,9 @@ CREDENTIALS* CREDENTIALS_load(OPTIONAL const char* certs, OPTIONAL const char* k


/*!*****************************************************************************
* @brief load asymmetric credentials from the given file(s) and optionally using DV-based integrity&authenticity
*protection
* @note If used, encryption indirectly also protects integrity&authenticity of file-based storage.
* @brief load asymmetric credentials from the given file(s),
* using DV-based decryption and integrity&authenticity check
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password from DV
*
* @param certs name of file holding certificate and optional chain, or null
* @param key name of file holding private key, or null
Expand All @@ -191,7 +192,8 @@ CREDENTIALS* CREDENTIALS_load_dv(OPTIONAL const char* certs, OPTIONAL const char

/*!*****************************************************************************
* @brief save asymmetric credentials (except key held in crypto engine or provider) to the given file(s)
* @note If used, encryption indirectly also protects integrity&authenticity of file-based storage.
* @note If used, password-based encryption indirectly
* also protects integrity&authenticity of file-based storage.
*
* @param creds pointer to the credential structure to save
* @param certs name of file to store certificates, or null. Any previous contents are overwritten.
Expand All @@ -214,8 +216,9 @@ bool CREDENTIALS_save(const CREDENTIALS* creds, OPTIONAL const char* certs, OPTI


/*!*****************************************************************************
* @brief save asymmetric credentials to the given file(s)
* @note If used, encryption indirectly also protects integrity&authenticity of file-based storage.
* @brief save asymmetric credentials to the given file(s),
* using DV-based encryption and integrity&authenticity protection
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password from DV
*
* @param creds pointer to the credential structure to save
* @param certs name of file to store certificates, or null. Any previous contents are overwritten.
Expand All @@ -235,7 +238,7 @@ static const char* const CREDS_DIR_DEFAULT = "certs/creds";
/*!*****************************************************************************
* @brief obtain credentials of the given component (based on its ID) from PKCS#12 file
* @note file name is derived from CREDS_DIR_ENV (defaulting to CREDS_DIR_DEFAULT), cid, and extension ".p12".
* @note uses DV-based encryption, which also protects integrity&authenticity.
* @note does not use DV-based protection
*
* @param cid identifier of the component credentials
* @return pointer to a new CREDENTIALS structure, or null on error
Expand All @@ -245,7 +248,7 @@ CREDENTIALS* CREDENTIALS_get(component_creds_id cid);
/*!*****************************************************************************
* @brief store credentials of the given component (based on its ID) in PKCS#12 format
* @note file name is derived from CREDS_DIR_ENV (defaulting to CREDS_DIR_DEFAULT), cid, and extension ".p12".
* @note uses DV-based encryption, which also protects integrity&authenticity.
* @note does not use DV-based protection
*
* @param cid identifier of the component credentials
* @param creds credentials to store
Expand Down
13 changes: 12 additions & 1 deletion src/libsecutils/include/secutils/credentials/store.h
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,13 @@ const char *STORE_get0_desc(OPTIONAL const X509_STORE *store);
* @param stapling enable OCSP stapling, which makes sense only for TLS
* @param crls (optional) provide a list of CRLS to be added to the store and enable CRL-based checks
* @param use_CDP enable using HTTP CDP entries in certificates and enable CRL-based status checking
* @note The use of URLs taken from CDP entries in certificates is not limited.
* Thus any referenced online endpoints and local file locations may get accessed.
* @param cdps (optional) provide fallback CDP URL(s) and enable CRL-based status checking
* @param crls_timeout number of seconds fetching a CRL may take, or 0 for infinite or -1 for default (= 10)
* @param use_AIA enable using AIA OCSP responder entries in certificates and enable OCSP-based status checking
* @note The use of URLs taken from AIA entries in certificates is not limited.
* Thus any referenced online endpoints and local file locations may get accessed.
* @param ocsp (optional) provides fallback OCSP responder URL(s) and enable OCSP-based status checking
* @param ocsp_timeout number of seconds getting an OCSP response may take, or 0 for infinite or -1 for default (= 10)
* @return true on success, false on failure
Expand Down Expand Up @@ -135,6 +139,9 @@ X509_CRL *STORE_fetch_crl(const X509_STORE *store, OPTIONAL const char *url, int
/*!
* @brief create or extend cert store structure with any given cert(s)
* @note sets CREDENTIALS_print_cert_verify_cb() enabling diagnostic log output
* @note This turns X509_V_ERR_CERT_NOT_YET_VALID into just a warning,
* effectively accepting not yet valid certificates, which are considered OK here.
*
* @note use in addition STORE_set_parameters() to enable certificate status checks
*
* @param store certificate store to be extended if not null
Expand All @@ -157,6 +164,7 @@ X509_STORE* STORE_create(OPTIONAL X509_STORE* store, OPTIONAL const X509* cert,
* @param vpm verification parameters, or null, governing if and how to check cert times,
* depending on X509_V_FLAG_USE_CHECK_TIME and X509_V_FLAG_NO_CHECK_TIME
* @param ctx (optional) pointer to UTA context for checking file integrity&authenticity using ICV
* @note if ctx is null or SECUTILS_USE_ICV not defined, no ICV-based check is done
* @return true on success, false on error
* @note For loaded certs their validity period and their CA flag are checked.
* Failures are logged as a warning if vpm is null, otherwise as an error.
Expand All @@ -177,6 +185,7 @@ bool STORE_load_more_check(X509_STORE** pstore, const char* file,
* @param vpm verification parameters, or null, governing if and how to check cert times,
* depending on X509_V_FLAG_USE_CHECK_TIME and X509_V_FLAG_NO_CHECK_TIME
* @param ctx (optional) pointer to UTA context for checking file integrity&authenticity using ICV
* @note if ctx is null or SECUTILS_USE_ICV not defined, no ICV-based check is done
* @return pointer to a new X509_STORE structure, or null on error
* @note For loaded certs their validity period and their CA flag are checked.
* Failures are logged as a warning if vpm is null, otherwise as an error.
Expand All @@ -198,6 +207,7 @@ X509_STORE* STORE_load_check(const char* files, OPTIONAL const char* desc,
* @param vpm verification parameters, or null, governing if and how to check cert times,
* depending on X509_V_FLAG_USE_CHECK_TIME and X509_V_FLAG_NO_CHECK_TIME
* @param ctx (optional) pointer to UTA context for checking file integrity&authenticity using ICV
* @note if ctx is null or SECUTILS_USE_ICV not defined, no ICV-based check is done
* @note at least one valid certificate file must be found in all tested directories
* @return true on success, false on error/failure
* @note For loaded certs their validity period and their CA flag are checked.
Expand All @@ -217,7 +227,8 @@ bool STORE_load_check_dir(X509_STORE** pstore, const char* trust_dir,
* @param crl_dir directory where to search for CRLs
* @param desc description of CRLs to use for error reporting, or null
* @param recursive if true, use recursive search in subdirectories
* @param ctx pointer to UTA context for checking file integrity&authenticity using ICV, or null
* @param ctx (optional) pointer to UTA context for checking file integrity&authenticity using ICV
* @note if ctx is null or SECUTILS_USE_ICV not defined, no ICV-based check is done
* @note at least one valid CRL file must be found in each visited directory
* @return true on success, false on error/failure
******************************************************************************/
Expand Down
1 change: 1 addition & 0 deletions src/libsecutils/include/secutils/credentials/trusted.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ static const char* const TRUST_CONFIG_ENTRY_CRLS = "crls";
* @param cid identifier of the component, which indicates the config file section to use, or TRUST_CONFIG_SECTION_DEFAULT if it is 0
* @param vpm OpenSSL certificate verification parameters to be taken over, or null for default
* @param ctx (optional) pointer to UTA context for checking file integrity&authenticity using ICV
* @note if ctx is null or SECUTILS_USE_ICV not defined, no ICV-based check is done
* @return pointer to a new CREDENTIALS structure, or null on error
*******************************************************************************/
X509_STORE* CREDENTIALS_get_trust_store(component_creds_id cid, OPTIONAL X509_VERIFY_PARAM* vpm, OPTIONAL uta_ctx* ctx);
Expand Down
6 changes: 6 additions & 0 deletions src/libsecutils/include/secutils/credentials/verify.h
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ bool STORE_CTX_tls_active(const X509_STORE_CTX* ctx);
* @param ctx_x509 pointer to structure containing certificate verification options like trusted certs
* @return 0 if and only if the cert verification is considered failed
*
* @note This callback turns X509_V_ERR_CERT_NOT_YET_VALID into just a warning,
* effectively accepting not yet valid certificates, which are considered OK here.
*
* @note OpenSSL's X509_verify_cert function calls this function
* during certificate verification whenever a problem has been
* found and on success at the end of the verification to give an opportunity
Expand Down Expand Up @@ -78,6 +81,9 @@ bool verify_cb_cert(X509_STORE_CTX* store_ctx, X509* cert, int err);
* @param cert certificate to be verified
* @param untrusted (optional) intermediate certs that may be useful for building
* the chain of certificates between the cert and the trusted certs in the trust store
* @note This function turns X509_V_ERR_CERT_NOT_YET_VALID into just a warning,
* effectively accepting not yet valid certificates, which are considered OK here.
*
* @param trust_store pointer to structure containing trusted (root) certs and further verification parameters
* @note trust_store may contain CRLs loaded via STORE_load_crl_dir()
* @return < 0 on on verification error, 0 for invalid cert, 1 for valid cert
Expand Down
10 changes: 5 additions & 5 deletions src/libsecutils/include/secutils/crypto/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*
* @copyright Copyright (c) Siemens Mobility GmbH, 2021
*
* @author David von Oheimb <david.von.oheimb@siemens.com>
* @author Martin Vitek <martin.vitek@siemens.com>
*
* This work is licensed under the terms of the Apache Software License
* 2.0. See the COPYING file in the top-level directory.
Expand Down Expand Up @@ -78,11 +78,11 @@ ssize_t AESGCM_decrypt(EVP_CIPHER_CTX* osslctx, uint8_t* plain_buff, size_t plai


/*!
* @brief The function finalizes encryption and store tag (integrity protection value).
* @brief The function finalizes encryption and stores tag (integrity protection value).
*
* @param osslctx pointer to context of decryption operation
* @param osslctx pointer to context of encryption operation
* @param tag_buff pointer to buffer used to store tag
* @param tag_len size of resulting tag to be stored in tag_buff
* @param tag_len size of resulting tag to be stored in tag_buff, should be EVP_GCM_TLS_TAG_LEN
* @note If tag_buff is set to null and tag_len is set to 0 then tag will not be generated
*
* @return true on success
Expand All @@ -96,7 +96,7 @@ bool AESGCM_encrypt_final(EVP_CIPHER_CTX* osslctx, uint8_t* tag_buff, size_t tag
*
* @param osslctx pointer to context of decryption operation
* @param tag pointer to tag
* @param tag_len size of tag
* @param tag_len size of tag, should be EVP_GCM_TLS_TAG_LEN
* @note If tag_buff is set to null and tag_len is set 0 then authenticity will not be checked
* @param plain pointer to plain text obtained by calling AESGCM_decrypt or null
* @note on failure the function cleans plain text if parameter plain is not null
Expand Down
2 changes: 1 addition & 1 deletion src/libsecutils/include/secutils/operators.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*
* @copyright Copyright (c) Siemens Mobility GmbH, 2021
*
* @author David von Oheimb <david.von.oheimb@siemens.com>
* @author Martin Barta <martin.barta@siemens.com>
*
* This work is licensed under the terms of the Apache Software License
* 2.0. See the COPYING file in the top-level directory.
Expand Down
4 changes: 4 additions & 0 deletions src/libsecutils/include/secutils/storage/files_dv.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@

/*!
* @brief get file encryption password from UTA using derivation value based on file path name
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password
*
* @param pass_buf place to store the derived password as base64 encoded string, must be at least MAX_UTA_PASS_LEN chars
* long
Expand All @@ -55,6 +56,7 @@ bool FILES_get_dv(const char* filename, unsigned char* dv_out);

/*!
* @brief store private key in given file and format, optionally using DV-based password
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password from DV
*
* @param pkey private key to save
* @param file (path) name of the output file. Any previous contents are overwritten.
Expand All @@ -70,6 +72,7 @@ bool FILES_store_key_dv(const EVP_PKEY* pkey, const char* file, file_format_t fo

/*!
* @brief load private key from the given file or engine with flexible format, optionally using DV-based password
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password from DV
*
* @param key file (path) name of the input file or engine key ID
* @param file_format the format to try first when reading file contents
Expand All @@ -85,6 +88,7 @@ EVP_PKEY* FILES_load_key_autofmt_dv(OPTIONAL const char* key, file_format_t file

/*!
* @brief load certificates from the given file with flexible format, optionally using DV-based password
* @note If SECUTILS_USE_UTA is not set, cannot derive secure password from DV
*
* @param file (path) name of the input file
* @param format the format to try first when reading file contents
Expand Down
Loading
Loading