[openssl] master update
Matt Caswell
matt at openssl.org
Tue Nov 10 14:03:08 UTC 2020
The branch master has been updated
via 8b0ec09934a3f76f6d3e83793b5434e76fdd8c2c (commit)
from dee8eded24fb814e6f1be64b3e8505a3b008a2f9 (commit)
- Log -----------------------------------------------------------------
commit 8b0ec09934a3f76f6d3e83793b5434e76fdd8c2c
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 4 14:20:36 2020 +0000
Fix the reading of DSA parameters files using the dsaparam app
DSA parameters files were failing to load correctly. We also fix a number
of follow on issues which resulted in multiple similar errors messages
being displayed for the same problem, as well as a seg-fault.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13317)
-----------------------------------------------------------------------
Summary of changes:
apps/dsaparam.c | 8 ++------
apps/include/apps.h | 3 ++-
apps/lib/apps.c | 16 +++++++++++-----
3 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7e374eb6ad..06d1b95902 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -179,14 +179,10 @@ int dsaparam_main(int argc, char **argv)
goto end;
}
} else {
- params = load_keyparams(infile, 1, "DSA parameters");
- if (!EVP_PKEY_is_a(params, "DSA")) {
- EVP_PKEY_free(params);
- params = NULL;
- }
+ params = load_keyparams(infile, 1, "DSA", "DSA parameters");
}
if (params == NULL) {
- BIO_printf(bio_err, "Error, unable to load DSA parameters\n");
+ /* Error message should already have been displayed */
goto end;
}
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 17e01336ab..b149a837f3 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -115,7 +115,8 @@ EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
+ const char *desc);
int load_certs(const char *uri, STACK_OF(X509) **certs,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 9efc5f9eb1..b1158a9ebc 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -598,7 +598,8 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
return pkey;
}
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
+EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
+ const char *desc)
{
EVP_PKEY *params = NULL;
@@ -607,9 +608,13 @@ EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *desc)
(void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
NULL, NULL, ¶ms, NULL, NULL, NULL, NULL);
- if (params == NULL) {
- BIO_printf(bio_err, "Unable to load %s\n", desc);
+ if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
+ BIO_printf(bio_err,
+ "Unable to load %s from %s (unexpected parameters type)\n",
+ desc, uri);
ERR_print_errors(bio_err);
+ EVP_PKEY_free(params);
+ params = NULL;
}
return params;
}
@@ -699,8 +704,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
int ncrls = 0;
const char *failed =
ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
- pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
- pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
+ pparams != NULL ? "params" : pcert != NULL ? "cert" :
+ pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
+ pcrls != NULL ? "CRLs" : NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL)
More information about the openssl-commits
mailing list