[openssl] master update
dev at ddvo.net
dev at ddvo.net
Wed Nov 25 12:34:16 UTC 2020
The branch master has been updated
via 931d5b4b27fcc907e3ff4d4328c59a5f285a44fb (commit)
via 68f9d9223b247f5c6e50bf66f405bc2fb09295cf (commit)
via e50b81c932e7f0a5a742631215865ff66116366e (commit)
from 6955e3f7e0574a1f4bf373ba7e8940591b0138ed (commit)
- Log -----------------------------------------------------------------
commit 931d5b4b27fcc907e3ff4d4328c59a5f285a44fb
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Nov 24 16:16:08 2020 +0100
apps/cmp.c: fix crash with -batch option on OPENSSL_NO_UI_CONSOLE
Also make clear we cannot use get_ui_method() at this point.
Fixes #13494
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)
commit 68f9d9223b247f5c6e50bf66f405bc2fb09295cf
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Nov 25 11:36:27 2020 +0100
apps/cmp.c: Improve description of key loaded due to -newkew option
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)
commit e50b81c932e7f0a5a742631215865ff66116366e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Nov 24 16:16:57 2020 +0100
re-encrypt 81-test_cmp_cli_data/Mock/signer.p12 with AES-256-CBC (avoiding DES)
Fixes #13494
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13497)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 12 +++++-------
apps/include/apps_ui.h | 2 +-
apps/lib/apps_ui.c | 2 +-
test/recipes/81-test_cmp_cli_data/Mock/signer.p12 | Bin 5341 -> 5475 bytes
4 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index ccb61ab497..17173374df 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1609,12 +1609,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
const char *file = opt_newkey;
const int format = opt_keyform;
const char *pass = opt_newkeypass;
- const char *desc = "new private or public key for cert to be enrolled";
- EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, NULL);
+ const char *desc = "new private key for cert to be enrolled";
+ EVP_PKEY *pkey = load_key_pwd(file, format, pass, engine, desc);
int priv = 1;
if (pkey == NULL) {
ERR_clear_error();
+ desc = "fallback public key for cert to be enrolled";
pkey = load_pubkey(file, format, 0, pass, engine, desc);
priv = 0;
}
@@ -2697,13 +2698,10 @@ int cmp_main(int argc, char **argv)
ret = 0;
if (opt_batch) {
- UI_METHOD *ui_fallback_method;
#ifndef OPENSSL_NO_UI_CONSOLE
- ui_fallback_method = UI_OpenSSL();
-#else
- ui_fallback_method = (UI_METHOD *)UI_null();
+ UI_method_set_reader(UI_OpenSSL(), NULL);
+ /* can't change get_ui_method() here as load_key_certs_crls() uses it */
#endif
- UI_method_set_reader(ui_fallback_method, NULL);
}
if (opt_engine != NULL)
diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h
index 67d61e1396..59a82d5ecb 100644
--- a/apps/include/apps_ui.h
+++ b/apps/include/apps_ui.h
@@ -21,7 +21,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
-const UI_METHOD *get_ui_method(void);
+UI_METHOD *get_ui_method(void);
extern BIO *bio_err;
diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c
index 880e9a4f6d..6c8c3de196 100644
--- a/apps/lib/apps_ui.c
+++ b/apps/lib/apps_ui.c
@@ -136,7 +136,7 @@ void destroy_ui_method(void)
}
}
-const UI_METHOD *get_ui_method(void)
+UI_METHOD *get_ui_method(void)
{
return ui_method;
}
diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12
index 6eab305fde..5bbb1e205f 100644
Binary files a/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 and b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 differ
More information about the openssl-commits
mailing list