[openssl] master update
Richard Levitte
levitte at openssl.org
Mon Oct 26 08:44:35 UTC 2020
The branch master has been updated
via 22dddfb925da8775eaf4ee8c377da41e6535afe1 (commit)
from b6120b5f5442c3ddd081a9378ec89b888c3bb0fe (commit)
- Log -----------------------------------------------------------------
commit 22dddfb925da8775eaf4ee8c377da41e6535afe1
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Oct 24 16:31:57 2020 +0200
APPS: Remove the format argument where it's not used
Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
load_cert_pass() with a corresponding argument where load_cert() was
used in OpenSSL 1.1.1.
Fixes #13235
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13236)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 7 ++++---
apps/cms.c | 15 ++++++---------
apps/crl.c | 4 ++--
apps/include/apps.h | 5 ++---
apps/lib/apps.c | 4 ++--
apps/lib/s_cb.c | 3 +--
apps/ocsp.c | 10 ++++------
apps/pkeyutl.c | 2 +-
apps/rsautl.c | 2 +-
apps/s_client.c | 4 ++--
apps/s_server.c | 11 +++++------
apps/smime.c | 8 +++-----
apps/verify.c | 2 +-
apps/x509.c | 4 ++--
14 files changed, 36 insertions(+), 45 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 00078f90d4..b2866f63d6 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -591,7 +591,7 @@ end_of_options:
&& (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
goto end;
- x509 = load_cert_pass(certfile, certformat, passin, "CA certificate");
+ x509 = load_cert_pass(certfile, 1, passin, "CA certificate");
if (x509 == NULL)
goto end;
@@ -1269,7 +1269,7 @@ end_of_options:
} else {
X509 *revcert;
- revcert = load_cert_pass(infile, certformat, passin,
+ revcert = load_cert_pass(infile, 1, passin,
"certificate to be revoked");
if (revcert == NULL)
goto end;
@@ -1404,7 +1404,8 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((template_cert = load_cert_pass(infile, certformat, passin, "template certificate")) == NULL)
+ if ((template_cert = load_cert_pass(infile, 1, passin,
+ "template certificate")) == NULL)
goto end;
if (verbose)
X509_print(bio_err, template_cert);
diff --git a/apps/cms.c b/apps/cms.c
index 4589a24f06..f9adc9a52c 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -616,8 +616,7 @@ int cms_main(int argc, char **argv)
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
- cert = load_cert(opt_arg(), FORMAT_UNDEF,
- "recipient certificate file");
+ cert = load_cert(opt_arg(), "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
@@ -809,8 +808,7 @@ int cms_main(int argc, char **argv)
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if ((cert = load_cert(*argv, FORMAT_UNDEF,
- "recipient certificate file")) == NULL)
+ if ((cert = load_cert(*argv, "recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
@@ -826,7 +824,7 @@ int cms_main(int argc, char **argv)
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_UNDEF,
+ if ((recip = load_cert(recipfile,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -834,7 +832,7 @@ int cms_main(int argc, char **argv)
}
if (originatorfile != NULL) {
- if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
+ if ((originator = load_cert(originatorfile,
"originator certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -842,7 +840,7 @@ int cms_main(int argc, char **argv)
}
if (operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(signerfile, FORMAT_UNDEF,
+ if ((signer = load_cert(signerfile,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -1049,8 +1047,7 @@ int cms_main(int argc, char **argv)
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_UNDEF,
- "signer certificate");
+ signer = load_cert(signerfile, "signer certificate");
if (signer == NULL) {
ret = 2;
goto end;
diff --git a/apps/crl.c b/apps/crl.c
index 4cb1bcc2c3..680c0ee128 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -205,7 +205,7 @@ int crl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- x = load_crl(infile, informat, "CRL");
+ x = load_crl(infile, "CRL");
if (x == NULL)
goto end;
@@ -250,7 +250,7 @@ int crl_main(int argc, char **argv)
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
- newcrl = load_crl(crldiff, informat, "other CRL");
+ newcrl = load_crl(crldiff, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 8bb92e07db..17e01336ab 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -107,9 +107,8 @@ int add_oid_section(CONF *conf);
X509_REQ *load_csr(const char *file, int format, const char *desc);
X509 *load_cert_pass(const char *uri, int maybe_stdin,
const char *pass, const char *desc);
-/* the format parameter is meanwhile not needed anymore and thus ignored */
-#define load_cert(uri, format, desc) load_cert_pass(uri, 0, NULL, desc)
-X509_CRL *load_crl(const char *uri, int format, const char *desc);
+#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
+X509_CRL *load_crl(const char *uri, const char *desc);
void cleanse(char *str);
void clear_free(char *str);
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index d100ce42dd..9efc5f9eb1 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -485,7 +485,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
}
/* the format parameter is meanwhile not needed anymore and thus ignored */
-X509_CRL *load_crl(const char *uri, int format, const char *desc)
+X509_CRL *load_crl(const char *uri, const char *desc)
{
X509_CRL *crl = NULL;
@@ -1915,7 +1915,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
urlptr = get_dp_url(dp);
if (urlptr)
- return load_crl(urlptr, FORMAT_HTTP, "CRL via CDP");
+ return load_crl(urlptr, "CRL via CDP");
}
return NULL;
}
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 142659d05e..a15e4e9d35 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1041,8 +1041,7 @@ int load_excert(SSL_EXCERT **pexc)
BIO_printf(bio_err, "Missing filename\n");
return 0;
}
- exc->cert = load_cert(exc->certfile, exc->certform,
- "Server Certificate");
+ exc->cert = load_cert(exc->certfile, "Server Certificate");
if (exc->cert == NULL)
return 0;
if (exc->keyfile != NULL) {
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 4d01e99c15..174f237340 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -405,8 +405,7 @@ int ocsp_main(int argc, char **argv)
path = opt_arg();
break;
case OPT_ISSUER:
- issuer = load_cert(opt_arg(), FORMAT_UNDEF,
- "issuer certificate");
+ issuer = load_cert(opt_arg(), "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
@@ -418,7 +417,7 @@ int ocsp_main(int argc, char **argv)
break;
case OPT_CERT:
X509_free(cert);
- cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
+ cert = load_cert(opt_arg(), "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
@@ -562,8 +561,7 @@ int ocsp_main(int argc, char **argv)
if (rsignfile != NULL) {
if (rkeyfile == NULL)
rkeyfile = rsignfile;
- rsigner = load_cert(rsignfile, FORMAT_UNDEF,
- "responder certificate");
+ rsigner = load_cert(rsignfile, "responder certificate");
if (rsigner == NULL) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
@@ -659,7 +657,7 @@ redo_accept:
if (signfile != NULL) {
if (keyfile == NULL)
keyfile = signfile;
- signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
+ signer = load_cert(signfile, "signer certificate");
if (signer == NULL) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index f7449503b9..3146b1f684 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -540,7 +540,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
break;
case KEY_CERT:
- x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
+ x = load_cert(keyfile, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 49d9fcfea4..9b5456cb89 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -197,7 +197,7 @@ int rsautl_main(int argc, char **argv)
break;
case KEY_CERT:
- x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
+ x = load_cert(keyfile, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
diff --git a/apps/s_client.c b/apps/s_client.c
index 512ac0547b..98f034f112 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1731,7 +1731,7 @@ int s_client_main(int argc, char **argv)
}
if (cert_file != NULL) {
- cert = load_cert_pass(cert_file, cert_format, pass, "client certificate");
+ cert = load_cert_pass(cert_file, 1, pass, "client certificate");
if (cert == NULL)
goto end;
}
@@ -1743,7 +1743,7 @@ int s_client_main(int argc, char **argv)
if (crl_file != NULL) {
X509_CRL *crl;
- crl = load_crl(crl_file, crl_format, "CRL");
+ crl = load_crl(crl_file, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
diff --git a/apps/s_server.c b/apps/s_server.c
index dee38584c4..cd76ababe0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1744,8 +1744,7 @@ int s_server_main(int argc, char *argv[])
if (s_key == NULL)
goto end;
- s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
- "server certificate");
+ s_cert = load_cert_pass(s_cert_file, 1, pass, "server certificate");
if (s_cert == NULL)
goto end;
@@ -1761,7 +1760,7 @@ int s_server_main(int argc, char *argv[])
if (s_key2 == NULL)
goto end;
- s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
+ s_cert2 = load_cert_pass(s_cert_file2, 1, pass,
"second server certificate");
if (s_cert2 == NULL)
@@ -1784,7 +1783,7 @@ int s_server_main(int argc, char *argv[])
if (crl_file != NULL) {
X509_CRL *crl;
- crl = load_crl(crl_file, crl_format, "CRL");
+ crl = load_crl(crl_file, "CRL");
if (crl == NULL)
goto end;
crls = sk_X509_CRL_new_null();
@@ -1806,8 +1805,8 @@ int s_server_main(int argc, char *argv[])
if (s_dkey == NULL)
goto end;
- s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
- "second server certificate");
+ s_dcert = load_cert_pass(s_dcert_file, 1, dpass,
+ "second server certificate");
if (s_dcert == NULL) {
ERR_print_errors(bio_err);
diff --git a/apps/smime.c b/apps/smime.c
index 89dc0eac96..f0ac6ed99c 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -435,8 +435,7 @@ int smime_main(int argc, char **argv)
if (encerts == NULL)
goto end;
while (*argv != NULL) {
- cert = load_cert(*argv, FORMAT_UNDEF,
- "recipient certificate file");
+ cert = load_cert(*argv, "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
@@ -453,7 +452,7 @@ int smime_main(int argc, char **argv)
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_UNDEF,
+ if ((recip = load_cert(recipfile,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -568,8 +567,7 @@ int smime_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_UNDEF,
- "signer certificate");
+ signer = load_cert(signerfile, "signer certificate");
if (signer == NULL)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
diff --git a/apps/verify.c b/apps/verify.c
index 3d4e7d4060..9a226f0360 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -250,7 +250,7 @@ static int check(X509_STORE *ctx, const char *file,
STACK_OF(X509) *chain = NULL;
int num_untrusted;
- x = load_cert(file, FORMAT_UNDEF, "certificate file");
+ x = load_cert(file, "certificate file");
if (x == NULL)
goto end;
diff --git a/apps/x509.c b/apps/x509.c
index 509d6e8741..8f9b7c8e40 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -629,7 +629,7 @@ int x509_main(int argc, char **argv)
if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req)))
goto end;
} else {
- x = load_cert_pass(infile, FORMAT_UNDEF, passin, "certificate");
+ x = load_cert_pass(infile, 1, passin, "certificate");
if (x == NULL)
goto end;
if (fkey != NULL && !X509_set_pubkey(x, fkey))
@@ -639,7 +639,7 @@ int x509_main(int argc, char **argv)
}
if (CA_flag) {
- xca = load_cert_pass(CAfile, CAformat, passin, "CA certificate");
+ xca = load_cert_pass(CAfile, 1, passin, "CA certificate");
if (xca == NULL)
goto end;
}
More information about the openssl-commits
mailing list