[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue May 4 16:17:48 UTC 2021
The branch master has been updated
via 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit)
via d9efb24de8765ddc921b8e304372e8e33d4d65f4 (commit)
via 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2 (commit)
via 6e328484ab17f671134077962ce1aa392e512423 (commit)
from 7031f5821c4380d9c1f60a92734c940fdedfb488 (commit)
- Log -----------------------------------------------------------------
commit 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Apr 26 14:55:18 2021 +0200
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
commit d9efb24de8765ddc921b8e304372e8e33d4d65f4
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Apr 26 14:51:34 2021 +0200
OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
commit 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Apr 26 14:58:19 2021 +0200
APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
commit 6e328484ab17f671134077962ce1aa392e512423
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Apr 26 14:57:05 2021 +0200
OSSL_STORE_expect(): Improve error handling and documentation
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/apps.c | 34 ++++++++++++++++------------------
crypto/encode_decode/decoder_lib.c | 9 +++++----
crypto/store/store_lib.c | 7 ++++++-
doc/man3/BIO_ctrl.pod | 2 +-
doc/man3/OSSL_STORE_expect.pod | 10 ++++++----
doc/man3/OSSL_STORE_open.pod | 4 ++--
6 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index b87f271ee8..81b543ec68 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -828,6 +828,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
return ret;
}
+/* Set type expectation, but clear it if objects of different types expected. */
+#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
/*
* Load those types of credentials for which the result pointer is not NULL.
* Reads from stdio if uri is NULL and maybe_stdin is nonzero.
@@ -860,47 +862,41 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
pcrls != NULL ? "CRLs" : NULL;
int cnt_expectations = 0;
- int expect = 0;
+ int expect = -1;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL) {
*ppkey = NULL;
cnt_expectations++;
- expect = OSSL_STORE_INFO_PKEY;
+ SET_EXPECT(OSSL_STORE_INFO_PKEY);
}
if (ppubkey != NULL) {
*ppubkey = NULL;
cnt_expectations++;
- expect = OSSL_STORE_INFO_PUBKEY;
+ SET_EXPECT(OSSL_STORE_INFO_PUBKEY);
}
if (pparams != NULL) {
*pparams = NULL;
cnt_expectations++;
- expect = OSSL_STORE_INFO_PARAMS;
+ SET_EXPECT(OSSL_STORE_INFO_PARAMS);
}
if (pcert != NULL) {
*pcert = NULL;
cnt_expectations++;
- expect = OSSL_STORE_INFO_CERT;
+ SET_EXPECT(OSSL_STORE_INFO_CERT);
}
- if (failed == NULL) {
- BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
- uri != NULL ? uri : "<stdin>");
- return 0;
- }
-
if (pcerts != NULL) {
if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Out of memory loading");
goto end;
}
cnt_expectations++;
- expect = OSSL_STORE_INFO_CERT;
+ SET_EXPECT(OSSL_STORE_INFO_CERT);
}
if (pcrl != NULL) {
*pcrl = NULL;
cnt_expectations++;
- expect = OSSL_STORE_INFO_CRL;
+ SET_EXPECT(OSSL_STORE_INFO_CRL);
}
if (pcrls != NULL) {
if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) {
@@ -908,7 +904,12 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
goto end;
}
cnt_expectations++;
- expect = OSSL_STORE_INFO_CRL;
+ SET_EXPECT(OSSL_STORE_INFO_CRL);
+ }
+ if (cnt_expectations == 0) {
+ BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
+ uri != NULL ? uri : "<stdin>");
+ return 0;
}
uidata.password = pass;
@@ -937,10 +938,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
}
-
- if (cnt_expectations != 1)
- expect = 0;
- if (!OSSL_STORE_expect(ctx, expect))
+ if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
goto end;
failed = NULL;
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 45aeb39184..8a5082c441 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -79,10 +79,11 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
const char *input_structure
= ctx->input_structure != NULL ? ctx->input_structure : "";
- ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
- "No supported for the data to decode.%s%s%s%s%s%s",
- spaces, input_type_label, input_type, comma,
- input_structure_label, input_structure);
+ if (BIO_eof(in) == 0 /* Prevent spurious decoding error */)
+ ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
+ "Not supported for the data to decode.%s%s%s%s%s%s",
+ spaces, input_type_label, input_type, comma,
+ input_structure_label, input_structure);
ok = 0;
}
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 1a62d7f6ff..e7f5860604 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -241,6 +241,11 @@ int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
{
int ret = 1;
+ if (ctx == NULL
+ || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
+ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
if (ctx->loading) {
ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
return 0;
@@ -458,7 +463,7 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
if (ctx->fetched_loader == NULL)
ret = ctx->loader->eof(ctx->loader_ctx);
#endif
- return ret;
+ return ret != 0;
}
static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index 328382d7c9..b3108f83ef 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod
@@ -92,7 +92,7 @@ for success and -1 for failure.
BIO_flush() returns 1 for success and 0 or -1 for failure.
-BIO_eof() returns 1 if EOF has been reached 0 otherwise.
+BIO_eof() returns 1 if EOF has been reached, 0 if not, or -1 for failure.
BIO_set_close() always returns 1.
diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod
index ac414e9701..8b79f35337 100644
--- a/doc/man3/OSSL_STORE_expect.pod
+++ b/doc/man3/OSSL_STORE_expect.pod
@@ -21,11 +21,13 @@ OSSL_STORE_find
OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns
by specifying a B<OSSL_STORE_INFO> type.
-For example, if C<file:/foo/bar/store.pem> contains several different objects
-and only the certificates are interesting, the application can simply say
+By default, no expectations on the types of objects to be loaded are made.
+I<expected_type> may be 0 to indicate explicitly that no expectation is made,
+or it may be any of the known object types (see
+L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>) except for B<OSSL_STORE_INFO_NAME>.
+For example, if C<file:/foo/bar/store.pem> contains several objects of different
+type and only certificates are interesting, the application can simply say
that it expects the type B<OSSL_STORE_INFO_CERT>.
-All known object types (see L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>)
-except for B<OSSL_STORE_INFO_NAME> are supported.
OSSL_STORE_find() helps applications specify a criterion for a more fine
grained search of objects.
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 61571be490..3d6d03a990 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -143,8 +143,8 @@ on error or when end of data is reached.
Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a
returned NULL.
-OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise
-0.
+OSSL_STORE_eof() returns 1 if the end of data has been reached
+or an error occurred, 0 otherwise.
OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call,
otherwise 0.
More information about the openssl-commits
mailing list