[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue Jan 11 11:45:57 UTC 2022
The branch master has been updated
via 2c2724476ef50b8926b033f009bdfc85ac3f1816 (commit)
via 870871e5df4f47611c38e81d3f50e38cbf362082 (commit)
from 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac (commit)
- Log -----------------------------------------------------------------
commit 2c2724476ef50b8926b033f009bdfc85ac3f1816
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Aug 24 12:03:12 2021 +0200
APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
commit 870871e5df4f47611c38e81d3f50e38cbf362082
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Aug 24 12:27:12 2021 +0200
PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
-----------------------------------------------------------------------
Summary of changes:
apps/cms.c | 1 +
apps/crl.c | 1 +
apps/dgst.c | 1 +
apps/dsa.c | 1 +
apps/ec.c | 1 +
apps/enc.c | 1 +
apps/gendsa.c | 1 +
apps/genpkey.c | 1 +
apps/genrsa.c | 1 +
apps/include/opt.h | 2 ++
apps/lib/opt.c | 19 ++++++++++++++++++-
apps/ocsp.c | 9 +++++++--
apps/pkcs12.c | 12 ++++++------
apps/pkey.c | 1 +
apps/req.c | 1 +
apps/rsa.c | 1 +
apps/smime.c | 1 +
apps/storeutl.c | 4 +++-
apps/ts.c | 1 +
apps/x509.c | 2 +-
doc/man1/openssl-ocsp.pod.in | 11 ++++++-----
21 files changed, 57 insertions(+), 16 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index b49d1e3a68..575f8b3625 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -314,6 +314,7 @@ int cms_main(int argc, char **argv)
if (encerts == NULL || vpm == NULL)
goto end;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/crl.c b/apps/crl.c
index 8d353ff2af..c8f0981ee7 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -98,6 +98,7 @@ int crl_main(int argc, char **argv)
int hash_old = 0;
#endif
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/dgst.c b/apps/dgst.c
index e75dd72521..18ba3d41c5 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -115,6 +115,7 @@ int dgst_main(int argc, char **argv)
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/dsa.c b/apps/dsa.c
index 9605ed81e7..fae277b8a2 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -92,6 +92,7 @@ int dsa_main(int argc, char **argv)
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/ec.c b/apps/ec.c
index 4573300a5e..2c350ff0b4 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -80,6 +80,7 @@ int ec_main(int argc, char **argv)
char *point_format = NULL;
int no_public = 0;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/enc.c b/apps/enc.c
index e71453c3c4..b14129d9b0 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -143,6 +143,7 @@ int enc_main(int argc, char **argv)
else if (strcmp(argv[0], "enc") != 0)
ciphername = argv[0];
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/gendsa.c b/apps/gendsa.c
index b9bc2f502b..c4070c9e1a 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -62,6 +62,7 @@ int gendsa_main(int argc, char **argv)
OPTION_CHOICE o;
int ret = 1, private = 0, verbose = 0, nbits;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 7f70a6baa2..f4c8f92c34 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -74,6 +74,7 @@ int genpkey_main(int argc, char **argv)
OSSL_LIB_CTX *libctx = app_get0_libctx();
STACK_OF(OPENSSL_STRING) *keyopt = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genpkey_options);
keyopt = sk_OPENSSL_STRING_new_null();
if (keyopt == NULL)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 1a6c67380f..9d0fea7646 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -93,6 +93,7 @@ int genrsa_main(int argc, char **argv)
if (bn == NULL || cb == NULL)
goto end;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genrsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 9493901c44..365eae5bc8 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -365,6 +365,7 @@ int opt_next(void);
char *opt_flag(void);
char *opt_arg(void);
char *opt_unknown(void);
+void reset_unknown(void);
int opt_cipher(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
@@ -373,6 +374,7 @@ int opt_md(const char *name, EVP_MD **mdp);
int opt_md_silent(const char *name, EVP_MD **mdp);
int opt_int(const char *arg, int *result);
+void opt_set_unknown_name(const char *name);
int opt_int_arg(void);
int opt_long(const char *arg, long *result);
int opt_ulong(const char *arg, unsigned long *result);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 7967fa7956..2865a1eefb 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -41,6 +41,7 @@ static int opt_index;
static char *arg;
static char *flag;
static char *dunno;
+static const char *unknown_name;
static const OPTIONS *unknown;
static const OPTIONS *opts;
static char prog[40];
@@ -166,7 +167,6 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
opt_begin();
opts = o;
unknown = NULL;
-
/* Make sure prog name is set for usage output */
(void)opt_progname(argv[0]);
@@ -215,6 +215,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
}
#endif
if (o->name[0] == '\0') {
+ OPENSSL_assert(unknown_name != NULL);
OPENSSL_assert(unknown == NULL);
unknown = o;
OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
@@ -236,6 +237,11 @@ static OPT_PAIR formats[] = {
{NULL}
};
+void opt_set_unknown_name(const char *name)
+{
+ unknown_name = name;
+}
+
/* Print an error message about a failed format parse. */
static int opt_format_error(const char *s, unsigned long flags)
{
@@ -985,6 +991,11 @@ int opt_next(void)
return o->retval;
}
if (unknown != NULL) {
+ if (dunno != NULL) {
+ opt_printf_stderr("%s: Multiple %s or unknown options: -%s and -%s\n",
+ prog, unknown_name, dunno, p);
+ return -1;
+ }
dunno = p;
return unknown->retval;
}
@@ -1010,6 +1021,12 @@ char *opt_unknown(void)
return dunno;
}
+/* Reset the unknown option; needed by ocsp to allow multiple digest options. */
+void reset_unknown(void)
+{
+ dunno = NULL;
+}
+
/* Return the rest of the arguments after parsing flags. */
char **opt_rest(void)
{
diff --git a/apps/ocsp.c b/apps/ocsp.c
index d8e45ccd43..18e7c44191 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -196,8 +196,10 @@ const OPTIONS ocsp_options[] = {
{"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
{"verify_other", OPT_VERIFY_OTHER, '<',
"Additional certificates to search for signer"},
- {"cert", OPT_CERT, '<', "Certificate to check"},
- {"serial", OPT_SERIAL, 's', "Serial number to check"},
+ {"cert", OPT_CERT, '<',
+ "Certificate to check; may be given multiple times"},
+ {"serial", OPT_SERIAL, 's',
+ "Serial number to check; may be given multiple times"},
{"validity_period", OPT_VALIDITY_PERIOD, 'u',
"Maximum validity discrepancy in seconds"},
{"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
@@ -261,6 +263,7 @@ int ocsp_main(int argc, char **argv)
|| (vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ocsp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@@ -436,6 +439,7 @@ int ocsp_main(int argc, char **argv)
goto end;
break;
case OPT_CERT:
+ reset_unknown();
X509_free(cert);
cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
if (cert == NULL)
@@ -449,6 +453,7 @@ int ocsp_main(int argc, char **argv)
trailing_md = 0;
break;
case OPT_SERIAL:
+ reset_unknown();
if (cert_id_md == NULL)
cert_id_md = (EVP_MD *)EVP_sha1();
if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 44b53b0b54..754994e6a9 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -155,7 +155,7 @@ const OPTIONS pkcs12_options[] = {
int pkcs12_main(int argc, char **argv)
{
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
- char *untrusted = NULL, *ciphername = NULL, *enc_flag = NULL;
+ char *untrusted = NULL, *ciphername = NULL, *enc_name = NULL;
char *passcertsarg = NULL, *passcerts = NULL;
char *name = NULL, *csp_name = NULL;
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
@@ -182,6 +182,7 @@ int pkcs12_main(int argc, char **argv)
EVP_CIPHER *enc = (EVP_CIPHER *)default_enc;
OPTION_CHOICE o;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkcs12_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@@ -238,16 +239,15 @@ int pkcs12_main(int argc, char **argv)
case OPT_NODES:
case OPT_NOENC:
/*
- * |enc_flag| stores the name of the option used so it
+ * |enc_name| stores the name of the option used so it
* can be printed if an error message is output.
*/
- enc_flag = opt_flag() + 1;
+ enc_name = opt_flag() + 1;
enc = NULL;
ciphername = NULL;
break;
case OPT_CIPHER:
- ciphername = opt_unknown();
- enc_flag = opt_unknown();
+ enc_name = ciphername = opt_unknown();
break;
case OPT_ITER:
maciter = iter = opt_int_arg();
@@ -375,7 +375,7 @@ int pkcs12_main(int argc, char **argv)
WARN_EXPORT("cacerts");
if (enc != default_enc)
BIO_printf(bio_err,
- "Warning: output encryption option -%s ignored with -export\n", enc_flag);
+ "Warning: output encryption option -%s ignored with -export\n", enc_name);
} else {
if (keyname != NULL)
WARN_NO_EXPORT("inkey");
diff --git a/apps/pkey.c b/apps/pkey.c
index 41a4c29897..cfef85ec0e 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -83,6 +83,7 @@ int pkey_main(int argc, char **argv)
char *point_format = NULL;
#endif
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/req.c b/apps/req.c
index 36ac493807..eaff69faa4 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -266,6 +266,7 @@ int req_main(int argc, char **argv)
cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
#endif
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, req_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/rsa.c b/apps/rsa.c
index fb73173428..08527f6347 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -139,6 +139,7 @@ int rsa_main(int argc, char **argv)
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/smime.c b/apps/smime.c
index 9677f056ed..6001d444ff 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -160,6 +160,7 @@ int smime_main(int argc, char **argv)
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, smime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 8d1ce3cea3..65444fc53e 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -74,7 +74,7 @@ int storeutl_main(int argc, char *argv[])
BIO *out = NULL;
ENGINE *e = NULL;
OPTION_CHOICE o;
- char *prog = opt_init(argc, argv, storeutl_options);
+ char *prog;
PW_CB_DATA pw_cb_data;
int expected = 0;
int criterion = 0;
@@ -87,6 +87,8 @@ int storeutl_main(int argc, char *argv[])
EVP_MD *digest = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
+ opt_set_unknown_name("digest");
+ prog = opt_init(argc, argv, storeutl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
diff --git a/apps/ts.c b/apps/ts.c
index 8e58ef00b4..2497c3b32a 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -181,6 +181,7 @@ int ts_main(int argc, char **argv)
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ts_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
diff --git a/apps/x509.c b/apps/x509.c
index 188bc17a09..29dc74ca9e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -302,6 +302,7 @@ int x509_main(int argc, char **argv)
goto err;
X509_STORE_set_verify_cb(ctx, callb);
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, x509_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@@ -592,7 +593,6 @@ int x509_main(int argc, char **argv)
break;
}
}
-
/* No extra arguments. */
if (!opt_check_rest_arg(NULL))
goto opthelp;
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index fbad5079af..37c7aeb915 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -102,15 +102,16 @@ specify output filename, default is standard output.
=item B<-issuer> I<filename>
-This specifies the current issuer certificate. This option can be used
-multiple times.
+This specifies the current issuer certificate.
+This option can be used multiple times.
This option B<MUST> come before any B<-cert> options.
=item B<-cert> I<filename>
-Add the certificate I<filename> to the request. The issuer certificate
-is taken from the previous B<-issuer> option, or an error occurs if no
-issuer certificate is specified.
+Add the certificate I<filename> to the request.
+This option can be used multiple times.
+The issuer certificate is taken from the previous B<-issuer> option,
+or an error occurs if no issuer certificate is specified.
=item B<-no_certs>
More information about the openssl-commits
mailing list