summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-17 01:39:00 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-24 14:34:56 +0200
commit50eb2a507732b4d32879709dbfa335ccb542f676 (patch)
tree18bba64cf2babfee3c6ee5f89a7cde5c579d7807 /apps
parentACVP: add test case for DRBG (diff)
downloadopenssl-50eb2a507732b4d32879709dbfa335ccb542f676.tar.xz
openssl-50eb2a507732b4d32879709dbfa335ccb542f676.zip
load_key_certs_crls(): Restore output of fatal errors
Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
Diffstat (limited to 'apps')
-rw-r--r--apps/ca.c5
-rw-r--r--apps/cms.c4
-rw-r--r--apps/dgst.c4
-rw-r--r--apps/dsa.c4
-rw-r--r--apps/ec.c4
-rw-r--r--apps/lib/apps.c65
-rw-r--r--apps/lib/s_cb.c6
-rw-r--r--apps/pkeyutl.c6
-rw-r--r--apps/req.c2
-rw-r--r--apps/rsa.c4
-rw-r--r--apps/rsautl.c4
-rw-r--r--apps/s_client.c4
-rw-r--r--apps/s_server.c12
-rw-r--r--apps/smime.c4
-rw-r--r--apps/x509.c10
15 files changed, 82 insertions, 56 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 74113cdd67..35616253fe 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1269,7 +1269,8 @@ end_of_options:
} else {
X509 *revcert;
- revcert = load_cert_pass(infile, certformat, passin, infile);
+ revcert = load_cert_pass(infile, certformat, passin,
+ "certificate to be revoked");
if (revcert == NULL)
goto end;
if (dorevoke == 2)
@@ -1403,7 +1404,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req = load_cert_pass(infile, certformat, passin, infile)) == NULL)
+ if ((req = load_cert_pass(infile, certformat, passin, "template certificate")) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);
diff --git a/apps/cms.c b/apps/cms.c
index 178c441f1a..ad8f64fcaa 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -857,7 +857,7 @@ int cms_main(int argc, char **argv)
}
if (keyfile != NULL) {
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
@@ -1060,7 +1060,7 @@ int cms_main(int argc, char **argv)
ret = 2;
goto end;
}
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL) {
ret = 2;
goto end;
diff --git a/apps/dgst.c b/apps/dgst.c
index 650115b468..badcfdf0e2 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -268,9 +268,9 @@ int dgst_main(int argc, char **argv)
int type;
if (want_pub)
- sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
+ sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
else
- sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
+ sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
diff --git a/apps/dsa.c b/apps/dsa.c
index 8ef802e0da..75a0504548 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -165,9 +165,9 @@ int dsa_main(int argc, char **argv)
BIO_printf(bio_err, "read DSA key\n");
if (pubin)
- pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL)
dsa = EVP_PKEY_get1_DSA(pkey);
diff --git a/apps/ec.c b/apps/ec.c
index 43e2be1346..79951cc8d6 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -194,9 +194,9 @@ int ec_main(int argc, char **argv)
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
- pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index c0c56d9c22..fa015aa4ea 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -708,7 +708,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
const char *propq = app_get0_propq();
int ncerts = 0;
int ncrls = 0;
- const char *failed = "any";
+ const char *failed =
+ ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
+ pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
+ pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL)
@@ -717,33 +720,36 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
*ppubkey = NULL;
if (pcert != NULL)
*pcert = NULL;
+ if (failed == NULL) {
+ BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
+ uri != NULL ? uri : "<stdin>");
+ return 0;
+ }
+
if (pcerts != NULL && *pcerts == NULL
&& (*pcerts = sk_X509_new_null()) == NULL) {
- BIO_printf(bio_err, "Out of memory");
+ BIO_printf(bio_err, "Out of memory loading");
goto end;
}
if (pcrl != NULL)
*pcrl = NULL;
if (pcrls != NULL && *pcrls == NULL
&& (*pcrls = sk_X509_CRL_new_null()) == NULL) {
- BIO_printf(bio_err, "Out of memory");
+ BIO_printf(bio_err, "Out of memory loading");
goto end;
}
- if (desc == NULL)
- desc = "key/certificate/CRL";
uidata.password = pass;
uidata.prompt_info = uri;
if (uri == NULL) {
BIO *bio;
- uri = "<stdin>";
if (!maybe_stdin) {
- BIO_printf(bio_err, "No filename or uri specified for loading %s\n",
- desc);
+ BIO_printf(bio_err, "No filename or uri specified for loading");
goto end;
}
+ uri = "<stdin>";
unbuffer(stdin);
bio = BIO_new_fp(stdin, 0);
if (bio != NULL)
@@ -754,17 +760,18 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
&uidata, NULL, NULL);
}
if (ctx == NULL) {
- BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n",
- uri, desc);
+ BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
}
failed = NULL;
while (!OSSL_STORE_eof(ctx)) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
- int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
- int ok = 1;
+ int type, ok = 1;
+ if (info == NULL)
+ break;
+ type = OSSL_STORE_INFO_get_type(info);
switch (type) {
case OSSL_STORE_INFO_PKEY:
if (ppkey != NULL && *ppkey == NULL)
@@ -805,8 +812,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
OSSL_STORE_INFO_free(info);
if (!ok) {
failed = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
- BIO_printf(bio_err, "Error reading %s of %s from %s\n",
- failed, desc, uri);
+ BIO_printf(bio_err, "Error reading");
break;
}
}
@@ -814,18 +820,37 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
end:
OSSL_STORE_close(ctx);
if (failed == NULL) {
- if (ppkey != NULL && *ppkey == NULL)
+ int any = 0;
+
+ if (ppkey != NULL && *ppkey == NULL) {
failed = "key";
- else if ((pcert != NULL || pcerts != NULL) && ncerts == 0)
+ } else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
+ if (pcert == NULL)
+ any = 1;
failed = "cert";
- else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0)
+ } else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) {
+ if (pcrl == NULL)
+ any = 1;
failed = "CRL";
+ }
if (failed != NULL)
- BIO_printf(bio_err, "Could not read any %s of %s from %s\n",
- failed, desc, uri);
+ BIO_printf(bio_err, "Could not read");
+ if (any)
+ BIO_printf(bio_err, " any");
}
- if (failed != NULL)
+ if (failed != NULL) {
+ if (desc != NULL && strstr(desc, failed) != NULL) {
+ BIO_printf(bio_err, " %s", desc);
+ } else {
+ BIO_printf(bio_err, " %s", failed);
+ if (desc != NULL)
+ BIO_printf(bio_err, " of %s", desc);
+ }
+ if (uri != NULL)
+ BIO_printf(bio_err, " from %s", uri);
+ BIO_printf(bio_err, "\n");
ERR_print_errors(bio_err);
+ }
return failed == NULL;
}
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 72fb98402d..142659d05e 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1047,15 +1047,15 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
if (exc->keyfile != NULL) {
exc->key = load_key(exc->keyfile, exc->keyform,
- 0, NULL, NULL, "Server Key");
+ 0, NULL, NULL, "server key");
} else {
exc->key = load_key(exc->certfile, exc->certform,
- 0, NULL, NULL, "Server Key");
+ 0, NULL, NULL, "server key");
}
if (exc->key == NULL)
return 0;
if (exc->chainfile != NULL) {
- if (!load_certs(exc->chainfile, &exc->chain, NULL, "Server Chain"))
+ if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
return 0;
}
}
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 5f53867790..61f9130175 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -532,11 +532,11 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
}
switch (key_type) {
case KEY_PRIVKEY:
- pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+ pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
break;
case KEY_CERT:
@@ -644,7 +644,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
if (peerform == FORMAT_ENGINE)
engine = e;
- peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
+ peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(bio_err);
diff --git a/apps/req.c b/apps/req.c
index cb5850c6b5..62abf226ac 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -591,7 +591,7 @@ int req_main(int argc, char **argv)
}
if (keyfile != NULL) {
- pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (pkey == NULL)
goto end;
app_RAND_load_conf(req_conf, section);
diff --git a/apps/rsa.c b/apps/rsa.c
index fdee96d570..558b126560 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -198,9 +198,9 @@ int rsa_main(int argc, char **argv)
tmpformat = informat;
}
- pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key");
} else {
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
}
if (pkey != NULL)
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 0f9789c39c..49d9fcfea4 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -189,11 +189,11 @@ int rsautl_main(int argc, char **argv)
switch (key_type) {
case KEY_PRIVKEY:
- pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyformat, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
+ pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key");
break;
case KEY_CERT:
diff --git a/apps/s_client.c b/apps/s_client.c
index ca9891aba8..513beeaa9a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1728,13 +1728,13 @@ int s_client_main(int argc, char **argv)
if (key_file != NULL) {
key = load_key(key_file, key_format, 0, pass, e,
- "client certificate private key file");
+ "client certificate private key");
if (key == NULL)
goto end;
}
if (cert_file != NULL) {
- cert = load_cert_pass(cert_file, cert_format, pass, "client certificate file");
+ cert = load_cert_pass(cert_file, cert_format, pass, "client certificate");
if (cert == NULL)
goto end;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index dde0ee60c0..dee38584c4 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1740,12 +1740,12 @@ int s_server_main(int argc, char *argv[])
if (nocert == 0) {
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
- "server certificate private key file");
+ "server certificate private key");
if (s_key == NULL)
goto end;
s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
- "server certificate file");
+ "server certificate");
if (s_cert == NULL)
goto end;
@@ -1757,12 +1757,12 @@ int s_server_main(int argc, char *argv[])
if (tlsextcbp.servername != NULL) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
- "second server certificate private key file");
+ "second server certificate private key");
if (s_key2 == NULL)
goto end;
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
- "second server certificate file");
+ "second server certificate");
if (s_cert2 == NULL)
goto end;
@@ -1802,12 +1802,12 @@ int s_server_main(int argc, char *argv[])
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, engine, "second certificate private key file");
+ 0, dpass, engine, "second certificate private key");
if (s_dkey == NULL)
goto end;
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
- "second server certificate file");
+ "second server certificate");
if (s_dcert == NULL) {
ERR_print_errors(bio_err);
diff --git a/apps/smime.c b/apps/smime.c
index 9113038db7..e6d539457e 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -471,7 +471,7 @@ int smime_main(int argc, char **argv)
}
if (keyfile != NULL) {
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
@@ -573,7 +573,7 @@ int smime_main(int argc, char **argv)
"signer certificate");
if (signer == NULL)
goto end;
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
diff --git a/apps/x509.c b/apps/x509.c
index 5627bd9dbe..367cbf45f1 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -522,7 +522,7 @@ int x509_main(int argc, char **argv)
goto end;
}
if (fkeyfile != NULL) {
- fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
+ fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "forced key");
if (fkey == NULL)
goto end;
}
@@ -629,7 +629,7 @@ int x509_main(int argc, char **argv)
if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req)))
goto end;
} else {
- x = load_cert_pass(infile, FORMAT_UNDEF, passin, "Certificate");
+ x = load_cert_pass(infile, FORMAT_UNDEF, passin, "certificate");
if (x == NULL)
goto end;
if (fkey != NULL && !X509_set_pubkey(x, fkey))
@@ -639,7 +639,7 @@ int x509_main(int argc, char **argv)
}
if (CA_flag) {
- xca = load_cert_pass(CAfile, CAformat, passin, "CA Certificate");
+ xca = load_cert_pass(CAfile, CAformat, passin, "CA certificate");
if (xca == NULL)
goto end;
}
@@ -846,7 +846,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Getting Private key\n");
if (Upkey == NULL) {
Upkey = load_key(keyfile, keyformat, 0,
- passin, e, "Private key");
+ passin, e, "private key");
if (Upkey == NULL)
goto end;
}
@@ -858,7 +858,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Getting CA Private Key\n");
if (CAkeyfile != NULL) {
CApkey = load_key(CAkeyfile, CAkeyformat,
- 0, passin, e, "CA Private Key");
+ 0, passin, e, "CA private key");
if (CApkey == NULL)
goto end;
}