diff options
| author | Rich Salz <rsalz@akamai.com> | 2021-02-08 20:20:01 +0100 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-11 23:34:17 +0100 |
| commit | 03bbd346f4410c329d472cc043fb6c49f6688eba (patch) | |
| tree | 4404d27a430f7a3c8a33ddd6d0633fb35d9a4065 /apps | |
| parent | Process digest option after loading providers (diff) | |
| download | openssl-03bbd346f4410c329d472cc043fb6c49f6688eba.tar.xz openssl-03bbd346f4410c329d472cc043fb6c49f6688eba.zip | |
Fetch cipher after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/cms.c | 16 | ||||
| -rw-r--r-- | apps/crl.c | 6 | ||||
| -rw-r--r-- | apps/dsa.c | 9 | ||||
| -rw-r--r-- | apps/ec.c | 9 | ||||
| -rw-r--r-- | apps/gendsa.c | 11 | ||||
| -rw-r--r-- | apps/genrsa.c | 9 | ||||
| -rw-r--r-- | apps/lib/app_rand.c | 21 | ||||
| -rw-r--r-- | apps/pkcs12.c | 25 | ||||
| -rw-r--r-- | apps/pkcs8.c | 9 | ||||
| -rw-r--r-- | apps/pkey.c | 9 | ||||
| -rw-r--r-- | apps/rsa.c | 9 | ||||
| -rw-r--r-- | apps/smime.c | 9 |
12 files changed, 92 insertions, 50 deletions
diff --git a/apps/cms.c b/apps/cms.c index 4f1e614e4c..67cbb9379a 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -289,7 +289,8 @@ int cms_main(int argc, char **argv) char *certsoutfile = NULL, *digestname = NULL; int noCAfile = 0, noCApath = 0, noCAstore = 0; char *infile = NULL, *outfile = NULL, *rctfile = NULL; - char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *originatorfile = NULL, *recipfile = NULL; + char *passinarg = NULL, *passin = NULL, *signerfile = NULL; + char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL; char *to = NULL, *from = NULL, *subject = NULL, *prog; cms_key_param *key_first = NULL, *key_param = NULL; int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0; @@ -624,8 +625,7 @@ int cms_main(int argc, char **argv) } break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &cipher)) - goto end; + ciphername = opt_unknown(); break; case OPT_KEYOPT: keyidx = -1; @@ -698,8 +698,14 @@ int cms_main(int argc, char **argv) } } app_RAND_load(); - if (digestname != NULL && !opt_md(digestname, &sign_md)) - goto end; + if (digestname != NULL) { + if (!opt_md(digestname, &sign_md)) + goto end; + } + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &cipher)) + goto end; + } /* Remaining args are files to process. */ argc = opt_num_rest(); diff --git a/apps/crl.c b/apps/crl.c index 34551cc3a4..dd9d41e8ea 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -207,8 +207,10 @@ int crl_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (digestname != NULL && !opt_md(digestname, &digest)) - goto opthelp; + if (digestname != NULL) { + if (!opt_md(digestname, &digest)) + goto opthelp; + } x = load_crl(infile, "CRL"); if (x == NULL) goto end; diff --git a/apps/dsa.c b/apps/dsa.c index ebb841fa53..c4baaf7de9 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -87,7 +87,7 @@ int dsa_main(int argc, char **argv) int modulus = 0, pubin = 0, pubout = 0, ret = 1; int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; int private = 0; - const char *output_type = NULL; + const char *output_type = NULL, *ciphername = NULL; const char *output_structure = NULL; int selection = 0; OSSL_ENCODER_CTX *ectx = NULL; @@ -151,8 +151,7 @@ int dsa_main(int argc, char **argv) pubout = 1; break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &enc)) - goto end; + ciphername = opt_unknown(); break; case OPT_PROV_CASES: if (!opt_provider(o)) @@ -166,6 +165,10 @@ int dsa_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto end; + } private = pubin || pubout ? 0 : 1; if (text && !pubin) private = 1; @@ -70,7 +70,7 @@ int ec_main(int argc, char **argv) BIO *in = NULL, *out = NULL; ENGINE *e = NULL; const EVP_CIPHER *enc = NULL; - char *infile = NULL, *outfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; @@ -131,8 +131,7 @@ int ec_main(int argc, char **argv) e = setup_engine(opt_arg(), 0); break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &enc)) - goto opthelp; + ciphername = opt_unknown(); break; case OPT_CONV_FORM: point_format = opt_arg(); @@ -162,6 +161,10 @@ int ec_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto opthelp; + } private = param_out || pubin || pubout ? 0 : 1; if (text && !pubin) private = 1; diff --git a/apps/gendsa.c b/apps/gendsa.c index 81ab10d07c..c6c84c9a56 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -57,7 +57,7 @@ int gendsa_main(int argc, char **argv) EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; const EVP_CIPHER *enc = NULL; - char *dsaparams = NULL; + char *dsaparams = NULL, *ciphername = NULL; char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; OPTION_CHOICE o; int ret = 1, private = 0, verbose = 0; @@ -93,8 +93,7 @@ int gendsa_main(int argc, char **argv) goto end; break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &enc)) - goto end; + ciphername = opt_unknown(); break; case OPT_VERBOSE: verbose = 1; @@ -107,9 +106,13 @@ int gendsa_main(int argc, char **argv) argv = opt_rest(); if (argc != 1) goto opthelp; + dsaparams = argv[0]; app_RAND_load(); - dsaparams = argv[0]; + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto end; + } private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { diff --git a/apps/genrsa.c b/apps/genrsa.c index 39c23e7df8..cd99b53a3b 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -86,7 +86,7 @@ int genrsa_main(int argc, char **argv) int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES; unsigned long f4 = RSA_F4; char *outfile = NULL, *passoutarg = NULL, *passout = NULL; - char *prog, *hexe, *dece; + char *prog, *hexe, *dece, *ciphername = NULL; OPTION_CHOICE o; int traditional = 0; @@ -131,8 +131,7 @@ opthelp: passoutarg = opt_arg(); break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &enc)) - goto end; + ciphername = opt_unknown(); break; case OPT_PRIMES: if (!opt_int(opt_arg(), &primes)) @@ -166,6 +165,10 @@ opthelp: app_RAND_load(); private = 1; + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto end; + } if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c index cd4ee6753e..b1c092752e 100644 --- a/apps/lib/app_rand.c +++ b/apps/lib/app_rand.c @@ -14,7 +14,7 @@ #include <openssl/conf.h> static char *save_rand_file; -static char *load_rand_file; +static char *files_to_load; void app_RAND_load_conf(CONF *c, const char *section) { @@ -34,30 +34,33 @@ void app_RAND_load_conf(CONF *c, const char *section) int app_RAND_load(void) { - char *p; + char *p, *save; int last, ret = 1; - if (load_rand_file == NULL) + if (files_to_load == NULL) return 1; + save = files_to_load; for ( ; ; ) { last = 0; - for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) + for (p = files_to_load; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) continue; if (*p == '\0') last = 1; *p = '\0'; - if (RAND_load_file(load_rand_file, -1) < 0) { - BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file); + if (RAND_load_file(files_to_load, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", files_to_load); ERR_print_errors(bio_err); ret = 0; } if (last) break; - load_rand_file = p + 1; - if (*load_rand_file == '\0') + files_to_load = p + 1; + if (*files_to_load == '\0') break; } + files_to_load = NULL; + OPENSSL_free(save); return ret; } @@ -86,7 +89,7 @@ int opt_rand(int opt) case OPT_R__LAST: break; case OPT_R_RAND: - load_rand_file = opt_arg(); + files_to_load = opt_arg(); break; case OPT_R_WRITERAND: OPENSSL_free(save_rand_file); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 8cc1f8eeb5..e96f9ec4a4 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -145,7 +145,7 @@ const OPTIONS pkcs12_options[] = { int pkcs12_main(int argc, char **argv) { char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; - char *untrusted = NULL; + char *untrusted = NULL, *ciphername = NULL, *enc_flag = NULL; char *passcertsarg = NULL, *passcerts = NULL; char *name = NULL, *csp_name = NULL; char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; @@ -164,7 +164,6 @@ int pkcs12_main(int argc, char **argv) BIO *in = NULL, *out = NULL; PKCS12 *p12 = NULL; STACK_OF(OPENSSL_STRING) *canames = NULL; - const char *enc_flag = NULL; const EVP_CIPHER *const default_enc = EVP_aes_256_cbc(); const EVP_CIPHER *enc = default_enc; OPTION_CHOICE o; @@ -220,10 +219,19 @@ int pkcs12_main(int argc, char **argv) case OPT_EXPORT: export_pkcs12 = 1; break; + case OPT_NODES: + case OPT_NOENC: + /* + * |enc_flag| stores the name of the option used so it + * can be printed if an error message is output. + */ + enc_flag = opt_flag() + 1; + enc = NULL; + ciphername = NULL; + break; case OPT_CIPHER: + ciphername = opt_unknown(); enc_flag = opt_unknown(); - if (!opt_cipher(enc_flag, &enc)) - goto opthelp; break; case OPT_ITER: if (!opt_int(opt_arg(), &iter)) @@ -246,11 +254,6 @@ int pkcs12_main(int argc, char **argv) case OPT_MACALG: macalg = opt_arg(); break; - case OPT_NODES: - case OPT_NOENC: - enc_flag = opt_flag() + 1; - enc = NULL; - break; case OPT_CERTPBE: if (!set_pbe(&cert_pbe, opt_arg())) goto opthelp; @@ -342,6 +345,10 @@ int pkcs12_main(int argc, char **argv) goto opthelp; app_RAND_load(); + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto opthelp; + } if (export_pkcs12) { if ((options & INFO) != 0) WARN_EXPORT("info"); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 1c459e7bc2..674007498a 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -75,7 +75,7 @@ int pkcs8_main(int argc, char **argv) PKCS8_PRIV_KEY_INFO *p8inf = NULL; X509_SIG *p8 = NULL; const EVP_CIPHER *cipher = NULL; - char *infile = NULL, *outfile = NULL; + char *infile = NULL, *outfile = NULL, *ciphername = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; #ifndef OPENSSL_NO_UI_CONSOLE char pass[APP_PASS_LEN]; @@ -136,8 +136,7 @@ int pkcs8_main(int argc, char **argv) traditional = 1; break; case OPT_V2: - if (!opt_cipher(opt_arg(), &cipher)) - goto opthelp; + ciphername = opt_arg(); break; case OPT_V1: pbe_nid = OBJ_txt2nid(opt_arg()); @@ -201,6 +200,10 @@ int pkcs8_main(int argc, char **argv) private = 1; app_RAND_load(); + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; + } if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/pkey.c b/apps/pkey.c index a48c9856bf..1a53447401 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -73,7 +73,7 @@ int pkey_main(int argc, char **argv) EVP_PKEY_CTX *ctx = NULL; const EVP_CIPHER *cipher = NULL; char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL; - char *passinarg = NULL, *passoutarg = NULL, *prog; + char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM; int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1; @@ -143,8 +143,7 @@ int pkey_main(int argc, char **argv) pub_check = 1; break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &cipher)) - goto opthelp; + ciphername = opt_unknown(); break; case OPT_EC_CONV_FORM: #ifdef OPENSSL_NO_EC @@ -187,6 +186,10 @@ int pkey_main(int argc, char **argv) "Warning: The -traditional is ignored since there is no PEM output\n"); private = (!noout && !pubout) || (text && !text_pub); + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; + } if (cipher == NULL) { if (passoutarg != NULL) BIO_printf(bio_err, diff --git a/apps/rsa.c b/apps/rsa.c index b65c8fc793..1a75681c70 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -93,7 +93,7 @@ int rsa_main(int argc, char **argv) EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx; const EVP_CIPHER *enc = NULL; - char *infile = NULL, *outfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; int private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; @@ -171,8 +171,7 @@ int rsa_main(int argc, char **argv) check = 1; break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &enc)) - goto opthelp; + ciphername = opt_unknown(); break; case OPT_PROV_CASES: if (!opt_provider(o)) @@ -189,6 +188,10 @@ int rsa_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &enc)) + goto opthelp; + } private = (text && !pubin) || (!pubout && !noout) ? 1 : 0; if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { diff --git a/apps/smime.c b/apps/smime.c index fd1e2e6810..63578f28d5 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -146,7 +146,7 @@ int smime_main(int argc, char **argv) char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL; char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL; - char *subject = NULL, *digestname = NULL; + char *subject = NULL, *digestname = NULL, *ciphername = NULL; OPTION_CHOICE o; int noCApath = 0, noCAfile = 0, noCAstore = 0; int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0; @@ -297,8 +297,7 @@ int smime_main(int argc, char **argv) digestname = opt_arg(); break; case OPT_CIPHER: - if (!opt_cipher(opt_unknown(), &cipher)) - goto opthelp; + ciphername = opt_unknown(); break; case OPT_INKEY: /* If previous -inkey argument add signer to list */ @@ -365,6 +364,10 @@ int smime_main(int argc, char **argv) if (!opt_md(digestname, &sign_md)) goto opthelp; } + if (ciphername != NULL) { + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; + } if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto opthelp; |