summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-12-10 21:02:47 +0100
committerDr. David von Oheimb <dev@ddvo.net>2021-01-13 11:53:15 +0100
commit157959438308e586593592cc751195fbf3930a7d (patch)
tree16894ebf050450cd8245293e51f933981aeaea81 /apps
parentapps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by d... (diff)
downloadopenssl-157959438308e586593592cc751195fbf3930a7d.tar.xz
openssl-157959438308e586593592cc751195fbf3930a7d.zip
APPS: Allow OPENSSL_CONF to be empty, not loading a config file
Also document the function CONF_get1_default_config_file() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'apps')
-rwxr-xr-xapps/ca.c4
-rw-r--r--apps/include/apps.h8
-rw-r--r--apps/lib/apps.c37
-rw-r--r--apps/req.c40
-rw-r--r--apps/srp.c5
5 files changed, 36 insertions, 58 deletions
diff --git a/apps/ca.c b/apps/ca.c
index f580d97e2d..d97be7568e 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -494,9 +494,7 @@ end_of_options:
argc = opt_num_rest();
argv = opt_rest();
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
-
- if ((conf = app_load_config(configfile)) == NULL)
+ if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))
goto end;
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 30dc5d85f7..4bed7d7540 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -48,7 +48,7 @@
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
-extern char *default_config_file;
+extern char *default_config_file; /* may be "" */
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
@@ -63,8 +63,10 @@ BIO *bio_open_owner(const char *filename, int format, int private);
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
-CONF *app_load_config(const char *filename);
-CONF *app_load_config_quiet(const char *filename);
+#define app_load_config(filename) app_load_config_internal(filename, 0)
+#define app_load_config_quiet(filename) app_load_config_internal(filename, 1)
+CONF *app_load_config_internal(const char *filename, int quiet);
+CONF *app_load_config_verbose(const char *filename, int verbose);
int app_load_modules(const CONF *config);
CONF *app_load_config_modules(const char *configfile);
void unbuffer(FILE *fp);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 6ae35bac73..d5654d9dc9 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -54,6 +54,9 @@ static int WIN32_rename(const char *from, const char *to);
# define _kbhit kbhit
#endif
+static BIO *bio_open_default_(const char *filename, char mode, int format,
+ int quiet);
+
#define PASS_SOURCE_SIZE_MAX 4
DEFINE_STACK_OF(CONF)
@@ -379,29 +382,25 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
return NULL;
}
-CONF *app_load_config(const char *filename)
+CONF *app_load_config_verbose(const char *filename, int verbose)
{
- BIO *in;
- CONF *conf;
-
- in = bio_open_default(filename, 'r', FORMAT_TEXT);
- if (in == NULL)
- return NULL;
-
- conf = app_load_config_bio(in, filename);
- BIO_free(in);
- return conf;
+ if (verbose) {
+ if (*filename == '\0')
+ BIO_printf(bio_err, "No configuration used\n");
+ else
+ BIO_printf(bio_err, "Using configuration from %s\n", filename);
+ }
+ return app_load_config_internal(filename, 0);
}
-CONF *app_load_config_quiet(const char *filename)
+CONF *app_load_config_internal(const char *filename, int quiet)
{
- BIO *in;
+ BIO *in = NULL; /* leads to empty config in case filename == "" */
CONF *conf;
- in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
- if (in == NULL)
+ if (*filename != '\0'
+ && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL)
return NULL;
-
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
@@ -457,9 +456,7 @@ CONF *app_load_config_modules(const char *configfile)
CONF *conf = NULL;
if (configfile != NULL) {
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
-
- if ((conf = app_load_config(configfile)) == NULL)
+ if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
return NULL;
if (configfile != default_config_file && !app_load_modules(conf)) {
NCONF_free(conf);
@@ -2789,7 +2786,7 @@ static BIO *bio_open_default_(const char *filename, char mode, int format,
if (ret != NULL)
return ret;
BIO_printf(bio_err,
- "Can't open %s for %s, %s\n",
+ "Can't open \"%s\" for %s, %s\n",
filename, modeverb(mode), strerror(errno));
}
ERR_print_errors(bio_err);
diff --git a/apps/req.c b/apps/req.c
index 5a065ad843..b645cc1039 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -466,9 +466,7 @@ int req_main(int argc, char **argv)
goto end;
}
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", template);
- if ((req_conf = app_load_config(template)) == NULL)
+ if ((req_conf = app_load_config_verbose(template, verbose)) == NULL)
goto end;
if (addext_bio != NULL) {
if (verbose)
@@ -635,7 +633,7 @@ int req_main(int argc, char **argv)
if (genctx == NULL) {
genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
&keyalgstr, gen_eng);
- if (!genctx)
+ if (genctx == NULL)
goto end;
}
@@ -645,7 +643,6 @@ int req_main(int argc, char **argv)
genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
- ERR_print_errors(bio_err);
goto end;
}
}
@@ -743,7 +740,6 @@ int req_main(int argc, char **argv)
if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
- /* Set version to V3 */
if (serial != NULL) {
if (!X509_set_serialNumber(x509ss, serial))
goto end;
@@ -768,7 +764,6 @@ int req_main(int argc, char **argv)
goto end;
/* Set up V3 context struct */
-
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE);
X509V3_set_nconf(&ext_ctx, req_conf);
@@ -797,10 +792,8 @@ int req_main(int argc, char **argv)
}
i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx);
- if (!i) {
- ERR_print_errors(bio_err);
+ if (!i)
goto end;
- }
} else {
X509V3_CTX ext_ctx;
@@ -824,10 +817,8 @@ int req_main(int argc, char **argv)
goto end;
}
i = do_X509_REQ_sign(req, pkey, digest, sigopts);
- if (!i) {
- ERR_print_errors(bio_err);
+ if (!i)
goto end;
- }
}
}
@@ -893,7 +884,6 @@ int req_main(int argc, char **argv)
if (tpubkey == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
- ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
@@ -911,7 +901,6 @@ int req_main(int argc, char **argv)
else
BIO_printf(bio_err, "Error printing certificate request\n");
- ERR_print_errors(bio_err);
goto end;
}
}
@@ -1008,7 +997,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
{
int ret = 0, i;
char no_prompt = 0;
- STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+ STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL;
char *tmp, *dn_sect, *attr_sect;
tmp = NCONF_get_string(req_conf, section, PROMPT);
@@ -1019,20 +1008,18 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME);
if (dn_sect == NULL) {
- BIO_printf(bio_err, "unable to find '%s' in config\n",
- DISTINGUISHED_NAME);
- goto err;
- }
- dn_sk = NCONF_get_section(req_conf, dn_sect);
- if (dn_sk == NULL) {
- BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
- goto err;
+ ERR_clear_error();
+ } else {
+ dn_sk = NCONF_get_section(req_conf, dn_sect);
+ if (dn_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+ goto err;
+ }
}
attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES);
if (attr_sect == NULL) {
ERR_clear_error();
- attr_sk = NULL;
} else {
attr_sk = NCONF_get_section(req_conf, attr_sect);
if (attr_sk == NULL) {
@@ -1583,20 +1570,17 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
if (gctx == NULL) {
BIO_puts(bio_err, "Error allocating keygen context\n");
- ERR_print_errors(bio_err);
return NULL;
}
if (EVP_PKEY_keygen_init(gctx) <= 0) {
BIO_puts(bio_err, "Error initializing keygen context\n");
- ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(bio_err, "Error setting RSA keysize\n");
- ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
diff --git a/apps/srp.c b/apps/srp.c
index 3d8ce3e7c6..f7edfa9930 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -338,10 +338,7 @@ int srp_main(int argc, char **argv)
if (configfile == NULL)
configfile = default_config_file;
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n",
- configfile);
- conf = app_load_config(configfile);
+ conf = app_load_config_verbose(configfile, verbose);
if (conf == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))