diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 21:02:47 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 11:53:15 +0100 |
commit | 157959438308e586593592cc751195fbf3930a7d (patch) | |
tree | 16894ebf050450cd8245293e51f933981aeaea81 /apps | |
parent | apps/{req,x509,ca}.c Make sure certs have SKID and AKID X.509 extensions by d... (diff) | |
download | openssl-157959438308e586593592cc751195fbf3930a7d.tar.xz openssl-157959438308e586593592cc751195fbf3930a7d.zip |
APPS: Allow OPENSSL_CONF to be empty, not loading a config file
Also document the function CONF_get1_default_config_file()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
Diffstat (limited to 'apps')
-rwxr-xr-x | apps/ca.c | 4 | ||||
-rw-r--r-- | apps/include/apps.h | 8 | ||||
-rw-r--r-- | apps/lib/apps.c | 37 | ||||
-rw-r--r-- | apps/req.c | 40 | ||||
-rw-r--r-- | apps/srp.c | 5 |
5 files changed, 36 insertions, 58 deletions
@@ -494,9 +494,7 @@ end_of_options: argc = opt_num_rest(); argv = opt_rest(); - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - - if ((conf = app_load_config(configfile)) == NULL) + if ((conf = app_load_config_verbose(configfile, 1)) == NULL) goto end; if (configfile != default_config_file && !app_load_modules(conf)) goto end; diff --git a/apps/include/apps.h b/apps/include/apps.h index 30dc5d85f7..4bed7d7540 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -48,7 +48,7 @@ void app_RAND_load_conf(CONF *c, const char *section); void app_RAND_write(void); -extern char *default_config_file; +extern char *default_config_file; /* may be "" */ extern BIO *bio_in; extern BIO *bio_out; extern BIO *bio_err; @@ -63,8 +63,10 @@ BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); CONF *app_load_config_bio(BIO *in, const char *filename); -CONF *app_load_config(const char *filename); -CONF *app_load_config_quiet(const char *filename); +#define app_load_config(filename) app_load_config_internal(filename, 0) +#define app_load_config_quiet(filename) app_load_config_internal(filename, 1) +CONF *app_load_config_internal(const char *filename, int quiet); +CONF *app_load_config_verbose(const char *filename, int verbose); int app_load_modules(const CONF *config); CONF *app_load_config_modules(const char *configfile); void unbuffer(FILE *fp); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6ae35bac73..d5654d9dc9 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -54,6 +54,9 @@ static int WIN32_rename(const char *from, const char *to); # define _kbhit kbhit #endif +static BIO *bio_open_default_(const char *filename, char mode, int format, + int quiet); + #define PASS_SOURCE_SIZE_MAX 4 DEFINE_STACK_OF(CONF) @@ -379,29 +382,25 @@ CONF *app_load_config_bio(BIO *in, const char *filename) return NULL; } -CONF *app_load_config(const char *filename) +CONF *app_load_config_verbose(const char *filename, int verbose) { - BIO *in; - CONF *conf; - - in = bio_open_default(filename, 'r', FORMAT_TEXT); - if (in == NULL) - return NULL; - - conf = app_load_config_bio(in, filename); - BIO_free(in); - return conf; + if (verbose) { + if (*filename == '\0') + BIO_printf(bio_err, "No configuration used\n"); + else + BIO_printf(bio_err, "Using configuration from %s\n", filename); + } + return app_load_config_internal(filename, 0); } -CONF *app_load_config_quiet(const char *filename) +CONF *app_load_config_internal(const char *filename, int quiet) { - BIO *in; + BIO *in = NULL; /* leads to empty config in case filename == "" */ CONF *conf; - in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT); - if (in == NULL) + if (*filename != '\0' + && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL) return NULL; - conf = app_load_config_bio(in, filename); BIO_free(in); return conf; @@ -457,9 +456,7 @@ CONF *app_load_config_modules(const char *configfile) CONF *conf = NULL; if (configfile != NULL) { - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - - if ((conf = app_load_config(configfile)) == NULL) + if ((conf = app_load_config_verbose(configfile, 1)) == NULL) return NULL; if (configfile != default_config_file && !app_load_modules(conf)) { NCONF_free(conf); @@ -2789,7 +2786,7 @@ static BIO *bio_open_default_(const char *filename, char mode, int format, if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open %s for %s, %s\n", + "Can't open \"%s\" for %s, %s\n", filename, modeverb(mode), strerror(errno)); } ERR_print_errors(bio_err); diff --git a/apps/req.c b/apps/req.c index 5a065ad843..b645cc1039 100644 --- a/apps/req.c +++ b/apps/req.c @@ -466,9 +466,7 @@ int req_main(int argc, char **argv) goto end; } - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", template); - if ((req_conf = app_load_config(template)) == NULL) + if ((req_conf = app_load_config_verbose(template, verbose)) == NULL) goto end; if (addext_bio != NULL) { if (verbose) @@ -635,7 +633,7 @@ int req_main(int argc, char **argv) if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, &keyalgstr, gen_eng); - if (!genctx) + if (genctx == NULL) goto end; } @@ -645,7 +643,6 @@ int req_main(int argc, char **argv) genopt = sk_OPENSSL_STRING_value(pkeyopts, i); if (pkey_ctrl_string(genctx, genopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", genopt); - ERR_print_errors(bio_err); goto end; } } @@ -743,7 +740,6 @@ int req_main(int argc, char **argv) if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) goto end; - /* Set version to V3 */ if (serial != NULL) { if (!X509_set_serialNumber(x509ss, serial)) goto end; @@ -768,7 +764,6 @@ int req_main(int argc, char **argv) goto end; /* Set up V3 context struct */ - X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE); X509V3_set_nconf(&ext_ctx, req_conf); @@ -797,10 +792,8 @@ int req_main(int argc, char **argv) } i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } else { X509V3_CTX ext_ctx; @@ -824,10 +817,8 @@ int req_main(int argc, char **argv) goto end; } i = do_X509_REQ_sign(req, pkey, digest, sigopts); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } } @@ -893,7 +884,6 @@ int req_main(int argc, char **argv) if (tpubkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); - ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, tpubkey); @@ -911,7 +901,6 @@ int req_main(int argc, char **argv) else BIO_printf(bio_err, "Error printing certificate request\n"); - ERR_print_errors(bio_err); goto end; } } @@ -1008,7 +997,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, { int ret = 0, i; char no_prompt = 0; - STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; + STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL; char *tmp, *dn_sect, *attr_sect; tmp = NCONF_get_string(req_conf, section, PROMPT); @@ -1019,20 +1008,18 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME); if (dn_sect == NULL) { - BIO_printf(bio_err, "unable to find '%s' in config\n", - DISTINGUISHED_NAME); - goto err; - } - dn_sk = NCONF_get_section(req_conf, dn_sect); - if (dn_sk == NULL) { - BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); - goto err; + ERR_clear_error(); + } else { + dn_sk = NCONF_get_section(req_conf, dn_sect); + if (dn_sk == NULL) { + BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); + goto err; + } } attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES); if (attr_sect == NULL) { ERR_clear_error(); - attr_sk = NULL; } else { attr_sk = NCONF_get_section(req_conf, attr_sect); if (attr_sk == NULL) { @@ -1583,20 +1570,17 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, if (gctx == NULL) { BIO_puts(bio_err, "Error allocating keygen context\n"); - ERR_print_errors(bio_err); return NULL; } if (EVP_PKEY_keygen_init(gctx) <= 0) { BIO_puts(bio_err, "Error initializing keygen context\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) { BIO_puts(bio_err, "Error setting RSA keysize\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } diff --git a/apps/srp.c b/apps/srp.c index 3d8ce3e7c6..f7edfa9930 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -338,10 +338,7 @@ int srp_main(int argc, char **argv) if (configfile == NULL) configfile = default_config_file; - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", - configfile); - conf = app_load_config(configfile); + conf = app_load_config_verbose(configfile, verbose); if (conf == NULL) goto end; if (configfile != default_config_file && !app_load_modules(conf)) |