[openssl] master update
The branch master has been updated via 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef (commit) from c30bc4e2093f47a37736944da548653bc08d774d (commit) - Log - commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef Author: David Benjamin Date: Wed Dec 29 13:05:12 2021 -0500 Don't use __ARMEL__/__ARMEB__ in aarch64 assembly GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm, respectively. They are not defined on aarch64, which instead use __AARCH64EL__ and __AARCH64EB__. However, OpenSSL's assembly originally used the 32-bit defines on both platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is less portable and can even interfere with other headers, which use __ARMEL__ to detect little-endian arm. Over time, the aarch64 assembly has switched to the correct defines, such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit finishes the job: poly1305-armv8.pl needed a fix and the dual-arch armx.pl files get one more transform to convert from 32-bit to 64-bit. (There is an even more official endianness detector, __ARM_BIG_ENDIAN in the Arm C Language Extensions. But I've stuck with the GCC ones here as that would be a larger change.) Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17373) --- Summary of changes: crypto/aes/asm/aesv8-armx.pl | 3 +++ crypto/arm_arch.h | 5 - crypto/modes/asm/ghashv8-armx.pl | 3 +++ crypto/poly1305/asm/poly1305-armv8.pl | 24 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index c323179b2b..da10c44030 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -3613,6 +3613,9 @@ if ($flavour =~ /64/) { 64-bit code s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { 32-bit code diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index ca48045670..848f06542c 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) #define __ARM_ARCH__ 8 -#if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -#else -# define __ARMEL__ -#endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 57f893e77c..a1cfad0ef6 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -755,6 +755,9 @@ if ($flavour =~ /64/) { 64-bit code s/\.[uisp]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { 32-bit code diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 20816c4283..e2c7f2822c 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -86,7 +86,7 @@ poly1305_init: ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffc0fff movk$s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -136,7 +136,7 @@ poly1305_blocks: .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -204,13 +204,13 @@ poly1305_emit: csel$h0,$h0,$d0,eq csel$h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds$h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -345,7 +345,7 @@ poly1305_blocks_neon: adcs$h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -391,7 +391,7 @@ poly1305_blocks_neon: ldp $d0,$d1,[$inp],#16 // load input sub
[openssl] master update
The branch master has been updated via e1c122711edc3b9d64e506a51c3c0482569b7498 (commit) from 21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit) - Log - commit e1c122711edc3b9d64e506a51c3c0482569b7498 Author: yangyangtiantianlonglong Date: Fri Dec 31 11:00:57 2021 +0800 Delete unused param about get_construct_message_f Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17385) --- Summary of changes: ssl/statem/statem.c | 4 ++-- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_local.h | 4 ++-- ssl/statem/statem_srvr.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 4c463974ea..42a6577d5e 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -768,7 +768,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) WRITE_TRAN(*transition) (SSL *s); WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); -int (*get_construct_message_f) (SSL *s, WPACKET *pkt, +int (*get_construct_message_f) (SSL *s, int (**confunc) (SSL *s, WPACKET *pkt), int *mt); void (*cb) (const SSL *ssl, int type, int val) = NULL; @@ -833,7 +833,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) case WORK_FINISHED_STOP: return SUB_STATE_END_HANDSHAKE; } -if (!get_construct_message_f(s, &pkt, &confunc, &mt)) { +if (!get_construct_message_f(s, &confunc, &mt)) { /* SSLfatal() already called */ return SUB_STATE_ERROR; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 05f915bd91..63008bcba0 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -879,7 +879,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) * 1: Success * 0: Error */ -int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, +int ossl_statem_client_construct_message(SSL *s, confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 1883b0166f..326abeba18 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -75,7 +75,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt); WRITE_TRAN ossl_statem_client_write_transition(SSL *s); WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, +int ossl_statem_client_construct_message(SSL *s, confunc_f *confunc, int *mt); size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); @@ -88,7 +88,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt); WRITE_TRAN ossl_statem_server_write_transition(SSL *s); WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, +int ossl_statem_server_construct_message(SSL *s, confunc_f *confunc,int *mt); size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 045abfcbc0..cc65ee2d0e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1014,7 +1014,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) * 1: Success * 0: Error */ -int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, +int ossl_statem_server_construct_message(SSL *s, confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem;
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via f4942134815f95845706993c15ca7e4fd6e44627 (commit) from 52d9a1d0448432182a5fab0753c236b29819a2a5 (commit) - Log - commit f4942134815f95845706993c15ca7e4fd6e44627 Author: Bernd Edlinger Date: Fri Jan 7 10:18:58 2022 +0100 Fix password_callback to handle short passwords Fixes #17426 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17439) --- Summary of changes: apps/apps.c | 8 ++-- test/recipes/15-test_genrsa.t | 7 ++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index c06241abb9..531fbec551 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) int ui_flags = 0; const char *prompt_info = NULL; char *prompt; +int pw_min_len = PW_MIN_LENGTH; if (cb_data != NULL && cb_data->prompt_info != NULL) prompt_info = cb_data->prompt_info; +if (cb_data != NULL && cb_data->password != NULL +&& *(const char*)cb_data->password != '\0') +pw_min_len = 1; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); @@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) (void)UI_add_user_data(ui, cb_data); ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + pw_min_len, bufsiz - 1); if (ok >= 0 && verify) { buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); + pw_min_len, bufsiz - 1, buf); } if (ok >= 0) do { diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e16a9a4042..c9bc6bdc8a 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 5; +plan tests => 7; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); @@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt");
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 79fc479baf848e91a991a215d775d8aae844fbe5 (commit) from e33f05660447c69e89f2e9f5d3140a56322411d5 (commit) - Log - commit 79fc479baf848e91a991a215d775d8aae844fbe5 Author: Bernd Edlinger Date: Fri Jan 7 12:44:27 2022 +0100 Add a test case for the short password Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17441) (cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375) --- Summary of changes: test/recipes/15-test_genrsa.t | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e11ce8947a..1bba712863 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 3) # Extra FIPS related tests -+ 13; ++ 15; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] master update
The branch master has been updated via 21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit) from 81b741f68984b2620166d0d6271fbd946bab9e7f (commit) - Log - commit 21095479c016f2ceaca0f71078fd27f0e9ba9375 Author: Bernd Edlinger Date: Fri Jan 7 12:44:27 2022 +0100 Add a test case for the short password Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17441) --- Summary of changes: test/recipes/15-test_genrsa.t | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e11ce8947a..1bba712863 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 3) # Extra FIPS related tests -+ 13; ++ 15; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] master update
The branch master has been updated via 81b741f68984b2620166d0d6271fbd946bab9e7f (commit) from 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9 (commit) - Log - commit 81b741f68984b2620166d0d6271fbd946bab9e7f Author: Kan Date: Tue Nov 30 14:39:49 2021 +0800 Update alert to common protocol Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/17161) --- Summary of changes: ssl/ssl_err.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 014eda06b1..c28885d630 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -386,27 +386,27 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), -"sslv3 alert bad certificate"}, +"ssl/tls alert bad certificate"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), -"sslv3 alert bad record mac"}, +"ssl/tls alert bad record mac"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), -"sslv3 alert certificate expired"}, +"ssl/tls alert certificate expired"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), -"sslv3 alert certificate revoked"}, +"ssl/tls alert certificate revoked"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), -"sslv3 alert certificate unknown"}, +"ssl/tls alert certificate unknown"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), -"sslv3 alert decompression failure"}, +"ssl/tls alert decompression failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), -"sslv3 alert handshake failure"}, +"ssl/tls alert handshake failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), -"sslv3 alert illegal parameter"}, +"ssl/tls alert illegal parameter"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), -"sslv3 alert no certificate"}, +"ssl/tls alert no certificate"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), -"sslv3 alert unexpected message"}, +"ssl/tls alert unexpected message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), -"sslv3 alert unsupported certificate"}, +"ssl/tls alert unsupported certificate"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
[openssl] master update
The branch master has been updated via 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9 (commit) from 10481d33844218694929a7bad57314411a33ab74 (commit) - Log - commit 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9 Author: Dr. David von Oheimb Date: Thu Jan 6 23:26:04 2022 +0100 apps.c: fix various coding style nits found by check-format.pl Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17435) --- Summary of changes: apps/lib/apps.c | 264 +++- 1 file changed, 127 insertions(+), 137 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6c3f3aee00..7ca30ef590 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -51,7 +51,7 @@ #ifdef _WIN32 static int WIN32_rename(const char *from, const char *to); -# define rename(from,to) WIN32_rename((from),(to)) +# define rename(from, to) WIN32_rename((from), (to)) #endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) @@ -102,6 +102,7 @@ int chopup_args(ARGS *arg, char *buf) /* The start of something good :-) */ if (arg->argc >= arg->size) { char **tmp; + arg->size += 20; tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); if (tmp == NULL) @@ -188,7 +189,8 @@ int set_nameopt(const char *arg) unsigned long get_nameopt(void) { -return (nmflag_set) ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; +return +nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; } void dump_cert_text(BIO *out, X509 *x) @@ -202,7 +204,6 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata); } - static char *app_get_pass(const char *arg, int keepbio); char *get_passwd(const char *pass, const char *desc) @@ -218,7 +219,8 @@ char *get_passwd(const char *pass, const char *desc) "Trying plain input string (better precede with 'pass:')\n"); result = OPENSSL_strdup(pass); if (result == NULL) -BIO_printf(bio_err, "Out of memory getting password for %s\n", desc); +BIO_printf(bio_err, + "Out of memory getting password for %s\n", desc); } return result; } @@ -279,6 +281,7 @@ static char *app_get_pass(const char *arg, int keepbio) */ } else if (CHECK_AND_SKIP_PREFIX(arg, "fd:")) { BIO *btmp; + i = atoi(arg); if (i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE); @@ -568,8 +571,8 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, } EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors) + const char *keytype, const char *desc, + int suppress_decode_errors) { EVP_PKEY *params = NULL; BIO *bio_bak = bio_err; @@ -829,7 +832,18 @@ static const char *format2string(int format) } /* Set type expectation, but clear it if objects of different types expected. */ -#define SET_EXPECT(expect, val) ((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val) : 0)) +#define SET_EXPECT(val) \ +(expect = expect < 0 ? (val) : (expect == (val) ? (val) : 0)) +#define SET_EXPECT1(pvar, val) \ +if ((pvar) != NULL) { \ +*(pvar) = NULL; \ +SET_EXPECT(val); \ +} +#define FAIL_NAME \ +(ppkey != NULL ? "key etc." : ppubkey != NULL ? "public key etc." : \ + pparams != NULL ? "params etc." : \ + pcert != NULL ? "cert etc." : pcerts != NULL ? "certs etc." : \ + pcrl != NULL ? "CRL etc." : pcrls != NULL ? "CRLs etc." : NULL) /* * Load those types of credentials for which the result pointer is not NULL. * Reads from stdio if uri is NULL and maybe_stdin is nonzero. @@ -844,9 +858,8 @@ static const char *format2string(int format) * of *pcerts and *pcrls (as far as they are not NULL). */ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, -const char *pass, const char *desc, -EVP_PKEY **ppkey, EVP_PKEY **ppubkey, -EVP_PKEY **pparams, +const char *pass, const char *desc, EVP_PKEY **ppkey, +EVP_PKEY **ppubkey, EVP_PKEY **pparams, X509 **pcert, STACK_OF(X509) **pcerts, X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) { @@ -854,75 +867,47 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, OSSL_STOR