[openssl] master update
The branch master has been updated
via 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef (commit)
from c30bc4e2093f47a37736944da548653bc08d774d (commit)
- Log -
commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef
Author: David Benjamin
Date: Wed Dec 29 13:05:12 2021 -0500
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly
GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.
However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.
Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.
(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
Reviewed-by: Bernd Edlinger
(Merged from https://github.com/openssl/openssl/pull/17373)
---
Summary of changes:
crypto/aes/asm/aesv8-armx.pl | 3 +++
crypto/arm_arch.h | 5 -
crypto/modes/asm/ghashv8-armx.pl | 3 +++
crypto/poly1305/asm/poly1305-armv8.pl | 24
4 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index c323179b2b..da10c44030 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -3613,6 +3613,9 @@ if ($flavour =~ /64/) { 64-bit
code
s/\.[ui]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+ # Switch preprocessor checks to aarch64 versions.
+ s/__ARME([BL])__/__AARCH64E$1__/go;
+
print $_,"\n";
}
} else { 32-bit code
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index ca48045670..848f06542c 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -21,11 +21,6 @@
# elif defined(__GNUC__)
# if defined(__aarch64__)
#define __ARM_ARCH__ 8
-#if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-# define __ARMEB__
-#else
-# define __ARMEL__
-#endif
/*
* Why doesn't gcc define __ARM_ARCH__? Instead it defines
* bunch of below macros. See all_architectures[] table in
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
index 57f893e77c..a1cfad0ef6 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -755,6 +755,9 @@ if ($flavour =~ /64/) { 64-bit
code
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
+ # Switch preprocessor checks to aarch64 versions.
+ s/__ARME([BL])__/__AARCH64E$1__/go;
+
print $_,"\n";
}
} else { 32-bit code
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl
b/crypto/poly1305/asm/poly1305-armv8.pl
index 20816c4283..e2c7f2822c 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -86,7 +86,7 @@ poly1305_init:
ldp $r0,$r1,[$inp] // load key
mov $s1,#0xfffc0fff
movk$s1,#0x0fff,lsl#48
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $r0,$r0 // flip bytes
rev $r1,$r1
#endif
@@ -136,7 +136,7 @@ poly1305_blocks:
.Loop:
ldp $t0,$t1,[$inp],#16 // load input
sub $len,$len,#16
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $t0,$t0
rev $t1,$t1
#endif
@@ -204,13 +204,13 @@ poly1305_emit:
csel$h0,$h0,$d0,eq
csel$h1,$h1,$d1,eq
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds$h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif
@@ -345,7 +345,7 @@ poly1305_blocks_neon:
adcs$h1,$h1,xzr
adc $h2,$h2,xzr
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@@ -391,7 +391,7 @@ poly1305_blocks_neon:
ldp $d0,$d1,[$inp],#16 // load input
sub
[openssl] master update
The branch master has been updated
via e1c122711edc3b9d64e506a51c3c0482569b7498 (commit)
from 21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit)
- Log -
commit e1c122711edc3b9d64e506a51c3c0482569b7498
Author: yangyangtiantianlonglong
Date: Fri Dec 31 11:00:57 2021 +0800
Delete unused param about get_construct_message_f
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17385)
---
Summary of changes:
ssl/statem/statem.c | 4 ++--
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_local.h | 4 ++--
ssl/statem/statem_srvr.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 4c463974ea..42a6577d5e 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -768,7 +768,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
WRITE_TRAN(*transition) (SSL *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
-int (*get_construct_message_f) (SSL *s, WPACKET *pkt,
+int (*get_construct_message_f) (SSL *s,
int (**confunc) (SSL *s, WPACKET *pkt),
int *mt);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
@@ -833,7 +833,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
case WORK_FINISHED_STOP:
return SUB_STATE_END_HANDSHAKE;
}
-if (!get_construct_message_f(s, &pkt, &confunc, &mt)) {
+if (!get_construct_message_f(s, &confunc, &mt)) {
/* SSLfatal() already called */
return SUB_STATE_ERROR;
}
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 05f915bd91..63008bcba0 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -879,7 +879,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE
wst)
* 1: Success
* 0: Error
*/
-int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+int ossl_statem_client_construct_message(SSL *s,
confunc_f *confunc, int *mt)
{
OSSL_STATEM *st = &s->statem;
diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h
index 1883b0166f..326abeba18 100644
--- a/ssl/statem/statem_local.h
+++ b/ssl/statem/statem_local.h
@@ -75,7 +75,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt);
WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
-int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+int ossl_statem_client_construct_message(SSL *s,
confunc_f *confunc, int *mt);
size_t ossl_statem_client_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
@@ -88,7 +88,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt);
WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
-int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+int ossl_statem_server_construct_message(SSL *s,
confunc_f *confunc,int *mt);
size_t ossl_statem_server_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 045abfcbc0..cc65ee2d0e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1014,7 +1014,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s,
WORK_STATE wst)
* 1: Success
* 0: Error
*/
-int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+int ossl_statem_server_construct_message(SSL *s,
confunc_f *confunc, int *mt)
{
OSSL_STATEM *st = &s->statem;
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via f4942134815f95845706993c15ca7e4fd6e44627 (commit)
from 52d9a1d0448432182a5fab0753c236b29819a2a5 (commit)
- Log -
commit f4942134815f95845706993c15ca7e4fd6e44627
Author: Bernd Edlinger
Date: Fri Jan 7 10:18:58 2022 +0100
Fix password_callback to handle short passwords
Fixes #17426
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17439)
---
Summary of changes:
apps/apps.c | 8 ++--
test/recipes/15-test_genrsa.t | 7 ++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index c06241abb9..531fbec551 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_tmp)
int ui_flags = 0;
const char *prompt_info = NULL;
char *prompt;
+int pw_min_len = PW_MIN_LENGTH;
if (cb_data != NULL && cb_data->prompt_info != NULL)
prompt_info = cb_data->prompt_info;
+if (cb_data != NULL && cb_data->password != NULL
+&& *(const char*)cb_data->password != '\0')
+pw_min_len = 1;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_tmp)
(void)UI_add_user_data(ui, cb_data);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ pw_min_len, bufsiz - 1);
if (ok >= 0 && verify) {
buff = app_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
- PW_MIN_LENGTH, bufsiz - 1, buf);
+ pw_min_len, bufsiz - 1, buf);
}
if (ok >= 0)
do {
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e16a9a4042..c9bc6bdc8a 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
setup("test_genrsa");
-plan tests => 5;
+plan tests => 7;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0,
"genrsa -3 8");
@@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out',
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out',
'genrsatest-enc.pem',
+ '-aes256', '-passout', 'pass:x' ])),
+ "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin',
'pass:x' ])),
+ "rsa decrypt");
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 79fc479baf848e91a991a215d775d8aae844fbe5 (commit)
from e33f05660447c69e89f2e9f5d3140a56322411d5 (commit)
- Log -
commit 79fc479baf848e91a991a215d775d8aae844fbe5
Author: Bernd Edlinger
Date: Fri Jan 7 12:44:27 2022 +0100
Add a test case for the short password
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17441)
(cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375)
---
Summary of changes:
test/recipes/15-test_genrsa.t | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e11ce8947a..1bba712863 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
($no_fips ? 0 : 3) # Extra FIPS related tests
-+ 13;
++ 15;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
@@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out',
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out',
'genrsatest-enc.pem',
+ '-aes256', '-passout', 'pass:x' ])),
+ "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin',
'pass:x' ])),
+ "rsa decrypt");
unless ($no_fips) {
my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] master update
The branch master has been updated
via 21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit)
from 81b741f68984b2620166d0d6271fbd946bab9e7f (commit)
- Log -
commit 21095479c016f2ceaca0f71078fd27f0e9ba9375
Author: Bernd Edlinger
Date: Fri Jan 7 12:44:27 2022 +0100
Add a test case for the short password
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17441)
---
Summary of changes:
test/recipes/15-test_genrsa.t | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e11ce8947a..1bba712863 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
($no_fips ? 0 : 3) # Extra FIPS related tests
-+ 13;
++ 15;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
@@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out',
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out',
'genrsatest-enc.pem',
+ '-aes256', '-passout', 'pass:x' ])),
+ "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin',
'pass:x' ])),
+ "rsa decrypt");
unless ($no_fips) {
my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] master update
The branch master has been updated
via 81b741f68984b2620166d0d6271fbd946bab9e7f (commit)
from 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9 (commit)
- Log -
commit 81b741f68984b2620166d0d6271fbd946bab9e7f
Author: Kan
Date: Tue Nov 30 14:39:49 2021 +0800
Update alert to common protocol
Reviewed-by: Paul Dale
Reviewed-by: David von Oheimb
(Merged from https://github.com/openssl/openssl/pull/17161)
---
Summary of changes:
ssl/ssl_err.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 014eda06b1..c28885d630 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -386,27 +386,27 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
"ssl3 session id too long"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
-"sslv3 alert bad certificate"},
+"ssl/tls alert bad certificate"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
-"sslv3 alert bad record mac"},
+"ssl/tls alert bad record mac"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
-"sslv3 alert certificate expired"},
+"ssl/tls alert certificate expired"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
-"sslv3 alert certificate revoked"},
+"ssl/tls alert certificate revoked"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
-"sslv3 alert certificate unknown"},
+"ssl/tls alert certificate unknown"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
-"sslv3 alert decompression failure"},
+"ssl/tls alert decompression failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
-"sslv3 alert handshake failure"},
+"ssl/tls alert handshake failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
-"sslv3 alert illegal parameter"},
+"ssl/tls alert illegal parameter"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
-"sslv3 alert no certificate"},
+"ssl/tls alert no certificate"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
-"sslv3 alert unexpected message"},
+"ssl/tls alert unexpected message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
-"sslv3 alert unsupported certificate"},
+"ssl/tls alert unsupported certificate"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
[openssl] master update
The branch master has been updated
via 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9 (commit)
from 10481d33844218694929a7bad57314411a33ab74 (commit)
- Log -
commit 8cdb993d8b1ad9fd58fb5f41cc43df97014f00c9
Author: Dr. David von Oheimb
Date: Thu Jan 6 23:26:04 2022 +0100
apps.c: fix various coding style nits found by check-format.pl
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17435)
---
Summary of changes:
apps/lib/apps.c | 264 +++-
1 file changed, 127 insertions(+), 137 deletions(-)
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 6c3f3aee00..7ca30ef590 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -51,7 +51,7 @@
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
-# define rename(from,to) WIN32_rename((from),(to))
+# define rename(from, to) WIN32_rename((from), (to))
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
@@ -102,6 +102,7 @@ int chopup_args(ARGS *arg, char *buf)
/* The start of something good :-) */
if (arg->argc >= arg->size) {
char **tmp;
+
arg->size += 20;
tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
if (tmp == NULL)
@@ -188,7 +189,8 @@ int set_nameopt(const char *arg)
unsigned long get_nameopt(void)
{
-return (nmflag_set) ? nmflag : XN_FLAG_SEP_CPLUS_SPC |
ASN1_STRFLGS_UTF8_CONVERT;
+return
+nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC |
ASN1_STRFLGS_UTF8_CONVERT;
}
void dump_cert_text(BIO *out, X509 *x)
@@ -202,7 +204,6 @@ int wrap_password_callback(char *buf, int bufsiz, int
verify, void *userdata)
return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
}
-
static char *app_get_pass(const char *arg, int keepbio);
char *get_passwd(const char *pass, const char *desc)
@@ -218,7 +219,8 @@ char *get_passwd(const char *pass, const char *desc)
"Trying plain input string (better precede with
'pass:')\n");
result = OPENSSL_strdup(pass);
if (result == NULL)
-BIO_printf(bio_err, "Out of memory getting password for %s\n",
desc);
+BIO_printf(bio_err,
+ "Out of memory getting password for %s\n", desc);
}
return result;
}
@@ -279,6 +281,7 @@ static char *app_get_pass(const char *arg, int keepbio)
*/
} else if (CHECK_AND_SKIP_PREFIX(arg, "fd:")) {
BIO *btmp;
+
i = atoi(arg);
if (i >= 0)
pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
@@ -568,8 +571,8 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int
maybe_stdin,
}
EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
- const char *keytype, const char *desc,
- int suppress_decode_errors)
+ const char *keytype, const char *desc,
+ int suppress_decode_errors)
{
EVP_PKEY *params = NULL;
BIO *bio_bak = bio_err;
@@ -829,7 +832,18 @@ static const char *format2string(int format)
}
/* Set type expectation, but clear it if objects of different types expected.
*/
-#define SET_EXPECT(expect, val) ((expect) = (expect) < 0 ? (val) : ((expect)
== (val) ? (val) : 0))
+#define SET_EXPECT(val) \
+(expect = expect < 0 ? (val) : (expect == (val) ? (val) : 0))
+#define SET_EXPECT1(pvar, val) \
+if ((pvar) != NULL) { \
+*(pvar) = NULL; \
+SET_EXPECT(val); \
+}
+#define FAIL_NAME \
+(ppkey != NULL ? "key etc." : ppubkey != NULL ? "public key etc." : \
+ pparams != NULL ? "params etc." : \
+ pcert != NULL ? "cert etc." : pcerts != NULL ? "certs etc." : \
+ pcrl != NULL ? "CRL etc." : pcrls != NULL ? "CRLs etc." : NULL)
/*
* Load those types of credentials for which the result pointer is not NULL.
* Reads from stdio if uri is NULL and maybe_stdin is nonzero.
@@ -844,9 +858,8 @@ static const char *format2string(int format)
* of *pcerts and *pcrls (as far as they are not NULL).
*/
int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
-const char *pass, const char *desc,
-EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
-EVP_PKEY **pparams,
+const char *pass, const char *desc, EVP_PKEY **ppkey,
+EVP_PKEY **ppubkey, EVP_PKEY **pparams,
X509 **pcert, STACK_OF(X509) **pcerts,
X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls)
{
@@ -854,75 +867,47 @@ int load_key_certs_crls(const char *uri, int format, int
maybe_stdin,
OSSL_STOR
