mirror of https://github.com/openssl/openssl
load_key_certs_crls(): Restore output of fatal errors
Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
This commit is contained in:
parent
254b5dcabd
commit
50eb2a5077
|
@ -1269,7 +1269,8 @@ end_of_options:
|
|||
} else {
|
||||
X509 *revcert;
|
||||
|
||||
revcert = load_cert_pass(infile, certformat, passin, infile);
|
||||
revcert = load_cert_pass(infile, certformat, passin,
|
||||
"certificate to be revoked");
|
||||
if (revcert == NULL)
|
||||
goto end;
|
||||
if (dorevoke == 2)
|
||||
|
@ -1403,7 +1404,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
|
|||
EVP_PKEY *pktmp = NULL;
|
||||
int ok = -1, i;
|
||||
|
||||
if ((req = load_cert_pass(infile, certformat, passin, infile)) == NULL)
|
||||
if ((req = load_cert_pass(infile, certformat, passin, "template certificate")) == NULL)
|
||||
goto end;
|
||||
if (verbose)
|
||||
X509_print(bio_err, req);
|
||||
|
|
|
@ -857,7 +857,7 @@ int cms_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
|
||||
|
@ -1060,7 +1060,7 @@ int cms_main(int argc, char **argv)
|
|||
ret = 2;
|
||||
goto end;
|
||||
}
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
|
||||
if (key == NULL) {
|
||||
ret = 2;
|
||||
goto end;
|
||||
|
|
|
@ -268,9 +268,9 @@ int dgst_main(int argc, char **argv)
|
|||
int type;
|
||||
|
||||
if (want_pub)
|
||||
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
|
||||
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
|
||||
else
|
||||
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
|
||||
sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
|
||||
if (sigkey == NULL) {
|
||||
/*
|
||||
* load_[pub]key() has already printed an appropriate message
|
||||
|
|
|
@ -165,9 +165,9 @@ int dsa_main(int argc, char **argv)
|
|||
|
||||
BIO_printf(bio_err, "read DSA key\n");
|
||||
if (pubin)
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
|
||||
else
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
pkey = load_key(infile, informat, 1, passin, e, "private key");
|
||||
|
||||
if (pkey != NULL)
|
||||
dsa = EVP_PKEY_get1_DSA(pkey);
|
||||
|
|
|
@ -194,9 +194,9 @@ int ec_main(int argc, char **argv)
|
|||
} else if (informat == FORMAT_ENGINE) {
|
||||
EVP_PKEY *pkey;
|
||||
if (pubin)
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
|
||||
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
|
||||
else
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
pkey = load_key(infile, informat, 1, passin, e, "private key");
|
||||
if (pkey != NULL) {
|
||||
eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
|
|
@ -708,7 +708,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
const char *propq = app_get0_propq();
|
||||
int ncerts = 0;
|
||||
int ncrls = 0;
|
||||
const char *failed = "any";
|
||||
const char *failed =
|
||||
ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
|
||||
pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
|
||||
pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
|
||||
/* TODO make use of the engine reference 'eng' when loading pkeys */
|
||||
|
||||
if (ppkey != NULL)
|
||||
|
@ -717,33 +720,36 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
*ppubkey = NULL;
|
||||
if (pcert != NULL)
|
||||
*pcert = NULL;
|
||||
if (failed == NULL) {
|
||||
BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
|
||||
uri != NULL ? uri : "<stdin>");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (pcerts != NULL && *pcerts == NULL
|
||||
&& (*pcerts = sk_X509_new_null()) == NULL) {
|
||||
BIO_printf(bio_err, "Out of memory");
|
||||
BIO_printf(bio_err, "Out of memory loading");
|
||||
goto end;
|
||||
}
|
||||
if (pcrl != NULL)
|
||||
*pcrl = NULL;
|
||||
if (pcrls != NULL && *pcrls == NULL
|
||||
&& (*pcrls = sk_X509_CRL_new_null()) == NULL) {
|
||||
BIO_printf(bio_err, "Out of memory");
|
||||
BIO_printf(bio_err, "Out of memory loading");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (desc == NULL)
|
||||
desc = "key/certificate/CRL";
|
||||
uidata.password = pass;
|
||||
uidata.prompt_info = uri;
|
||||
|
||||
if (uri == NULL) {
|
||||
BIO *bio;
|
||||
|
||||
uri = "<stdin>";
|
||||
if (!maybe_stdin) {
|
||||
BIO_printf(bio_err, "No filename or uri specified for loading %s\n",
|
||||
desc);
|
||||
BIO_printf(bio_err, "No filename or uri specified for loading");
|
||||
goto end;
|
||||
}
|
||||
uri = "<stdin>";
|
||||
unbuffer(stdin);
|
||||
bio = BIO_new_fp(stdin, 0);
|
||||
if (bio != NULL)
|
||||
|
@ -754,17 +760,18 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
&uidata, NULL, NULL);
|
||||
}
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n",
|
||||
uri, desc);
|
||||
BIO_printf(bio_err, "Could not open file or uri for loading");
|
||||
goto end;
|
||||
}
|
||||
|
||||
failed = NULL;
|
||||
while (!OSSL_STORE_eof(ctx)) {
|
||||
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
|
||||
int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
|
||||
int ok = 1;
|
||||
int type, ok = 1;
|
||||
|
||||
if (info == NULL)
|
||||
break;
|
||||
type = OSSL_STORE_INFO_get_type(info);
|
||||
switch (type) {
|
||||
case OSSL_STORE_INFO_PKEY:
|
||||
if (ppkey != NULL && *ppkey == NULL)
|
||||
|
@ -805,8 +812,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
OSSL_STORE_INFO_free(info);
|
||||
if (!ok) {
|
||||
failed = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
|
||||
BIO_printf(bio_err, "Error reading %s of %s from %s\n",
|
||||
failed, desc, uri);
|
||||
BIO_printf(bio_err, "Error reading");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -814,18 +820,37 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
|
|||
end:
|
||||
OSSL_STORE_close(ctx);
|
||||
if (failed == NULL) {
|
||||
if (ppkey != NULL && *ppkey == NULL)
|
||||
int any = 0;
|
||||
|
||||
if (ppkey != NULL && *ppkey == NULL) {
|
||||
failed = "key";
|
||||
else if ((pcert != NULL || pcerts != NULL) && ncerts == 0)
|
||||
} else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
|
||||
if (pcert == NULL)
|
||||
any = 1;
|
||||
failed = "cert";
|
||||
else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0)
|
||||
} else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) {
|
||||
if (pcrl == NULL)
|
||||
any = 1;
|
||||
failed = "CRL";
|
||||
}
|
||||
if (failed != NULL)
|
||||
BIO_printf(bio_err, "Could not read any %s of %s from %s\n",
|
||||
failed, desc, uri);
|
||||
BIO_printf(bio_err, "Could not read");
|
||||
if (any)
|
||||
BIO_printf(bio_err, " any");
|
||||
}
|
||||
if (failed != NULL)
|
||||
if (failed != NULL) {
|
||||
if (desc != NULL && strstr(desc, failed) != NULL) {
|
||||
BIO_printf(bio_err, " %s", desc);
|
||||
} else {
|
||||
BIO_printf(bio_err, " %s", failed);
|
||||
if (desc != NULL)
|
||||
BIO_printf(bio_err, " of %s", desc);
|
||||
}
|
||||
if (uri != NULL)
|
||||
BIO_printf(bio_err, " from %s", uri);
|
||||
BIO_printf(bio_err, "\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
return failed == NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1047,15 +1047,15 @@ int load_excert(SSL_EXCERT **pexc)
|
|||
return 0;
|
||||
if (exc->keyfile != NULL) {
|
||||
exc->key = load_key(exc->keyfile, exc->keyform,
|
||||
0, NULL, NULL, "Server Key");
|
||||
0, NULL, NULL, "server key");
|
||||
} else {
|
||||
exc->key = load_key(exc->certfile, exc->certform,
|
||||
0, NULL, NULL, "Server Key");
|
||||
0, NULL, NULL, "server key");
|
||||
}
|
||||
if (exc->key == NULL)
|
||||
return 0;
|
||||
if (exc->chainfile != NULL) {
|
||||
if (!load_certs(exc->chainfile, &exc->chain, NULL, "Server Chain"))
|
||||
if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -532,11 +532,11 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
|||
}
|
||||
switch (key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
|
||||
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
|
||||
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
|
@ -644,7 +644,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
|||
|
||||
if (peerform == FORMAT_ENGINE)
|
||||
engine = e;
|
||||
peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
|
||||
peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
|
||||
if (peer == NULL) {
|
||||
BIO_printf(bio_err, "Error reading peer key %s\n", file);
|
||||
ERR_print_errors(bio_err);
|
||||
|
|
|
@ -591,7 +591,7 @@ int req_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
|
||||
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
app_RAND_load_conf(req_conf, section);
|
||||
|
|
|
@ -198,9 +198,9 @@ int rsa_main(int argc, char **argv)
|
|||
tmpformat = informat;
|
||||
}
|
||||
|
||||
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
|
||||
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key");
|
||||
} else {
|
||||
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
|
||||
pkey = load_key(infile, informat, 1, passin, e, "private key");
|
||||
}
|
||||
|
||||
if (pkey != NULL)
|
||||
|
|
|
@ -189,11 +189,11 @@ int rsautl_main(int argc, char **argv)
|
|||
|
||||
switch (key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
|
||||
pkey = load_key(keyfile, keyformat, 0, passin, e, "private key");
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
|
||||
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key");
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
|
|
|
@ -1728,13 +1728,13 @@ int s_client_main(int argc, char **argv)
|
|||
|
||||
if (key_file != NULL) {
|
||||
key = load_key(key_file, key_format, 0, pass, e,
|
||||
"client certificate private key file");
|
||||
"client certificate private key");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (cert_file != NULL) {
|
||||
cert = load_cert_pass(cert_file, cert_format, pass, "client certificate file");
|
||||
cert = load_cert_pass(cert_file, cert_format, pass, "client certificate");
|
||||
if (cert == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
|
|
@ -1740,12 +1740,12 @@ int s_server_main(int argc, char *argv[])
|
|||
|
||||
if (nocert == 0) {
|
||||
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
|
||||
"server certificate private key file");
|
||||
"server certificate private key");
|
||||
if (s_key == NULL)
|
||||
goto end;
|
||||
|
||||
s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
|
||||
"server certificate file");
|
||||
"server certificate");
|
||||
|
||||
if (s_cert == NULL)
|
||||
goto end;
|
||||
|
@ -1757,12 +1757,12 @@ int s_server_main(int argc, char *argv[])
|
|||
|
||||
if (tlsextcbp.servername != NULL) {
|
||||
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
|
||||
"second server certificate private key file");
|
||||
"second server certificate private key");
|
||||
if (s_key2 == NULL)
|
||||
goto end;
|
||||
|
||||
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
|
||||
"second server certificate file");
|
||||
"second server certificate");
|
||||
|
||||
if (s_cert2 == NULL)
|
||||
goto end;
|
||||
|
@ -1802,12 +1802,12 @@ int s_server_main(int argc, char *argv[])
|
|||
s_dkey_file = s_dcert_file;
|
||||
|
||||
s_dkey = load_key(s_dkey_file, s_dkey_format,
|
||||
0, dpass, engine, "second certificate private key file");
|
||||
0, dpass, engine, "second certificate private key");
|
||||
if (s_dkey == NULL)
|
||||
goto end;
|
||||
|
||||
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
|
||||
"second server certificate file");
|
||||
"second server certificate");
|
||||
|
||||
if (s_dcert == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
|
|
|
@ -471,7 +471,7 @@ int smime_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (keyfile != NULL) {
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
|
||||
|
@ -573,7 +573,7 @@ int smime_main(int argc, char **argv)
|
|||
"signer certificate");
|
||||
if (signer == NULL)
|
||||
goto end;
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
|
||||
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
|
||||
if (key == NULL)
|
||||
goto end;
|
||||
|
||||
|
|
10
apps/x509.c
10
apps/x509.c
|
@ -522,7 +522,7 @@ int x509_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
if (fkeyfile != NULL) {
|
||||
fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
|
||||
fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "forced key");
|
||||
if (fkey == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -629,7 +629,7 @@ int x509_main(int argc, char **argv)
|
|||
if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req)))
|
||||
goto end;
|
||||
} else {
|
||||
x = load_cert_pass(infile, FORMAT_UNDEF, passin, "Certificate");
|
||||
x = load_cert_pass(infile, FORMAT_UNDEF, passin, "certificate");
|
||||
if (x == NULL)
|
||||
goto end;
|
||||
if (fkey != NULL && !X509_set_pubkey(x, fkey))
|
||||
|
@ -639,7 +639,7 @@ int x509_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (CA_flag) {
|
||||
xca = load_cert_pass(CAfile, CAformat, passin, "CA Certificate");
|
||||
xca = load_cert_pass(CAfile, CAformat, passin, "CA certificate");
|
||||
if (xca == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -846,7 +846,7 @@ int x509_main(int argc, char **argv)
|
|||
BIO_printf(bio_err, "Getting Private key\n");
|
||||
if (Upkey == NULL) {
|
||||
Upkey = load_key(keyfile, keyformat, 0,
|
||||
passin, e, "Private key");
|
||||
passin, e, "private key");
|
||||
if (Upkey == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
@ -858,7 +858,7 @@ int x509_main(int argc, char **argv)
|
|||
BIO_printf(bio_err, "Getting CA Private Key\n");
|
||||
if (CAkeyfile != NULL) {
|
||||
CApkey = load_key(CAkeyfile, CAkeyformat,
|
||||
0, passin, e, "CA Private Key");
|
||||
0, passin, e, "CA private key");
|
||||
if (CApkey == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue