openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

load_key_certs_crls(): Restore output of fatal errors 

Also improve credentials loading diagnostics for many apps.

Fixes #12840

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
This commit is contained in:
Dr. David von Oheimb 2020-09-17 01:39:00 +02:00
parent 254b5dcabd
commit 50eb2a5077
15 changed files with 82 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/ca.c
View File

@ -1269,7 +1269,8 @@ end_of_options:
} else {
X509 *revcert;
revcert = load_cert_pass(infile, certformat, passin, infile);
revcert = load_cert_pass(infile, certformat, passin,
"certificate to be revoked");
if (revcert == NULL)
goto end;
if (dorevoke == 2)
@ -1403,7 +1404,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
if ((req = load_cert_pass(infile, certformat, passin, infile)) == NULL)
if ((req = load_cert_pass(infile, certformat, passin, "template certificate")) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);

4
apps/cms.c
View File

@ -857,7 +857,7 @@ int cms_main(int argc, char **argv)
}
if (keyfile != NULL) {
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
@ -1060,7 +1060,7 @@ int cms_main(int argc, char **argv)
ret = 2;
goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL) {
ret = 2;
goto end;

4
apps/dgst.c
View File

@ -268,9 +268,9 @@ int dgst_main(int argc, char **argv)
int type;
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message

4
apps/dsa.c
View File

@ -165,9 +165,9 @@ int dsa_main(int argc, char **argv)
BIO_printf(bio_err, "read DSA key\n");
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL)
dsa = EVP_PKEY_get1_DSA(pkey);

4
apps/ec.c
View File

@ -194,9 +194,9 @@ int ec_main(int argc, char **argv)
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);

65
apps/lib/apps.c
View File

@ -708,7 +708,10 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
const char *propq = app_get0_propq();
int ncerts = 0;
int ncrls = 0;
const char *failed = "any";
const char *failed =
ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL)
@ -717,33 +720,36 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
*ppubkey = NULL;
if (pcert != NULL)
*pcert = NULL;
if (failed == NULL) {
BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
uri != NULL ? uri : "<stdin>");
return 0;
}
if (pcerts != NULL && *pcerts == NULL
&& (*pcerts = sk_X509_new_null()) == NULL) {
BIO_printf(bio_err, "Out of memory");
BIO_printf(bio_err, "Out of memory loading");
goto end;
}
if (pcrl != NULL)
*pcrl = NULL;
if (pcrls != NULL && *pcrls == NULL
&& (*pcrls = sk_X509_CRL_new_null()) == NULL) {
BIO_printf(bio_err, "Out of memory");
BIO_printf(bio_err, "Out of memory loading");
goto end;
}
if (desc == NULL)
desc = "key/certificate/CRL";
uidata.password = pass;
uidata.prompt_info = uri;
if (uri == NULL) {
BIO *bio;
uri = "<stdin>";
if (!maybe_stdin) {
BIO_printf(bio_err, "No filename or uri specified for loading %s\n",
desc);
BIO_printf(bio_err, "No filename or uri specified for loading");
goto end;
}
uri = "<stdin>";
unbuffer(stdin);
bio = BIO_new_fp(stdin, 0);
if (bio != NULL)
@ -754,17 +760,18 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
&uidata, NULL, NULL);
}
if (ctx == NULL) {
BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n",
uri, desc);
BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
}
failed = NULL;
while (!OSSL_STORE_eof(ctx)) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
int ok = 1;
int type, ok = 1;
if (info == NULL)
break;
type = OSSL_STORE_INFO_get_type(info);
switch (type) {
case OSSL_STORE_INFO_PKEY:
if (ppkey != NULL && *ppkey == NULL)
@ -805,8 +812,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
OSSL_STORE_INFO_free(info);
if (!ok) {
failed = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
BIO_printf(bio_err, "Error reading %s of %s from %s\n",
failed, desc, uri);
BIO_printf(bio_err, "Error reading");
break;
}
}
@ -814,18 +820,37 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
end:
OSSL_STORE_close(ctx);
if (failed == NULL) {
if (ppkey != NULL && *ppkey == NULL)
int any = 0;
if (ppkey != NULL && *ppkey == NULL) {
failed = "key";
else if ((pcert != NULL || pcerts != NULL) && ncerts == 0)
} else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
if (pcert == NULL)
any = 1;
failed = "cert";
else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0)
} else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) {
if (pcrl == NULL)
any = 1;
failed = "CRL";
}
if (failed != NULL)
BIO_printf(bio_err, "Could not read any %s of %s from %s\n",
failed, desc, uri);
BIO_printf(bio_err, "Could not read");
if (any)
BIO_printf(bio_err, " any");
}
if (failed != NULL)
if (failed != NULL) {
if (desc != NULL && strstr(desc, failed) != NULL) {
BIO_printf(bio_err, " %s", desc);
} else {
BIO_printf(bio_err, " %s", failed);
if (desc != NULL)
BIO_printf(bio_err, " of %s", desc);
}
if (uri != NULL)
BIO_printf(bio_err, " from %s", uri);
BIO_printf(bio_err, "\n");
ERR_print_errors(bio_err);
}
return failed == NULL;
}

6
apps/lib/s_cb.c
View File

@ -1047,15 +1047,15 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
if (exc->keyfile != NULL) {
exc->key = load_key(exc->keyfile, exc->keyform,
0, NULL, NULL, "Server Key");
0, NULL, NULL, "server key");
} else {
exc->key = load_key(exc->certfile, exc->certform,
0, NULL, NULL, "Server Key");
0, NULL, NULL, "server key");
}
if (exc->key == NULL)
return 0;
if (exc->chainfile != NULL) {
if (!load_certs(exc->chainfile, &exc->chain, NULL, "Server Chain"))
if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
return 0;
}
}

6
apps/pkeyutl.c
View File

@ -532,11 +532,11 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
break;
case KEY_CERT:
@ -644,7 +644,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(bio_err);

2
apps/req.c
View File

@ -591,7 +591,7 @@ int req_main(int argc, char **argv)
}
if (keyfile != NULL) {
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (pkey == NULL)
goto end;
app_RAND_load_conf(req_conf, section);

4
apps/rsa.c
View File

@ -198,9 +198,9 @@ int rsa_main(int argc, char **argv)
tmpformat = informat;
}
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key");
} else {
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
pkey = load_key(infile, informat, 1, passin, e, "private key");
}
if (pkey != NULL)

4
apps/rsautl.c
View File

@ -189,11 +189,11 @@ int rsautl_main(int argc, char **argv)
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
pkey = load_key(keyfile, keyformat, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key");
break;
case KEY_CERT:

4
apps/s_client.c
View File

@ -1728,13 +1728,13 @@ int s_client_main(int argc, char **argv)
if (key_file != NULL) {
key = load_key(key_file, key_format, 0, pass, e,
"client certificate private key file");
"client certificate private key");
if (key == NULL)
goto end;
}
if (cert_file != NULL) {
cert = load_cert_pass(cert_file, cert_format, pass, "client certificate file");
cert = load_cert_pass(cert_file, cert_format, pass, "client certificate");
if (cert == NULL)
goto end;
}

12
apps/s_server.c
View File

@ -1740,12 +1740,12 @@ int s_server_main(int argc, char *argv[])
if (nocert == 0) {
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
"server certificate private key file");
"server certificate private key");
if (s_key == NULL)
goto end;
s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
"server certificate file");
"server certificate");
if (s_cert == NULL)
goto end;
@ -1757,12 +1757,12 @@ int s_server_main(int argc, char *argv[])
if (tlsextcbp.servername != NULL) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
"second server certificate private key file");
"second server certificate private key");
if (s_key2 == NULL)
goto end;
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
"second server certificate file");
"second server certificate");
if (s_cert2 == NULL)
goto end;
@ -1802,12 +1802,12 @@ int s_server_main(int argc, char *argv[])
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
0, dpass, engine, "second certificate private key file");
0, dpass, engine, "second certificate private key");
if (s_dkey == NULL)
goto end;
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
"second server certificate file");
"second server certificate");
if (s_dcert == NULL) {
ERR_print_errors(bio_err);

4
apps/smime.c
View File

@ -471,7 +471,7 @@ int smime_main(int argc, char **argv)
}
if (keyfile != NULL) {
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
@ -573,7 +573,7 @@ int smime_main(int argc, char **argv)
"signer certificate");
if (signer == NULL)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;

10
apps/x509.c
View File

@ -522,7 +522,7 @@ int x509_main(int argc, char **argv)
goto end;
}
if (fkeyfile != NULL) {
fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "forced key");
if (fkey == NULL)
goto end;
}
@ -629,7 +629,7 @@ int x509_main(int argc, char **argv)
if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req)))
goto end;
} else {
x = load_cert_pass(infile, FORMAT_UNDEF, passin, "Certificate");
x = load_cert_pass(infile, FORMAT_UNDEF, passin, "certificate");
if (x == NULL)
goto end;
if (fkey != NULL && !X509_set_pubkey(x, fkey))
@ -639,7 +639,7 @@ int x509_main(int argc, char **argv)
}
if (CA_flag) {
xca = load_cert_pass(CAfile, CAformat, passin, "CA Certificate");
xca = load_cert_pass(CAfile, CAformat, passin, "CA certificate");
if (xca == NULL)
goto end;
}
@ -846,7 +846,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Getting Private key\n");
if (Upkey == NULL) {
Upkey = load_key(keyfile, keyformat, 0,
passin, e, "Private key");
passin, e, "private key");
if (Upkey == NULL)
goto end;
}
@ -858,7 +858,7 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Getting CA Private Key\n");
if (CAkeyfile != NULL) {
CApkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA Private Key");
0, passin, e, "CA private key");
if (CApkey == NULL)
goto end;
}