From ea51096e51571b0dfe1e9e63661ad6f62ce0d82a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 5 Mar 2021 21:05:35 +0100
Subject: [PATCH] apps: Add maybe_stdin argument to load_certs and set it in
pkcs12
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14449)
---
apps/cms.c | 2 +-
apps/include/apps.h | 2 +-
apps/lib/apps.c | 6 +++---
apps/lib/s_cb.c | 2 +-
apps/ocsp.c | 8 ++++----
apps/pkcs12.c | 6 +++---
apps/s_client.c | 2 +-
apps/s_server.c | 4 ++--
apps/smime.c | 2 +-
apps/verify.c | 4 ++--
10 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index f347a3314a..cea1b73d88 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -826,7 +826,7 @@ int cms_main(int argc, char **argv)
}
if (certfile != NULL) {
- if (!load_certs(certfile, &other, NULL, "certificate file")) {
+ if (!load_certs(certfile, 0, &other, NULL, "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 416e1d2568..a2826e6066 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -129,7 +129,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
const char *desc, X509_VERIFY_PARAM *vpm);
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
X509_VERIFY_PARAM *vpm);
-int load_certs(const char *uri, STACK_OF(X509) **certs,
+int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc);
int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
const char *pass, const char *desc);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index f114f0b10c..1e14f31497 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -800,12 +800,12 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
* Initialize or extend, if *certs != NULL, a certificate stack.
* The caller is responsible for freeing *certs if its value is left not NULL.
*/
-int load_certs(const char *uri, STACK_OF(X509) **certs,
+int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc)
{
int was_NULL = *certs == NULL;
- int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
- NULL, certs, NULL, NULL);
+ int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
+ NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
sk_X509_pop_free(*certs, X509_free);
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 0ca9038738..4c209e76df 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1032,7 +1032,7 @@ int load_excert(SSL_EXCERT **pexc)
if (exc->key == NULL)
return 0;
if (exc->chainfile != NULL) {
- if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
+ if (!load_certs(exc->chainfile, 0, &exc->chain, NULL, "server chain"))
return 0;
}
}
diff --git a/apps/ocsp.c b/apps/ocsp.c
index e61774a8a3..e77c90f041 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -574,10 +574,10 @@ int ocsp_main(int argc, char **argv)
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
}
- if (!load_certs(rca_filename, &rca_cert, NULL, "CA certificates"))
+ if (!load_certs(rca_filename, 0, &rca_cert, NULL, "CA certificates"))
goto end;
if (rcertfile != NULL) {
- if (!load_certs(rcertfile, &rother, NULL,
+ if (!load_certs(rcertfile, 0, &rother, NULL,
"responder other certificates"))
goto end;
}
@@ -671,7 +671,7 @@ redo_accept:
goto end;
}
if (sign_certfile != NULL) {
- if (!load_certs(sign_certfile, &sign_other, NULL,
+ if (!load_certs(sign_certfile, 0, &sign_other, NULL,
"signer certificates"))
goto end;
}
@@ -780,7 +780,7 @@ redo_accept:
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile != NULL) {
- if (!load_certs(verify_certfile, &verify_other, NULL,
+ if (!load_certs(verify_certfile, 0, &verify_other, NULL,
"validator certificates"))
goto end;
}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index c5f2981aa7..0a88140880 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -525,7 +525,7 @@ int pkcs12_main(int argc, char **argv)
/* Load all certs in input file */
if (!(options & NOCERTS)) {
- if (!load_certs(infile, &certs, passin,
+ if (!load_certs(infile, 1, &certs, passin,
"certificates from -in file"))
goto export_end;
if (sk_X509_num(certs) < 1) {
@@ -560,7 +560,7 @@ int pkcs12_main(int argc, char **argv)
/* Load any untrusted certificates for chain building */
if (untrusted != NULL) {
- if (!load_certs(untrusted, &untrusted_certs, passcerts,
+ if (!load_certs(untrusted, 0, &untrusted_certs, passcerts,
"untrusted certificates"))
goto export_end;
}
@@ -605,7 +605,7 @@ int pkcs12_main(int argc, char **argv)
/* Add any extra certificates asked for */
if (certfile != NULL) {
- if (!load_certs(certfile, &certs, passcerts,
+ if (!load_certs(certfile, 0, &certs, passcerts,
"extra certificates from -certfile"))
goto export_end;
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 431df131dd..ac744ccbd5 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1625,7 +1625,7 @@ int s_client_main(int argc, char **argv)
}
if (chain_file != NULL) {
- if (!load_certs(chain_file, &chain, pass, "client certificate chain"))
+ if (!load_certs(chain_file, 0, &chain, pass, "client certificate chain"))
goto end;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index bbbe3cf877..34b28736a1 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1690,7 +1690,7 @@ int s_server_main(int argc, char *argv[])
if (s_cert == NULL)
goto end;
if (s_chain_file != NULL) {
- if (!load_certs(s_chain_file, &s_chain, NULL,
+ if (!load_certs(s_chain_file, 0, &s_chain, NULL,
"server certificate chain"))
goto end;
}
@@ -1754,7 +1754,7 @@ int s_server_main(int argc, char *argv[])
goto end;
}
if (s_dchain_file != NULL) {
- if (!load_certs(s_dchain_file, &s_dchain, NULL,
+ if (!load_certs(s_dchain_file, 0, &s_dchain, NULL,
"second server certificate chain"))
goto end;
}
diff --git a/apps/smime.c b/apps/smime.c
index 63578f28d5..dcef6b3b49 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -457,7 +457,7 @@ int smime_main(int argc, char **argv)
}
if (certfile != NULL) {
- if (!load_certs(certfile, &other, NULL, "certificates")) {
+ if (!load_certs(certfile, 0, &other, NULL, "certificates")) {
ERR_print_errors(bio_err);
goto end;
}
diff --git a/apps/verify.c b/apps/verify.c
index bf200b0fb6..de6e051006 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -145,7 +145,7 @@ int verify_main(int argc, char **argv)
break;
case OPT_UNTRUSTED:
/* Zero or more times */
- if (!load_certs(opt_arg(), &untrusted, NULL,
+ if (!load_certs(opt_arg(), 0, &untrusted, NULL,
"untrusted certificates"))
goto end;
break;
@@ -154,7 +154,7 @@ int verify_main(int argc, char **argv)
noCAfile = 1;
noCApath = 1;
noCAstore = 1;
- if (!load_certs(opt_arg(), &trusted, NULL, "trusted certificates"))
+ if (!load_certs(opt_arg(), 0, &trusted, NULL, "trusted certificates"))
goto end;
break;
case OPT_CRLFILE: