- Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 Signed-off-by: Sahana Prasad <sahana@redhat.com>epel8
Sahana Prasad
3 years ago
parent
2862adca42
commit
0c6f4a599c
@ -0,0 +1,38 @@
|
||||
diff -up openssl-3.0.0-beta2/apps/req.c.req-segfault openssl-3.0.0-beta2/apps/req.c
|
||||
--- openssl-3.0.0-beta2/apps/req.c.req-segfault 2021-08-10 16:24:58.784384336 +0200
|
||||
+++ openssl-3.0.0-beta2/apps/req.c 2021-08-10 16:26:38.347688172 +0200
|
||||
@@ -996,8 +996,8 @@ int req_main(int argc, char **argv)
|
||||
if (EVP_PKEY_is_a(tpubkey, "RSA")) {
|
||||
BIGNUM *n = NULL;
|
||||
|
||||
- /* Every RSA key has an 'n' */
|
||||
- EVP_PKEY_get_bn_param(pkey, "n", &n);
|
||||
+ if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))
|
||||
+ goto end;
|
||||
BN_print(out, n);
|
||||
BN_free(n);
|
||||
} else {
|
||||
diff -up openssl-3.0.0-beta2/test/recipes/25-test_req.t.req-segfault openssl-3.0.0-beta2/test/recipes/25-test_req.t
|
||||
--- openssl-3.0.0-beta2/test/recipes/25-test_req.t.req-segfault 2021-08-10 16:26:53.305884053 +0200
|
||||
+++ openssl-3.0.0-beta2/test/recipes/25-test_req.t 2021-08-10 16:28:33.674221058 +0200
|
||||
@@ -78,7 +78,7 @@ subtest "generating alt certificate requ
|
||||
|
||||
|
||||
subtest "generating certificate requests with RSA" => sub {
|
||||
- plan tests => 7;
|
||||
+ plan tests => 8;
|
||||
|
||||
SKIP: {
|
||||
skip "RSA is not supported by this OpenSSL build", 2
|
||||
@@ -105,6 +105,11 @@ subtest "generating certificate requests
|
||||
|
||||
ok(run(app(["openssl", "req",
|
||||
"-config", srctop_file("test", "test.cnf"),
|
||||
+ "-modulus", "-in", "testreq-rsa.pem", "-noout"])),
|
||||
+ "Printing a modulus of the request key");
|
||||
+
|
||||
+ ok(run(app(["openssl", "req",
|
||||
+ "-config", srctop_file("test", "test.cnf"),
|
||||
"-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
|
||||
"-key", srctop_file("test", "testrsa_withattrs.pem")])),
|
||||
"Generating request from a key with extra attributes - PEM");
|
||||
@ -0,0 +1,33 @@
|
||||
diff -up openssl-3.0.0-beta2/apps/req.c.req-password openssl-3.0.0-beta2/apps/req.c
|
||||
--- openssl-3.0.0-beta2/apps/req.c.req-password 2021-08-10 16:31:04.726233653 +0200
|
||||
+++ openssl-3.0.0-beta2/apps/req.c 2021-08-10 16:31:58.286947297 +0200
|
||||
@@ -686,7 +686,7 @@ int req_main(int argc, char **argv)
|
||||
EVP_PKEY_CTX_free(genctx);
|
||||
genctx = NULL;
|
||||
}
|
||||
- if (keyout == NULL) {
|
||||
+ if (keyout == NULL && keyfile == NULL) {
|
||||
keyout = NCONF_get_string(req_conf, section, KEYFILE);
|
||||
if (keyout == NULL)
|
||||
ERR_clear_error();
|
||||
diff -up openssl-3.0.0-beta2/doc/man1/openssl-req.pod.in.req-password openssl-3.0.0-beta2/doc/man1/openssl-req.pod.in
|
||||
--- openssl-3.0.0-beta2/doc/man1/openssl-req.pod.in.req-password 2021-08-10 16:32:21.863261416 +0200
|
||||
+++ openssl-3.0.0-beta2/doc/man1/openssl-req.pod.in 2021-08-10 16:33:19.173025012 +0200
|
||||
@@ -205,11 +205,12 @@ See L<openssl-format-options(1)> for det
|
||||
=item B<-keyout> I<filename>
|
||||
|
||||
This gives the filename to write any private key to that has been newly created
|
||||
-or read from B<-key>.
|
||||
-If the B<-keyout> option is not given the filename specified in the
|
||||
-configuration file with the B<default_keyfile> option is used, if present.
|
||||
-If a new key is generated and no filename is specified
|
||||
-the key is written to standard output.
|
||||
+or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option
|
||||
+are given then the filename specified in the configuration file with the
|
||||
+B<default_keyfile> option is used, if present. Thus, if you want to write the
|
||||
+private key and the B<-key> option is provided, you should provide the
|
||||
+B<-keyout> option explicitly. If a new key is generated and no filename is
|
||||
+specified the key is written to standard output.
|
||||
|
||||
=item B<-noenc>
|
||||
|
||||
@ -0,0 +1,38 @@
|
||||
diff -up openssl-3.0.0-beta2/apps/cms.c.cms-stdin openssl-3.0.0-beta2/apps/cms.c
|
||||
--- openssl-3.0.0-beta2/apps/cms.c.cms-stdin 2021-08-10 16:20:07.787573587 +0200
|
||||
+++ openssl-3.0.0-beta2/apps/cms.c 2021-08-10 16:23:08.500940124 +0200
|
||||
@@ -278,6 +278,8 @@ static void warn_binary(const char *file
|
||||
unsigned char linebuf[1024], *cur, *end;
|
||||
int len;
|
||||
|
||||
+ if (file == NULL)
|
||||
+ return; /* cannot give a warning for stdin input */
|
||||
if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL)
|
||||
return; /* cannot give a proper warning since there is an error */
|
||||
while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) {
|
||||
@@ -482,13 +484,9 @@ int cms_main(int argc, char **argv)
|
||||
rr_allorfirst = 1;
|
||||
break;
|
||||
case OPT_RCTFORM:
|
||||
- if (rctformat == FORMAT_ASN1) {
|
||||
- if (!opt_format(opt_arg(),
|
||||
- OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
|
||||
- goto opthelp;
|
||||
- } else {
|
||||
- rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
|
||||
- }
|
||||
+ if (!opt_format(opt_arg(),
|
||||
+ OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
|
||||
+ goto opthelp;
|
||||
break;
|
||||
case OPT_CERTFILE:
|
||||
certfile = opt_arg();
|
||||
@@ -954,7 +952,7 @@ int cms_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
- rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
|
||||
+ rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt");
|
||||
if (rcms == NULL)
|
||||
goto end;
|
||||
}
|
||||
Loading…
Reference in new issue