Fetch cipher after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
diff --git a/apps/cms.c b/apps/cms.c
index 4f1e614..67cbb93 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -289,7 +289,8 @@
char *certsoutfile = NULL, *digestname = NULL;
int noCAfile = 0, noCApath = 0, noCAstore = 0;
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
- char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *originatorfile = NULL, *recipfile = NULL;
+ char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
+ char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL;
char *to = NULL, *from = NULL, *subject = NULL, *prog;
cms_key_param *key_first = NULL, *key_param = NULL;
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
@@ -624,8 +625,7 @@
}
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &cipher))
- goto end;
+ ciphername = opt_unknown();
break;
case OPT_KEYOPT:
keyidx = -1;
@@ -698,8 +698,14 @@
}
}
app_RAND_load();
- if (digestname != NULL && !opt_md(digestname, &sign_md))
- goto end;
+ if (digestname != NULL) {
+ if (!opt_md(digestname, &sign_md))
+ goto end;
+ }
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &cipher))
+ goto end;
+ }
/* Remaining args are files to process. */
argc = opt_num_rest();
diff --git a/apps/crl.c b/apps/crl.c
index 34551cc..dd9d41e 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -207,8 +207,10 @@
if (argc != 0)
goto opthelp;
- if (digestname != NULL && !opt_md(digestname, &digest))
- goto opthelp;
+ if (digestname != NULL) {
+ if (!opt_md(digestname, &digest))
+ goto opthelp;
+ }
x = load_crl(infile, "CRL");
if (x == NULL)
goto end;
diff --git a/apps/dsa.c b/apps/dsa.c
index ebb841f..c4baaf7 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -87,7 +87,7 @@
int modulus = 0, pubin = 0, pubout = 0, ret = 1;
int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
int private = 0;
- const char *output_type = NULL;
+ const char *output_type = NULL, *ciphername = NULL;
const char *output_structure = NULL;
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
@@ -151,8 +151,7 @@
pubout = 1;
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
- goto end;
+ ciphername = opt_unknown();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
@@ -166,6 +165,10 @@
if (argc != 0)
goto opthelp;
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto end;
+ }
private = pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
diff --git a/apps/ec.c b/apps/ec.c
index 495e8e6..d89c580 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -70,7 +70,7 @@
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
- char *infile = NULL, *outfile = NULL, *prog;
+ char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
@@ -131,8 +131,7 @@
e = setup_engine(opt_arg(), 0);
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
- goto opthelp;
+ ciphername = opt_unknown();
break;
case OPT_CONV_FORM:
point_format = opt_arg();
@@ -162,6 +161,10 @@
if (argc != 0)
goto opthelp;
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto opthelp;
+ }
private = param_out || pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 81ab10d..c6c84c9 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -57,7 +57,7 @@
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *enc = NULL;
- char *dsaparams = NULL;
+ char *dsaparams = NULL, *ciphername = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0, verbose = 0;
@@ -93,8 +93,7 @@
goto end;
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
- goto end;
+ ciphername = opt_unknown();
break;
case OPT_VERBOSE:
verbose = 1;
@@ -107,9 +106,13 @@
argv = opt_rest();
if (argc != 1)
goto opthelp;
+ dsaparams = argv[0];
app_RAND_load();
- dsaparams = argv[0];
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto end;
+ }
private = 1;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 39c23e7..cd99b53 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -86,7 +86,7 @@
int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
unsigned long f4 = RSA_F4;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
- char *prog, *hexe, *dece;
+ char *prog, *hexe, *dece, *ciphername = NULL;
OPTION_CHOICE o;
int traditional = 0;
@@ -131,8 +131,7 @@
passoutarg = opt_arg();
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
- goto end;
+ ciphername = opt_unknown();
break;
case OPT_PRIMES:
if (!opt_int(opt_arg(), &primes))
@@ -166,6 +165,10 @@
app_RAND_load();
private = 1;
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto end;
+ }
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c
index cd4ee67..b1c0927 100644
--- a/apps/lib/app_rand.c
+++ b/apps/lib/app_rand.c
@@ -14,7 +14,7 @@
#include <openssl/conf.h>
static char *save_rand_file;
-static char *load_rand_file;
+static char *files_to_load;
void app_RAND_load_conf(CONF *c, const char *section)
{
@@ -34,30 +34,33 @@
int app_RAND_load(void)
{
- char *p;
+ char *p, *save;
int last, ret = 1;
- if (load_rand_file == NULL)
+ if (files_to_load == NULL)
return 1;
+ save = files_to_load;
for ( ; ; ) {
last = 0;
- for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+ for (p = files_to_load; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
- if (RAND_load_file(load_rand_file, -1) < 0) {
- BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file);
+ if (RAND_load_file(files_to_load, -1) < 0) {
+ BIO_printf(bio_err, "Can't load %s into RNG\n", files_to_load);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
- load_rand_file = p + 1;
- if (*load_rand_file == '\0')
+ files_to_load = p + 1;
+ if (*files_to_load == '\0')
break;
}
+ files_to_load = NULL;
+ OPENSSL_free(save);
return ret;
}
@@ -86,7 +89,7 @@
case OPT_R__LAST:
break;
case OPT_R_RAND:
- load_rand_file = opt_arg();
+ files_to_load = opt_arg();
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 8cc1f8e..e96f9ec 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -145,7 +145,7 @@
int pkcs12_main(int argc, char **argv)
{
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
- char *untrusted = NULL;
+ char *untrusted = NULL, *ciphername = NULL, *enc_flag = NULL;
char *passcertsarg = NULL, *passcerts = NULL;
char *name = NULL, *csp_name = NULL;
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
@@ -164,7 +164,6 @@
BIO *in = NULL, *out = NULL;
PKCS12 *p12 = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
- const char *enc_flag = NULL;
const EVP_CIPHER *const default_enc = EVP_aes_256_cbc();
const EVP_CIPHER *enc = default_enc;
OPTION_CHOICE o;
@@ -220,10 +219,19 @@
case OPT_EXPORT:
export_pkcs12 = 1;
break;
+ case OPT_NODES:
+ case OPT_NOENC:
+ /*
+ * |enc_flag| stores the name of the option used so it
+ * can be printed if an error message is output.
+ */
+ enc_flag = opt_flag() + 1;
+ enc = NULL;
+ ciphername = NULL;
+ break;
case OPT_CIPHER:
+ ciphername = opt_unknown();
enc_flag = opt_unknown();
- if (!opt_cipher(enc_flag, &enc))
- goto opthelp;
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
@@ -246,11 +254,6 @@
case OPT_MACALG:
macalg = opt_arg();
break;
- case OPT_NODES:
- case OPT_NOENC:
- enc_flag = opt_flag() + 1;
- enc = NULL;
- break;
case OPT_CERTPBE:
if (!set_pbe(&cert_pbe, opt_arg()))
goto opthelp;
@@ -342,6 +345,10 @@
goto opthelp;
app_RAND_load();
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto opthelp;
+ }
if (export_pkcs12) {
if ((options & INFO) != 0)
WARN_EXPORT("info");
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 1c459e7..6740074 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -75,7 +75,7 @@
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
const EVP_CIPHER *cipher = NULL;
- char *infile = NULL, *outfile = NULL;
+ char *infile = NULL, *outfile = NULL, *ciphername = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
#ifndef OPENSSL_NO_UI_CONSOLE
char pass[APP_PASS_LEN];
@@ -136,8 +136,7 @@
traditional = 1;
break;
case OPT_V2:
- if (!opt_cipher(opt_arg(), &cipher))
- goto opthelp;
+ ciphername = opt_arg();
break;
case OPT_V1:
pbe_nid = OBJ_txt2nid(opt_arg());
@@ -201,6 +200,10 @@
private = 1;
app_RAND_load();
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &cipher))
+ goto opthelp;
+ }
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
diff --git a/apps/pkey.c b/apps/pkey.c
index a48c985..1a53447 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -73,7 +73,7 @@
EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
- char *passinarg = NULL, *passoutarg = NULL, *prog;
+ char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
@@ -143,8 +143,7 @@
pub_check = 1;
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &cipher))
- goto opthelp;
+ ciphername = opt_unknown();
break;
case OPT_EC_CONV_FORM:
#ifdef OPENSSL_NO_EC
@@ -187,6 +186,10 @@
"Warning: The -traditional is ignored since there is no PEM output\n");
private = (!noout && !pubout) || (text && !text_pub);
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &cipher))
+ goto opthelp;
+ }
if (cipher == NULL) {
if (passoutarg != NULL)
BIO_printf(bio_err,
diff --git a/apps/rsa.c b/apps/rsa.c
index b65c8fc..1a75681 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -93,7 +93,7 @@
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx;
const EVP_CIPHER *enc = NULL;
- char *infile = NULL, *outfile = NULL, *prog;
+ char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
int private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
@@ -171,8 +171,7 @@
check = 1;
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &enc))
- goto opthelp;
+ ciphername = opt_unknown();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
@@ -189,6 +188,10 @@
if (argc != 0)
goto opthelp;
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &enc))
+ goto opthelp;
+ }
private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
diff --git a/apps/smime.c b/apps/smime.c
index fd1e2e6..63578f2 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -146,7 +146,7 @@
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL;
- char *subject = NULL, *digestname = NULL;
+ char *subject = NULL, *digestname = NULL, *ciphername = NULL;
OPTION_CHOICE o;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
@@ -297,8 +297,7 @@
digestname = opt_arg();
break;
case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &cipher))
- goto opthelp;
+ ciphername = opt_unknown();
break;
case OPT_INKEY:
/* If previous -inkey argument add signer to list */
@@ -365,6 +364,10 @@
if (!opt_md(digestname, &sign_md))
goto opthelp;
}
+ if (ciphername != NULL) {
+ if (!opt_cipher(ciphername, &cipher))
+ goto opthelp;
+ }
if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto opthelp;
