Fetch cipher after loading providers

Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#14135)
littlepush · Feb 11, 2021 · 03bbd34 · 03bbd34
1 parent d0190e1
commit 03bbd34
Show file tree

Hide file tree

Showing 12 changed files with 92 additions and 50 deletions.
diff --git a/apps/cms.c b/apps/cms.c
@@ -289,7 +289,8 @@ int cms_main(int argc, char **argv)
     char *certsoutfile = NULL, *digestname = NULL;
     int noCAfile = 0, noCApath = 0, noCAstore = 0;
     char *infile = NULL, *outfile = NULL, *rctfile = NULL;
-    char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *originatorfile = NULL, *recipfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
+    char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL;
     char *to = NULL, *from = NULL, *subject = NULL, *prog;
     cms_key_param *key_first = NULL, *key_param = NULL;
     int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
@@ -624,8 +625,7 @@ int cms_main(int argc, char **argv)
             }
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &cipher))
-                goto end;
+            ciphername = opt_unknown();
             break;
         case OPT_KEYOPT:
             keyidx = -1;
@@ -698,8 +698,14 @@ int cms_main(int argc, char **argv)
         }
     }
     app_RAND_load();
-    if (digestname != NULL && !opt_md(digestname, &sign_md))
-        goto end;
+    if (digestname != NULL) {
+        if (!opt_md(digestname, &sign_md))
+            goto end;
+    }
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &cipher))
+            goto end;
+    }
 
     /* Remaining args are files to process. */
     argc = opt_num_rest();

diff --git a/apps/crl.c b/apps/crl.c
@@ -207,8 +207,10 @@ int crl_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
-    if (digestname != NULL && !opt_md(digestname, &digest))
-        goto opthelp;
+    if (digestname != NULL) {
+        if (!opt_md(digestname, &digest))
+            goto opthelp;
+    }
     x = load_crl(infile, "CRL");
     if (x == NULL)
         goto end;

diff --git a/apps/dsa.c b/apps/dsa.c
@@ -87,7 +87,7 @@ int dsa_main(int argc, char **argv)
     int modulus = 0, pubin = 0, pubout = 0, ret = 1;
     int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
     int private = 0;
-    const char *output_type = NULL;
+    const char *output_type = NULL, *ciphername = NULL;
     const char *output_structure = NULL;
     int selection = 0;
     OSSL_ENCODER_CTX *ectx = NULL;
@@ -151,8 +151,7 @@ int dsa_main(int argc, char **argv)
             pubout = 1;
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto end;
+            ciphername = opt_unknown();
             break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
@@ -166,6 +165,10 @@ int dsa_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto end;
+    }
     private = pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;

diff --git a/apps/ec.c b/apps/ec.c
@@ -70,7 +70,7 @@ int ec_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     ENGINE *e = NULL;
     const EVP_CIPHER *enc = NULL;
-    char *infile = NULL, *outfile = NULL, *prog;
+    char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
@@ -131,8 +131,7 @@ int ec_main(int argc, char **argv)
             e = setup_engine(opt_arg(), 0);
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto opthelp;
+            ciphername = opt_unknown();
             break;
         case OPT_CONV_FORM:
             point_format = opt_arg();
@@ -162,6 +161,10 @@ int ec_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto opthelp;
+    }
     private = param_out || pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;

diff --git a/apps/gendsa.c b/apps/gendsa.c
@@ -57,7 +57,7 @@ int gendsa_main(int argc, char **argv)
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
     const EVP_CIPHER *enc = NULL;
-    char *dsaparams = NULL;
+    char *dsaparams = NULL, *ciphername = NULL;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
     OPTION_CHOICE o;
     int ret = 1, private = 0, verbose = 0;
@@ -93,8 +93,7 @@ int gendsa_main(int argc, char **argv)
                 goto end;
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto end;
+            ciphername = opt_unknown();
             break;
         case OPT_VERBOSE:
             verbose = 1;
@@ -107,9 +106,13 @@ int gendsa_main(int argc, char **argv)
     argv = opt_rest();
     if (argc != 1)
         goto opthelp;
+    dsaparams = argv[0];
 
     app_RAND_load();
-    dsaparams = argv[0];
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto end;
+    }
     private = 1;
 
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {

diff --git a/apps/genrsa.c b/apps/genrsa.c
@@ -86,7 +86,7 @@ int genrsa_main(int argc, char **argv)
     int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
     unsigned long f4 = RSA_F4;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
-    char *prog, *hexe, *dece;
+    char *prog, *hexe, *dece, *ciphername = NULL;
     OPTION_CHOICE o;
     int traditional = 0;
 
@@ -131,8 +131,7 @@ int genrsa_main(int argc, char **argv)
             passoutarg = opt_arg();
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto end;
+            ciphername = opt_unknown();
             break;
         case OPT_PRIMES:
             if (!opt_int(opt_arg(), &primes))
@@ -166,6 +165,10 @@ int genrsa_main(int argc, char **argv)
 
     app_RAND_load();
     private = 1;
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto end;
+    }
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
         BIO_printf(bio_err, "Error getting password\n");
         goto end;

diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c
@@ -14,7 +14,7 @@
 #include <openssl/conf.h>
 
 static char *save_rand_file;
-static char *load_rand_file;
+static char *files_to_load;
 
 void app_RAND_load_conf(CONF *c, const char *section)
 {
@@ -34,30 +34,33 @@ void app_RAND_load_conf(CONF *c, const char *section)
 
 int app_RAND_load(void)
 {
-    char *p;
+    char *p, *save;
     int last, ret = 1;
 
-    if (load_rand_file == NULL)
+    if (files_to_load == NULL)
         return 1;
 
+    save = files_to_load;
     for ( ; ; ) {
         last = 0;
-        for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+        for (p = files_to_load; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
             continue;
         if (*p == '\0')
             last = 1;
         *p = '\0';
-        if (RAND_load_file(load_rand_file, -1) < 0) {
-            BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file);
+        if (RAND_load_file(files_to_load, -1) < 0) {
+            BIO_printf(bio_err, "Can't load %s into RNG\n", files_to_load);
             ERR_print_errors(bio_err);
             ret = 0;
         }
         if (last)
             break;
-        load_rand_file = p + 1;
-        if (*load_rand_file == '\0')
+        files_to_load = p + 1;
+        if (*files_to_load == '\0')
             break;
     }
+    files_to_load = NULL;
+    OPENSSL_free(save);
     return ret;
 }
 
@@ -86,7 +89,7 @@ int opt_rand(int opt)
     case OPT_R__LAST:
         break;
     case OPT_R_RAND:
-        load_rand_file = opt_arg();
+        files_to_load = opt_arg();
         break;
     case OPT_R_WRITERAND:
         OPENSSL_free(save_rand_file);

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
@@ -145,7 +145,7 @@ const OPTIONS pkcs12_options[] = {
 int pkcs12_main(int argc, char **argv)
 {
     char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
-    char *untrusted = NULL;
+    char *untrusted = NULL, *ciphername = NULL, *enc_flag = NULL;
     char *passcertsarg = NULL, *passcerts = NULL;
     char *name = NULL, *csp_name = NULL;
     char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
@@ -164,7 +164,6 @@ int pkcs12_main(int argc, char **argv)
     BIO *in = NULL, *out = NULL;
     PKCS12 *p12 = NULL;
     STACK_OF(OPENSSL_STRING) *canames = NULL;
-    const char *enc_flag = NULL;
     const EVP_CIPHER *const default_enc = EVP_aes_256_cbc();
     const EVP_CIPHER *enc = default_enc;
     OPTION_CHOICE o;
@@ -220,10 +219,19 @@ int pkcs12_main(int argc, char **argv)
         case OPT_EXPORT:
             export_pkcs12 = 1;
             break;
+        case OPT_NODES:
+        case OPT_NOENC:
+            /*
+             * |enc_flag| stores the name of the option used so it
+             * can be printed if an error message is output.
+             */
+            enc_flag = opt_flag() + 1;
+            enc = NULL;
+            ciphername = NULL;
+            break;
         case OPT_CIPHER:
+            ciphername = opt_unknown();
             enc_flag = opt_unknown();
-            if (!opt_cipher(enc_flag, &enc))
-                goto opthelp;
             break;
         case OPT_ITER:
             if (!opt_int(opt_arg(), &iter))
@@ -246,11 +254,6 @@ int pkcs12_main(int argc, char **argv)
         case OPT_MACALG:
             macalg = opt_arg();
             break;
-        case OPT_NODES:
-        case OPT_NOENC:
-            enc_flag = opt_flag() + 1;
-            enc = NULL;
-            break;
         case OPT_CERTPBE:
             if (!set_pbe(&cert_pbe, opt_arg()))
                 goto opthelp;
@@ -342,6 +345,10 @@ int pkcs12_main(int argc, char **argv)
         goto opthelp;
 
     app_RAND_load();
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto opthelp;
+    }
     if (export_pkcs12) {
         if ((options & INFO) != 0)
             WARN_EXPORT("info");

diff --git a/apps/pkcs8.c b/apps/pkcs8.c
@@ -75,7 +75,7 @@ int pkcs8_main(int argc, char **argv)
     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
     X509_SIG *p8 = NULL;
     const EVP_CIPHER *cipher = NULL;
-    char *infile = NULL, *outfile = NULL;
+    char *infile = NULL, *outfile = NULL, *ciphername = NULL;
     char *passinarg = NULL, *passoutarg = NULL, *prog;
 #ifndef OPENSSL_NO_UI_CONSOLE
     char pass[APP_PASS_LEN];
@@ -136,8 +136,7 @@ int pkcs8_main(int argc, char **argv)
             traditional = 1;
             break;
         case OPT_V2:
-            if (!opt_cipher(opt_arg(), &cipher))
-                goto opthelp;
+            ciphername = opt_arg();
             break;
         case OPT_V1:
             pbe_nid = OBJ_txt2nid(opt_arg());
@@ -201,6 +200,10 @@ int pkcs8_main(int argc, char **argv)
 
     private = 1;
     app_RAND_load();
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &cipher))
+            goto opthelp;
+    }
 
     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");

diff --git a/apps/pkey.c b/apps/pkey.c
@@ -73,7 +73,7 @@ int pkey_main(int argc, char **argv)
     EVP_PKEY_CTX *ctx = NULL;
     const EVP_CIPHER *cipher = NULL;
     char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
-    char *passinarg = NULL, *passoutarg = NULL, *prog;
+    char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
     OPTION_CHOICE o;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM;
     int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
@@ -143,8 +143,7 @@ int pkey_main(int argc, char **argv)
             pub_check = 1;
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &cipher))
-                goto opthelp;
+            ciphername = opt_unknown();
             break;
         case OPT_EC_CONV_FORM:
 #ifdef OPENSSL_NO_EC
@@ -187,6 +186,10 @@ int pkey_main(int argc, char **argv)
                    "Warning: The -traditional is ignored since there is no PEM output\n");
     private = (!noout && !pubout) || (text && !text_pub);
 
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &cipher))
+            goto opthelp;
+    }
     if (cipher == NULL) {
         if (passoutarg != NULL)
             BIO_printf(bio_err,

diff --git a/apps/rsa.c b/apps/rsa.c
@@ -93,7 +93,7 @@ int rsa_main(int argc, char **argv)
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *pctx;
     const EVP_CIPHER *enc = NULL;
-    char *infile = NULL, *outfile = NULL, *prog;
+    char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     int private = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
@@ -171,8 +171,7 @@ int rsa_main(int argc, char **argv)
             check = 1;
             break;
         case OPT_CIPHER:
-            if (!opt_cipher(opt_unknown(), &enc))
-                goto opthelp;
+            ciphername = opt_unknown();
             break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
@@ -189,6 +188,10 @@ int rsa_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
+    if (ciphername != NULL) {
+        if (!opt_cipher(ciphername, &enc))
+            goto opthelp;
+    }
     private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
 
     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {