Build failed: openssl master.42133
Build openssl master.42133 failed Commit d0ccefdb77 by Richard Levitte on 5/22/2021 12:12 PM: Disable loader_attic by default on VMS Configure your notification preferences
Build failed: openssl master.42132
Build openssl master.42132 failed Commit b4810b70ff by Richard Levitte on 5/22/2021 11:48 AM: VMS: Fix run of generic generator programs in descrip.mms.tmpl Configure your notification preferences
Build failed: openssl master.42131
Build openssl master.42131 failed Commit 1b77f00a9b by Richard Levitte on 5/22/2021 11:46 AM: Configurations/descrip.mms.tmpl: rework the inclusion hacks Configure your notification preferences
Build failed: openssl master.42130
Build openssl master.42130 failed Commit 84faea44e6 by Robbie Harwood on 5/22/2021 10:18 AM: Fix upgrading docs for RSA_private_encrypt/RSA_public_decrypt Configure your notification preferences
Build failed: openssl master.42129
Build openssl master.42129 failed Commit 56c98a7d94 by Dr. David von Oheimb on 5/22/2021 10:09 AM: apps/cms: Simplify handling of encerts; add warning if they are ignored Configure your notification preferences
Build failed: openssl master.42128
Build openssl master.42128 failed Commit 06621ba387 by Pauli on 5/22/2021 5:33 AM: configurations: update template makefiles to install documentation images Configure your notification preferences
Build completed: openssl master.42127
Build openssl master.42127 completed Commit 862497a918 by Pauli on 5/22/2021 5:30 AM: property: convert integers to strings properly. Configure your notification preferences
[openssl] master update
The branch master has been updated
via b6f0f050fd6e40286eb33fcdf28507b0f9b79b26 (commit)
from 5771017d06be0ba9d82203de0e5ff45b0c616d66 (commit)
- Log -
commit b6f0f050fd6e40286eb33fcdf28507b0f9b79b26
Author: Dr. David von Oheimb
Date: Fri May 21 09:24:10 2021 +0200
80-test_cmp_http: Invert and correct the logic of success vs. failure exit
This makes the logic more intuitive and corrects the interpretation for
NonStop.
Fixes #15386
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15402)
---
Summary of changes:
test/recipes/80-test_cmp_http.t| 16 +-
.../80-test_cmp_http_data/test_commands.csv| 96 -
.../80-test_cmp_http_data/test_connection.csv | 74 +++
.../80-test_cmp_http_data/test_credentials.csv | 76
.../80-test_cmp_http_data/test_enrollment.csv | 214 ++---
.../80-test_cmp_http_data/test_verification.csv| 96 -
6 files changed, 286 insertions(+), 286 deletions(-)
diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 8bd9eacde9..c74a5faf03 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -128,19 +128,19 @@ sub test_cmp_http {
my $i = shift;
my $title = shift;
my $params = shift;
-my $expected_exit = shift;
+my $expected_result = shift;
my $path_app = bldtop_dir($app);
$params = [ '-server', "127.0.0.1:$server_port", @$params ]
unless grep { $_ eq '-server' } @$params;
with({ exit_checker => sub {
-my $actual_exit = shift;
-my $OK = $actual_exit == $expected_exit;
+my $actual_result = shift == 0;
+my $OK = $actual_result == $expected_result;
if ($faillog && !$OK) {
my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ?
'"'.$_.'"' : $_ };
my $invocation = "$path_app ".join(' ', map
$quote_spc_empty->($_), @$params);
print $faillog "$server_name $aspect \"$title\" ($i/$n)".
-" expected=$expected_exit actual=$actual_exit\n";
+" expected=$expected_result actual=$actual_result\n";
print $faillog "$invocation\n\n";
}
return $OK; } },
@@ -255,13 +255,13 @@ sub load_tests {
s/^\s+// for (@fields); # remove leading whitespace from elements
s/\s+$// for (@fields); # remove trailing whitespace from elements
s/^\"(\".*?\")\"$/$1/ for (@fields); # remove escaping from quotation
marks from elements
-my $expected_exit = $fields[$column];
+my $expected_result = $fields[$column];
my $description = 1;
my $title = $fields[$description];
-next LOOP if (!defined($expected_exit)
- || ($expected_exit ne 0 && $expected_exit ne 1));
+next LOOP if (!defined($expected_result)
+ || ($expected_result ne 0 && $expected_result ne 1));
@fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields -
1];
-push @result, [$title, \@fields, $expected_exit];
+push @result, [$title, \@fields, $expected_result];
}
close($data);
return \@result;
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv
b/test/recipes/80-test_cmp_http_data/test_commands.csv
index ae9514db97..2384f05f44 100644
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -1,56 +1,56 @@
expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2,
-infotype,val,, -oldcert,val, -revreason,int, -geninfo,val
,Generic,message options:Misc,request options:,,
,
-0,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
,
-1,no cmd, -section,,BLANK,,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd missing arg, -section,, -cmd,,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd undefined , -section,, -cmd,abc,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,no cmd, -section,,BLANK,,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd missing arg, -section,, -cmd,,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd undefined , -section,, -cmd,abc,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK,
,
-0,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,cacertsout given, -section,, -cmd,ir,,
-cacertsout,_RESULT_DIR/test.cacerts.pem,,BLANK,,,BLANK,,BLANK,
-1,cacertsout missing arg, -section,, -cmd,ir,,
-cacertsout,,,BLANK,,,BLANK,,BLANK,
+1,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,cacertsout given, -section,, -cmd,ir,,
[openssl] master update
The branch master has been updated
via 5771017d06be0ba9d82203de0e5ff45b0c616d66 (commit)
from d0ccefdb77f94bec662d75aeadd0b081641abd19 (commit)
- Log -
commit 5771017d06be0ba9d82203de0e5ff45b0c616d66
Author: Dr. David von Oheimb
Date: Wed May 19 19:44:22 2021 +0200
apps/cms.c: Correct -sign output and -verify input with -binary
Also add related warnings on irrelevant use of -nodetach and -content
options.
Fixes #15347
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15358)
---
Summary of changes:
apps/cms.c| 25 -
doc/man1/openssl-cms.pod.in | 4 ++--
test/smcont.bin => smcont.signed_ | Bin 8000 -> 10486 bytes
test/recipes/80-test_cms.t| 21 +++--
test/smcont.bin | Bin 8000 -> 8000 bytes
5 files changed, 33 insertions(+), 17 deletions(-)
copy test/smcont.bin => smcont.signed_ (67%)
diff --git a/apps/cms.c b/apps/cms.c
index e9fe29ab8e..da00ece93b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -287,10 +287,11 @@ static void warn_binary(const char *file)
BIO_printf(bio_err, "Warning: input file '%s' contains %s"
" character; better use -binary option\n",
file, *cur == '\0' ? "NUL" : "8-bit");
-break;
+goto end;
}
}
}
+ end:
BIO_free(bio);
}
@@ -320,7 +321,8 @@ int cms_main(int argc, char **argv)
char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL;
char *to = NULL, *from = NULL, *subject = NULL, *prog;
cms_key_param *key_first = NULL, *key_param = NULL;
-int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
0;
+int flags = CMS_DETACHED, binary_files = 0;
+int noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
@@ -811,14 +813,26 @@ int cms_main(int argc, char **argv)
ret = 2;
-if (!(operation & SMIME_SIGNERS))
+if ((operation & SMIME_SIGNERS) == 0) {
+if ((flags & CMS_DETACHED) == 0)
+BIO_printf(bio_err,
+ "Warning: -nodetach option is ignored for non-signing
operation\n");
+
flags &= ~CMS_DETACHED;
+}
+if ((operation & SMIME_IP) == 0 && contfile != NULL)
+BIO_printf(bio_err,
+ "Warning: -contfile option is ignored for the given
operation\n");
if ((flags & CMS_BINARY) != 0) {
if (!(operation & SMIME_OP))
outformat = FORMAT_BINARY;
if (!(operation & SMIME_IP))
informat = FORMAT_BINARY;
+if ((operation & SMIME_SIGNERS) != 0 && (flags & CMS_DETACHED) != 0)
+binary_files = 1;
+if ((operation & SMIME_IP) != 0 && contfile == NULL)
+binary_files = 1;
}
if (operation == SMIME_ENCRYPT) {
@@ -902,7 +916,7 @@ int cms_main(int argc, char **argv)
if ((flags & CMS_BINARY) == 0)
warn_binary(infile);
in = bio_open_default(infile, 'r',
- (flags & CMS_BINARY) != 0 ? FORMAT_BINARY :
informat);
+ binary_files ? FORMAT_BINARY : informat);
if (in == NULL)
goto end;
@@ -945,7 +959,8 @@ int cms_main(int argc, char **argv)
goto end;
}
-out = bio_open_default(outfile, 'w', outformat);
+out = bio_open_default(outfile, 'w',
+ binary_files ? FORMAT_BINARY : outformat);
if (out == NULL)
goto end;
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 6e0f86804a..c63a7f330b 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -507,8 +507,8 @@ will be written to this file if the verification was
successful.
=item B<-content> I
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the CMS
+This specifies a file containing the detached content for operations taking
+S/MIME input, such as the B<-verify> command. This is only usable if the CMS
structure is using the detached signature form where the content is
not included. This option will override any content if the input format
is S/MIME and it uses the multipart/signed MIME content type.
diff --git a/test/smcont.bin b/smcont.signed_
similarity index 67%
copy from test/smcont.bin
copy to smcont.signed_
index 2a5ce10224..59701f31d4 100644
Binary files a/test/smcont.bin and b/smcont.signed_ differ
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index
[openssl] master update
The branch master has been updated
via d0ccefdb77f94bec662d75aeadd0b081641abd19 (commit)
via 4b2981f13e6d2090a656dec5e877b849331c3b69 (commit)
from b4810b70ff79bef340a9447789622b6066a6361b (commit)
- Log -
commit d0ccefdb77f94bec662d75aeadd0b081641abd19
Author: Richard Levitte
Date: Mon May 17 23:10:11 2021 +0200
Disable loader_attic by default on VMS
The reason is that it currently doesn't build properly, due to the of
pvkfmt.c, causing multiply defined symbols since libcrypto exports
them as well. At the same time, it can't do without that source file,
or it won't have access to certain internal symbols from there.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15320)
commit 4b2981f13e6d2090a656dec5e877b849331c3b69
Author: Richard Levitte
Date: Mon May 17 23:10:02 2021 +0200
Make it possible to disable the loader_attic engine
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15320)
---
Summary of changes:
Configurations/10-main.conf | 2 +-
Configure | 1 +
engines/build.info | 22 --
3 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 122d3f46db..117598eb06 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1857,7 +1857,7 @@ my %targets = (
asflags => sub { vms_info()->{asflags} },
perlasm_scheme => sub { vms_info()->{perlasm_scheme} },
-disable => add('pinshared'),
+disable => add('pinshared', 'loadereng'),
},
diff --git a/Configure b/Configure
index 16f12565ab..a6fb8324a0 100755
--- a/Configure
+++ b/Configure
@@ -449,6 +449,7 @@ my @disablables = (
"idea",
"ktls",
"legacy",
+"loadereng",
"makedepend",
"md2",
"md4",
diff --git a/engines/build.info b/engines/build.info
index e275035946..cae014ecc6 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -69,8 +69,19 @@ IF[{- !$disabled{"engine"} -}]
GENERATE[devcrypto.ld]=../util/engines.num
ENDIF
ENDIF
+IF[{- !$disabled{"loadereng"} -}]
+ MODULES{engine}=loader_attic
+ SOURCE[loader_attic]=e_loader_attic.c ../crypto/pem/pvkfmt.c
+ DEFINE[loader_attic]=OPENSSL_NO_PROVIDER_CODE
+ DEPEND[loader_attic]=../libcrypto
+ INCLUDE[loader_attic]=../include
+ IF[{- defined $target{shared_defflag} -}]
+SOURCE[loader_attic]=loader_attic.ld
+GENERATE[loader_attic.ld]=../util/engines.num
+ ENDIF
+ENDIF
-MODULES{noinst,engine}=ossltest dasync loader_attic
+MODULES{noinst,engine}=ossltest dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
@@ -86,15 +97,6 @@ IF[{- !$disabled{"engine"} -}]
SOURCE[ossltest]=ossltest.ld
GENERATE[ossltest.ld]=../util/engines.num
ENDIF
-
-SOURCE[loader_attic]=e_loader_attic.c ../crypto/pem/pvkfmt.c
-DEFINE[loader_attic]=OPENSSL_NO_PROVIDER_CODE
-DEPEND[loader_attic]=../libcrypto
-INCLUDE[loader_attic]=../include
-IF[{- defined $target{shared_defflag} -}]
- SOURCE[loader_attic]=loader_attic.ld
- GENERATE[loader_attic.ld]=../util/engines.num
-ENDIF
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl
GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl
[openssl] master update
The branch master has been updated
via b4810b70ff79bef340a9447789622b6066a6361b (commit)
from 1b77f00a9b0469fe578c60710e760ebc2b908e21 (commit)
- Log -
commit b4810b70ff79bef340a9447789622b6066a6361b
Author: Richard Levitte
Date: Fri May 21 05:52:01 2021 +0200
VMS: Fix run of generic generator programs in descrip.mms.tmpl
For a generic program, always go through the MCR utility.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/15397)
---
Summary of changes:
Configurations/descrip.mms.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 85f90ad518..4188e29020 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -984,7 +984,7 @@ EOF
$gen0 = platform->bin($gen0);
return <<"EOF";
$args{src} : $gen0 $deps
- PIPE $gen0$gen_args > \$@
+ PIPE MCR $gen0$gen_args > \$@
EOF
} else {
#
[openssl] master update
The branch master has been updated
via 1b77f00a9b0469fe578c60710e760ebc2b908e21 (commit)
from 84faea44e6ad9ff7f470b5958e7303f6c521bf2e (commit)
- Log -
commit 1b77f00a9b0469fe578c60710e760ebc2b908e21
Author: Richard Levitte
Date: Wed May 19 10:57:48 2021 +0200
Configurations/descrip.mms.tmpl: rework the inclusion hacks
Because VMS C has some trouble with recursive inclusion of header
files, we have had to help it out for object files where there is such
an inclusion structure.
Previously, we did so with temporary logical names that were the same
as the first directory in an inclusion, so for example, to enable this
inclusion (found in ssl/ssl_local.h), we created the logical name
"record" when building any of the object files in the ssl/
subdirectories:
#include "record/record.h"
However, there is another way with the VMS C compiler, to selectively
specify extra include directories in Unix form directly to the
compiler. The logic is that from the directory where the source file
to compile is located, the specified inclusion directory merged with
the inclusion string should be able to access to specified header
file.
So for example, when a file in ssl/record/ is compiled, the following
inclusion is found:
#include "../ssl_local.h"
So far so good, VMS C handles it properly. However, the recursive
inclusion of "record/record.h" fails. However, if the compiler is
helped out a little bit, with the following extra qualifier, then it
works:
/INCLUDE="../"
The reason is that the compiler merges "../" and "record/record.h"
into "../record/record.h", which is the correct path to that header
file from the directory of the source file being compiled.
All that remained was to figure out all places where this trouble may
occur, and specify extra Unix formatted inclusion directories to
specify on per object file basis.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15369)
---
Summary of changes:
Configurations/descrip.mms.tmpl | 81 +
1 file changed, 33 insertions(+), 48 deletions(-)
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 873d74f651..85f90ad518 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -205,43 +205,39 @@
our $bin_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)');
# This is a horrible hack, but is needed because recursive inclusion of files
- # in different directories does not work well with HP C.
- my $sd = sourcedir("crypto", "async", "arch");
+ # in different directories does not work well with VMS C. We try to help by
+ # specifying extra relative directories. They must always be in Unix format,
+ # relative to the directory where the .c file is located. The logic is that
+ # any inclusion, merged with one of these relative directories, will find the
+ # requested inclusion file.
foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys
%{$unified_info{sources}}) {
my $obj = platform->obj($_);
- $unified_info{before}->{$obj}
- = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
-define arch 'arch_include');
- $unified_info{after}->{$obj}
- = qq(deassign arch);
+ push @{$unified_info{includes_extra}->{$obj}}, qw(../);
}
- my $sd32 = sourcedir("crypto", "ec", "curve448", "arch_32");
- my $sd64 = sourcedir("crypto", "ec", "curve448", "arch_64");
- foreach (grep /\[\.crypto\.ec\.curve448.*?\].*?\.o$/, keys
%{$unified_info{sources}}) {
+ foreach (grep /\[\.crypto\.ec\.curve448\].*?\.o$/, keys
%{$unified_info{sources}}) {
my $obj = platform->obj($_);
- $unified_info{before}->{$obj}
- = qq(arch_32_include = F\$PARSE("$sd32","A.;",,,"SYNTAX_ONLY") -
"A.;"
-define arch_32 'arch_32_include'
-arch_64_include = F\$PARSE("$sd64","A.;",,,"SYNTAX_ONLY") - "A.;"
-define arch_64 'arch_64_include');
- $unified_info{after}->{$obj}
- = qq(deassign arch_64
-deassign arch_32);
+ push @{$unified_info{includes_extra}->{$obj}}, qw(./arch_32 ./arch64);
}
- my $sd1 = sourcedir("ssl","record");
- my $sd2 = sourcedir("ssl","statem");
- my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/,
-keys %{$unified_info{sources}});
- foreach (@ssl_locl_users) {
+ foreach (grep /\[\.crypto\.ec\.curve448.arch_(?:32|64)\].*?\.o$/, keys
%{$unified_info{sources}}) {
my $obj = platform->obj($_);
- $unified_info{before}->{$obj}
- = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-define record
Build failed: openssl master.42126
Build openssl master.42126 failed Commit b54611922b by Richard Levitte on 5/22/2021 5:23 AM: test/params_conversion_test.c: fix the use of strtoumax and strtoimax on VMS Configure your notification preferences
[openssl] master update
The branch master has been updated via 84faea44e6ad9ff7f470b5958e7303f6c521bf2e (commit) from 56c98a7d94d25df5999bd12c600788ec947e588c (commit) - Log - commit 84faea44e6ad9ff7f470b5958e7303f6c521bf2e Author: Robbie Harwood Date: Wed May 19 15:15:19 2021 -0400 Fix upgrading docs for RSA_private_encrypt/RSA_public_decrypt Despite the name, these functions manipulate signatures, which means that their replacements are the EVP_PKEY_sign/EVP_PKEY_verify family. Signed-off-by: Robbie Harwood Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/15359) --- Summary of changes: doc/man3/RSA_private_encrypt.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod index a74a39834c..4b97d874c3 100644 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -21,9 +21,9 @@ L: =head1 DESCRIPTION Both of the functions described on this page are deprecated. -Applications should instead use L, -L, L and -L. +Applications should instead use L, +L, L and +L. These functions handle RSA signatures at a low-level.
[openssl] master update
The branch master has been updated
via 56c98a7d94d25df5999bd12c600788ec947e588c (commit)
from 06621ba387f8d45e0c273f77f18573eb52cd66b8 (commit)
- Log -
commit 56c98a7d94d25df5999bd12c600788ec947e588c
Author: Dr. David von Oheimb
Date: Sat Apr 3 19:51:36 2021 +0200
apps/cms: Simplify handling of encerts; add warning if they are ignored
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14843)
---
Summary of changes:
apps/cms.c | 42 ++
1 file changed, 22 insertions(+), 20 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index 25ef1effd4..e9fe29ab8e 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -307,10 +307,10 @@ int cms_main(int argc, char **argv)
EVP_MD *sign_md = NULL;
STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
-STACK_OF(X509) *encerts = NULL, *other = NULL;
+STACK_OF(X509) *encerts = sk_X509_new_null(), *other = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL;
X509_STORE *store = NULL;
-X509_VERIFY_PARAM *vpm = NULL;
+X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new();
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
@@ -332,8 +332,8 @@ int cms_main(int argc, char **argv)
OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx();
-if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
-return 1;
+if (encerts == NULL || vpm == NULL)
+goto end;
prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -641,8 +641,6 @@ int cms_main(int argc, char **argv)
break;
case OPT_RECIP:
if (operation == SMIME_ENCRYPT) {
-if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
-goto end;
cert = load_cert(opt_arg(), FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
@@ -659,7 +657,7 @@ int cms_main(int argc, char **argv)
case OPT_KEYOPT:
keyidx = -1;
if (operation == SMIME_ENCRYPT) {
-if (encerts != NULL)
+if (sk_X509_num(encerts) > 0)
keyidx += sk_X509_num(encerts);
} else {
if (keyfile != NULL || signerfile != NULL)
@@ -797,7 +795,7 @@ int cms_main(int argc, char **argv)
}
} else if (operation == SMIME_ENCRYPT) {
if (*argv == NULL && secret_key == NULL
-&& pwri_pass == NULL && encerts == NULL) {
+&& pwri_pass == NULL && sk_X509_num(encerts) <= 0) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp;
}
@@ -838,16 +836,19 @@ int cms_main(int argc, char **argv)
goto end;
}
-if (*argv && encerts == NULL)
-if ((encerts = sk_X509_new_null()) == NULL)
-goto end;
-while (*argv) {
-if ((cert = load_cert(*argv, FORMAT_UNDEF,
- "recipient certificate file")) == NULL)
-goto end;
-sk_X509_push(encerts, cert);
-cert = NULL;
-argv++;
+if (*argv != NULL) {
+if (operation == SMIME_ENCRYPT) {
+for (; *argv != NULL; argv++) {
+cert = load_cert(*argv, FORMAT_UNDEF,
+ "recipient certificate file");
+if (cert == NULL)
+goto end;
+sk_X509_push(encerts, cert);
+cert = NULL;
+}
+} else {
+BIO_printf(bio_err, "Warning: recipient certificate file
parameters ignored for operation other than -encrypt\n");
+}
}
}
@@ -1182,9 +1183,10 @@ int cms_main(int argc, char **argv)
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
BIO_printf(bio_err, "%s Verification successful\n",
- (flags & CMS_CADES) ? "CAdES" : "CMS");
+ (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
} else {
-BIO_printf(bio_err, "Verification failure\n");
+BIO_printf(bio_err, "%s Verification failure\n",
+ (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
if (verify_retcode)
ret = verify_err + 32;
goto end;
Build failed: openssl master.42125
Build openssl master.42125 failed Commit a066841554 by Richard Levitte on 5/22/2021 5:20 AM: VMS: don't use app_malloc() in apps/lib/vms_decc_argv.c Configure your notification preferences
Build completed: openssl OpenSSL_1_1_1-stable.42124
Build openssl OpenSSL_1_1_1-stable.42124 completed Commit 7fc0b93761 by Dmitry Belyavskiy on 5/21/2021 3:22 PM: Cleanup the peer point formats on regotiation Configure your notification preferences
Build failed: openssl master.42123
Build openssl master.42123 failed Commit 3f98738192 by Dmitry Belyavskiy on 5/21/2021 3:18 PM: Cleanup the peer point formats on regotiation Configure your notification preferences
Build failed: openssl master.42122
Build openssl master.42122 failed Commit 0491691342 by Richard Levitte on 5/21/2021 1:01 PM: DOCS: Fixups of the migration guide and the FIPS module manual Configure your notification preferences
