From 41f935bf3baf8d06aca7da9a5a9029e1bbaff371 Mon Sep 17 00:00:00 2001 From: semarie Date: Sat, 17 Oct 2015 07:51:10 +0000 Subject: [PATCH] add "tty" for several subcommands of openssl it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@ --- usr.bin/openssl/ca.c | 4 ++-- usr.bin/openssl/cms.c | 4 ++-- usr.bin/openssl/dgst.c | 4 ++-- usr.bin/openssl/dsa.c | 4 ++-- usr.bin/openssl/ec.c | 4 ++-- usr.bin/openssl/enc.c | 4 ++-- usr.bin/openssl/gendsa.c | 4 ++-- usr.bin/openssl/genpkey.c | 4 ++-- usr.bin/openssl/genrsa.c | 4 ++-- usr.bin/openssl/openssl.c | 4 ++-- usr.bin/openssl/passwd.c | 4 ++-- usr.bin/openssl/pkcs12.c | 4 ++-- usr.bin/openssl/pkcs8.c | 4 ++-- usr.bin/openssl/pkey.c | 4 ++-- usr.bin/openssl/pkeyutl.c | 4 ++-- usr.bin/openssl/req.c | 4 ++-- usr.bin/openssl/rsa.c | 4 ++-- usr.bin/openssl/rsautl.c | 4 ++-- usr.bin/openssl/s_client.c | 4 ++-- usr.bin/openssl/s_server.c | 4 ++-- usr.bin/openssl/smime.c | 4 ++-- usr.bin/openssl/spkac.c | 4 ++-- usr.bin/openssl/ts.c | 4 ++-- usr.bin/openssl/x509.c | 4 ++-- 24 files changed, 48 insertions(+), 48 deletions(-) diff --git a/usr.bin/openssl/ca.c b/usr.bin/openssl/ca.c index 0b246aeb154..d97410b5563 100644 --- a/usr.bin/openssl/ca.c +++ b/usr.bin/openssl/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.17 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: ca.c,v 1.18 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -287,7 +287,7 @@ ca_main(int argc, char **argv) DB_ATTR db_attr; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/cms.c b/usr.bin/openssl/cms.c index 29429f53e08..4174960d7ad 100644 --- a/usr.bin/openssl/cms.c +++ b/usr.bin/openssl/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.4 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: cms.c,v 1.5 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -136,7 +136,7 @@ cms_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/dgst.c b/usr.bin/openssl/dgst.c index b4632eefa35..432f3100306 100644 --- a/usr.bin/openssl/dgst.c +++ b/usr.bin/openssl/dgst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dgst.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: dgst.c,v 1.8 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -124,7 +124,7 @@ dgst_main(int argc, char **argv) STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/dsa.c b/usr.bin/openssl/dsa.c index 2c4feea0d58..6a774ee545e 100644 --- a/usr.bin/openssl/dsa.c +++ b/usr.bin/openssl/dsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: dsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -241,7 +241,7 @@ dsa_main(int argc, char **argv) char *passin = NULL, *passout = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/ec.c b/usr.bin/openssl/ec.c index b4e2fe1daac..b376d434047 100644 --- a/usr.bin/openssl/ec.c +++ b/usr.bin/openssl/ec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: ec.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -278,7 +278,7 @@ ec_main(int argc, char **argv) char *passin = NULL, *passout = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/enc.c b/usr.bin/openssl/enc.c index d7103823d3e..296024c68ff 100644 --- a/usr.bin/openssl/enc.c +++ b/usr.bin/openssl/enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc.c,v 1.8 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: enc.c,v 1.9 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -339,7 +339,7 @@ enc_main(int argc, char **argv) int i; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/gendsa.c b/usr.bin/openssl/gendsa.c index 002380a1b9d..3e027aaf268 100644 --- a/usr.bin/openssl/gendsa.c +++ b/usr.bin/openssl/gendsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gendsa.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: gendsa.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,7 +86,7 @@ gendsa_main(int argc, char **argv) const EVP_CIPHER *enc = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/genpkey.c b/usr.bin/openssl/genpkey.c index 4d11bc3c338..995d66f14da 100644 --- a/usr.bin/openssl/genpkey.c +++ b/usr.bin/openssl/genpkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genpkey.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: genpkey.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -87,7 +87,7 @@ genpkey_main(int argc, char **argv) int do_param = 0; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/genrsa.c b/usr.bin/openssl/genrsa.c index 1ca8713ed28..35e6d602b0e 100644 --- a/usr.bin/openssl/genrsa.c +++ b/usr.bin/openssl/genrsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genrsa.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: genrsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,7 +101,7 @@ genrsa_main(int argc, char **argv) RSA *rsa = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c index 43f0e9189c3..374bcd27d0a 100644 --- a/usr.bin/openssl/openssl.c +++ b/usr.bin/openssl/openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: openssl.c,v 1.18 2015/10/16 13:37:44 millert Exp $ */ +/* $OpenBSD: openssl.c,v 1.19 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -438,7 +438,7 @@ main(int argc, char **argv) arg.data = NULL; arg.count = 0; - if (pledge("stdio inet rpath wpath cpath proc flock", NULL) == -1) { + if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) { fprintf(stderr, "openssl: pledge: %s\n", strerror(errno)); exit(1); } diff --git a/usr.bin/openssl/passwd.c b/usr.bin/openssl/passwd.c index 58fc5ecb4b4..7ef7ef456c7 100644 --- a/usr.bin/openssl/passwd.c +++ b/usr.bin/openssl/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: passwd.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */ #if defined OPENSSL_NO_MD5 #define NO_MD5CRYPT_1 @@ -146,7 +146,7 @@ passwd_main(int argc, char **argv) int ret = 1; if (single_execution) { - if (pledge("stdio rpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c index f8d8cc6115c..2eb04a58b70 100644 --- a/usr.bin/openssl/pkcs12.c +++ b/usr.bin/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -125,7 +125,7 @@ pkcs12_main(int argc, char **argv) char *CApath = NULL, *CAfile = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/pkcs8.c b/usr.bin/openssl/pkcs8.c index 4ac2af012ae..5b54cbfb989 100644 --- a/usr.bin/openssl/pkcs8.c +++ b/usr.bin/openssl/pkcs8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs8.c,v 1.7 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: pkcs8.c,v 1.8 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -227,7 +227,7 @@ pkcs8_main(int argc, char **argv) int ret = 1; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/pkey.c b/usr.bin/openssl/pkey.c index d1ddf5a9299..0a0590ccb65 100644 --- a/usr.bin/openssl/pkey.c +++ b/usr.bin/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: pkey.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -80,7 +80,7 @@ pkey_main(int argc, char **argv) int ret = 1; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/pkeyutl.c b/usr.bin/openssl/pkeyutl.c index 64d1f90f507..bf3fcf1b920 100644 --- a/usr.bin/openssl/pkeyutl.c +++ b/usr.bin/openssl/pkeyutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkeyutl.c,v 1.8 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: pkeyutl.c,v 1.9 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -101,7 +101,7 @@ pkeyutl_main(int argc, char **argv) int ret = 1, rv = -1; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/req.c b/usr.bin/openssl/req.c index 032944b233f..c2f20ae757c 100644 --- a/usr.bin/openssl/req.c +++ b/usr.bin/openssl/req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: req.c,v 1.10 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: req.c,v 1.11 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -177,7 +177,7 @@ req_main(int argc, char **argv) unsigned long chtype = MBSTRING_ASC; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/rsa.c b/usr.bin/openssl/rsa.c index a5737605fea..06d3ca1b423 100644 --- a/usr.bin/openssl/rsa.c +++ b/usr.bin/openssl/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: rsa.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -269,7 +269,7 @@ rsa_main(int argc, char **argv) char *passin = NULL, *passout = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/rsautl.c b/usr.bin/openssl/rsautl.c index 92dceff8a17..a6106e03130 100644 --- a/usr.bin/openssl/rsautl.c +++ b/usr.bin/openssl/rsautl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsautl.c,v 1.8 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: rsautl.c,v 1.9 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -99,7 +99,7 @@ rsautl_main(int argc, char **argv) int ret = 1; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index 63f30389c4b..6bc66ac5fb3 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.21 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: s_client.c,v 1.22 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -365,7 +365,7 @@ s_client_main(int argc, char **argv) long socket_mtu = 0; if (single_execution) { - if (pledge("stdio inet rpath wpath cpath", NULL) == -1) + if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index 198508398b3..33765eeedbf 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.20 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: s_server.c,v 1.21 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -605,7 +605,7 @@ s_server_main(int argc, char *argv[]) tlsextalpnctx alpn_ctx = { NULL, 0 }; if (single_execution) { - if (pledge("stdio inet rpath", NULL) == -1) + if (pledge("stdio inet rpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/smime.c b/usr.bin/openssl/smime.c index fee7c71e761..53e2a94a544 100644 --- a/usr.bin/openssl/smime.c +++ b/usr.bin/openssl/smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smime.c,v 1.5 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: smime.c,v 1.6 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -113,7 +113,7 @@ smime_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/spkac.c b/usr.bin/openssl/spkac.c index 1c8b7073d8e..7eff70b5e6d 100644 --- a/usr.bin/openssl/spkac.c +++ b/usr.bin/openssl/spkac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spkac.c,v 1.6 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: spkac.c,v 1.7 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. Based on an original idea by Massimiliano Pala * (madwolf@openca.org). @@ -182,7 +182,7 @@ spkac_main(int argc, char **argv) EVP_PKEY *pkey = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/ts.c b/usr.bin/openssl/ts.c index 04ff60ae485..60b8f02bac2 100644 --- a/usr.bin/openssl/ts.c +++ b/usr.bin/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.11 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: ts.c,v 1.12 2015/10/17 07:51:10 semarie Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -150,7 +150,7 @@ ts_main(int argc, char **argv) int token_out = 0; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } diff --git a/usr.bin/openssl/x509.c b/usr.bin/openssl/x509.c index 07c28789d3f..08b39e5db6b 100644 --- a/usr.bin/openssl/x509.c +++ b/usr.bin/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.10 2015/10/10 22:28:51 doug Exp $ */ +/* $OpenBSD: x509.c,v 1.11 2015/10/17 07:51:10 semarie Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -199,7 +199,7 @@ x509_main(int argc, char **argv) const char *errstr = NULL; if (single_execution) { - if (pledge("stdio rpath wpath cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) perror("pledge"); } -- 2.20.1