From be4127b1c74c542a79b66400ce082f4319fd3616 Mon Sep 17 00:00:00 2001 From: schwarze Date: Wed, 10 Nov 2021 09:00:21 +0000 Subject: [PATCH] Merge two bug fixes from the OpenSSL 1.1.1 branch, which is still under a free license: 1. If the three X509_load_*(3) functions are called with a NULL file argument, do not return 1 to the caller because the return value 1 means "i loaded one certificate or CRL into the store". 2. When calling PEM load functions, do not ask the user for a password in an interactive manner. This includes parts of the following commits: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz Date: Thu Apr 20 15:33:42 2017 -0400 Message: [...] Remove NULL checks and allow a segv to occur. [...] commit db854bb14a7010712cfc02861731399b1b587474 Author: Bernd Edlinger Date: Mon Aug 7 18:02:53 2017 +0200 Message: Avoid surpising password dialog in X509 file lookup. OK tb@ --- lib/libcrypto/x509/by_file.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/libcrypto/x509/by_file.c b/lib/libcrypto/x509/by_file.c index f719636412e..db66617d2b9 100644 --- a/lib/libcrypto/x509/by_file.c +++ b/lib/libcrypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.22 2021/11/01 20:53:08 tb Exp $ */ +/* $OpenBSD: by_file.c,v 1.23 2021/11/10 09:00:21 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -127,8 +127,6 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509 *x = NULL; - if (file == NULL) - return (1); in = BIO_new(BIO_s_file_internal()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { @@ -138,7 +136,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -185,8 +183,6 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509_CRL *x = NULL; - if (file == NULL) - return (1); in = BIO_new(BIO_s_file_internal()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { @@ -196,7 +192,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -250,7 +246,7 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509error(ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509error(ERR_R_PEM_LIB); -- 2.20.1