From: Shane Lontis <shane.lontis@oracle.com>
Date: Wed, 28 Apr 2021 02:51:49 +0000 (+1000)
Subject: Fix CRL app so that stdin works.
X-Git-Tag: openssl-3.0.0-alpha16~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9d62da6c305d947530d91e412fdb21a8d8e3510;p=thirdparty%2Fopenssl.git

Fix CRL app so that stdin works.

Fixes #15031

The maybe_stdin needed to be passed to load_key_certs_crls().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15058)
---

diff --git a/apps/crl.c b/apps/crl.c
index fbdd2a896c7..8a0dc3605d3 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -211,7 +211,7 @@ int crl_main(int argc, char **argv)
         if (!opt_md(digestname, &digest))
             goto opthelp;
     }
-    x = load_crl(infile, "CRL");
+    x = load_crl(infile, 1, "CRL");
     if (x == NULL)
         goto end;
 
@@ -250,13 +250,13 @@ int crl_main(int argc, char **argv)
             BIO_printf(bio_err, "verify OK\n");
     }
 
-    if (crldiff) {
+    if (crldiff != NULL) {
         X509_CRL *newcrl, *delta;
         if (!keyfile) {
             BIO_puts(bio_err, "Missing CRL signing key\n");
             goto end;
         }
-        newcrl = load_crl(crldiff, "other CRL");
+        newcrl = load_crl(crldiff, 0, "other CRL");
         if (!newcrl)
             goto end;
         pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 2d102246f84..9532d396eb5 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -111,7 +111,7 @@ X509_REQ *load_csr(const char *file, int format, const char *desc);
 X509 *load_cert_pass(const char *uri, int maybe_stdin,
                      const char *pass, const char *desc);
 #define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
-X509_CRL *load_crl(const char *uri, const char *desc);
+X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc);
 void cleanse(char *str);
 void clear_free(char *str);
 EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 4b7b38cf5cf..1ca6f6e0961 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -499,7 +499,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
     return cert;
 }
 
-X509_CRL *load_crl(const char *uri, const char *desc)
+X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
 {
     X509_CRL *crl = NULL;
 
@@ -510,7 +510,7 @@ X509_CRL *load_crl(const char *uri, const char *desc)
     else if (IS_HTTP(uri))
         crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
     else
-        (void)load_key_certs_crls(uri, 0, NULL, desc,
+        (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
                                   NULL, NULL,  NULL, NULL, NULL, &crl, NULL);
     if (crl == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
@@ -2318,8 +2318,8 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
     for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
         DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
         urlptr = get_dp_url(dp);
-        if (urlptr)
-            return load_crl(urlptr, "CRL via CDP");
+        if (urlptr != NULL)
+            return load_crl(urlptr, 0, "CRL via CDP");
     }
     return NULL;
 }
diff --git a/apps/s_client.c b/apps/s_client.c
index 7b3cf87620d..dfc38b66593 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1632,7 +1632,7 @@ int s_client_main(int argc, char **argv)
 
     if (crl_file != NULL) {
         X509_CRL *crl;
-        crl = load_crl(crl_file, "CRL");
+        crl = load_crl(crl_file, 0, "CRL");
         if (crl == NULL)
             goto end;
         crls = sk_X509_CRL_new_null();
diff --git a/apps/s_server.c b/apps/s_server.c
index b00303630f7..9ffd499a0a0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1726,7 +1726,7 @@ int s_server_main(int argc, char *argv[])
 
     if (crl_file != NULL) {
         X509_CRL *crl;
-        crl = load_crl(crl_file, "CRL");
+        crl = load_crl(crl_file, 0, "CRL");
         if (crl == NULL)
             goto end;
         crls = sk_X509_CRL_new_null();
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index a17383f043b..1d6200e6d4c 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_crl");
 
-plan tests => 8;
+plan tests => 9;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -39,6 +39,11 @@ ok(compare1stline([qw{openssl crl -noout -hash -in},
                    srctop_file('test', 'testcrl.pem')],
                   '106cd822'));
 
+ok(compare1stline_stdin([qw{openssl crl -hash -noout}],
+                        srctop_file("test","testcrl.pem"),
+                        '106cd822'),
+   "crl piped input test");
+
 ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out,
             "-nameopt", "utf8"])));
 is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")),
@@ -53,3 +58,13 @@ sub compare1stline {
     note "Expected ", $str;
     return 0;
 }
+
+sub compare1stline_stdin {
+    my ($cmdarray, $infile, $str) = @_;
+    my @lines = run(app($cmdarray, stdin => $infile), capture => 1);
+
+    return 1 if $lines[0] =~ m|^\Q${str}\E\R$|;
+    note "Got      ", $lines[0];
+    note "Expected ", $str;
+    return 0;
+}