Fix cmp_cli_test issue 13494 #13497
Fix cmp_cli_test issue 13494 #13497
Conversation
| NULL, NULL, NULL, NULL, NULL, NULL}; | ||
| UI_METHOD *ui_fallback_method = (UI_METHOD *)UI_null(); | ||
| */ | ||
| UI_method_set_reader(UI_OpenSSL(), NULL); |
mattcaswell
Nov 24, 2020
Member
Should we really be "setting" this OpenSSL global method? Shouldn't it be declared as const to prevent this?
I was expecting a solution that copied the UI_METHOD instead. In fact this code looks very much like this existing code where we do make a copy:
Lines 115 to 129
in
9524a30
Should we really be "setting" this OpenSSL global method? Shouldn't it be declared as const to prevent this?
I was expecting a solution that copied the UI_METHOD instead. In fact this code looks very much like this existing code where we do make a copy:
Lines 115 to 129 in 9524a30
mattcaswell
Nov 24, 2020
Member
Shouldn't it be declared as const to prevent this?
Although changing the return value of UI_OpenSSL() itself is probably an API break...so maybe not.
Shouldn't it be declared as const to prevent this?
Although changing the return value of UI_OpenSSL() itself is probably an API break...so maybe not.
DDvO
Nov 25, 2020
Author
Contributor
The code adapting the UI method cmp.c when the -batch option is given had indeed been borrowed from an earlier version of the above quoted code in apps_ui.c.
The goal is to disable any interactive app input, and this so far has been achieved by changing the UI method globally. To admit, this was a pretty invasive way of doing that.
I've just had a closer look and found a more elegant way, namely to modify only the app-specific UI method. This required removing const from the declaration of UI_METHOD *get_ui_method(void), which I believe is adequate.
The code adapting the UI method cmp.c when the -batch option is given had indeed been borrowed from an earlier version of the above quoted code in apps_ui.c.
The goal is to disable any interactive app input, and this so far has been achieved by changing the UI method globally. To admit, this was a pretty invasive way of doing that.
I've just had a closer look and found a more elegant way, namely to modify only the app-specific UI method. This required removing const from the declaration of UI_METHOD *get_ui_method(void), which I believe is adequate.
mattcaswell
Nov 25, 2020
Member
I'm still slightly confused....where is the ui method actually used by the cmp app?
I'm still slightly confused....where is the ui method actually used by the cmp app?
DDvO
Nov 25, 2020
Author
Contributor
Sigh, it turns out that the more elegant version does not work because load_key_certs_crls() relies on the UI method returned by get_ui_method(), so changed the fix back to adapting UI_OpenSSL() instead.
Sigh, it turns out that the more elegant version does not work because load_key_certs_crls() relies on the UI method returned by get_ui_method(), so changed the fix back to adapting UI_OpenSSL() instead.
DDvO
Nov 25, 2020
Author
Contributor
where is the ui method actually used by the cmp app?
The UI methods are used by all apps using load_key() and the like, which rely on load_key_certs_crls().
where is the ui method actually used by the cmp app?
The UI methods are used by all apps using load_key() and the like, which rely on load_key_certs_crls().
t8m
Nov 25, 2020
Member
I suppose the clean fix would be to to add set_batch_ui_method() which would set the NULL reader. in the ui_method returned by get_ui_method?
I suppose the clean fix would be to to add set_batch_ui_method() which would set the NULL reader. in the ui_method returned by get_ui_method?
DDvO
Nov 25, 2020
Author
Contributor
As I tried to explain above removing the reader method from the apps' ui_method (regardless which way this is done) is not the right solution because load_key_certs_crls() unfortunately uses this UI method for passing further down the pass argument. So any given password is lost this way :-(
As I tried to explain above removing the reader method from the apps' ui_method (regardless which way this is done) is not the right solution because load_key_certs_crls() unfortunately uses this UI method for passing further down the pass argument. So any given password is lost this way :-(
t8m
Nov 25, 2020
Member
Ah, now I get it. But you could then set a flag to just return null and not call the reader from ui_fallback_method in case the password is not set.
Ah, now I get it. But you could then set a flag to just return null and not call the reader from ui_fallback_method in case the password is not set.
DDvO
Nov 25, 2020
Author
Contributor
The mentioned problem is in case a password must be used, not when it is not set).
I suggest doing any further discussion on this later
because getting this fix merged is urgent to fix CI test failures
and I have other very urgent things to do today.
The mentioned problem is in case a password must be used, not when it is not set).
I suggest doing any further discussion on this later
because getting this fix merged is urgent to fix CI test failures
and I have other very urgent things to do today.
|
I think this fixes the minimal CI test that's failing for other pull requests, so I put an urgent label on it. |
|
The sanitizers CI failure is unrelated. |
|
The sanitizers CI failure is unrelated.
I've created #13503 for that.
|
This comment has been hidden.
This comment has been hidden.
|
Hmm CI failures still... |
Also make clear we cannot use get_ui_method() at this point. Fixes #13494
This should be fixed now; see my above comment on your review. BTW, rebasing on the current master lead to an unrelated build failure on |
| @@ -136,7 +136,7 @@ void destroy_ui_method(void) | |||
| } | |||
| } | |||
|
|
|||
| const UI_METHOD *get_ui_method(void) | |||
| UI_METHOD *get_ui_method(void) | |||
mattcaswell
Nov 25, 2020
Member
Should we revert this change too?
Should we revert this change too?
DDvO
Nov 25, 2020
Author
Contributor
I suggest leaving this in because it may be useful in other situations.
I suggest leaving this in because it may be useful in other situations.
|
I'm not too enthusiastic about the UI_METHOD stuff. But my concern there pre-dates this PR, and this PR improves the CI situation. So approved. |
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #13497)
Merged already now since this was urgent. Shall I keep this PR open for now as a reminder to finish the above discussion? |
I raised issue #13511 for this, so I think this PR can be closed. |
apps/cmp.c: fix crash with-batchoption onOPENSSL_NO_UI_CONSOLE81-test_cmp_cli_data/Mock/signer.p12using AES-256-CBC (avoiding DES)Fixes #13494