| Message ID | 20240729180233.1114694-1-mic@digikod.net (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | tools/certs: Make print-cert-tbs-hash.sh compatible with recent OpenSSL | expand |
Could someone please take this patch? On Mon, Jul 29, 2024 at 08:02:32PM +0200, Mickaël Salaün wrote: > Recent OpenSSL versions (2 or 3) broke the "x509" argument parsing by > not handling "-in -" (unlike OpenSSL 1.1): > Could not open file or uri for loading certificate from -: No such > file or directory > > Avoid this issue and still make this script work with older versions of > OpenSSL by using implicit arguments instead. > > To hopefully make it more future-proof, apply the same simplifications > for other OpenSSL commands. > > Cc: David Howells <dhowells@redhat.com> > Cc: David Woodhouse <dwmw2@infradead.org> > Cc: Eric Snowberg <eric.snowberg@oracle.com> > Cc: Jarkko Sakkinen <jarkko@kernel.org> > Reported-by: Daniel Urbonas <t-durbonas@microsoft.com> > Fixes: 58d416351e6d ("tools/certs: Add print-cert-tbs-hash.sh") > Signed-off-by: Mickaël Salaün <mic@digikod.net> > --- > tools/certs/print-cert-tbs-hash.sh | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/tools/certs/print-cert-tbs-hash.sh b/tools/certs/print-cert-tbs-hash.sh > index c93df5387ec9..22bdeec4d286 100755 > --- a/tools/certs/print-cert-tbs-hash.sh > +++ b/tools/certs/print-cert-tbs-hash.sh > @@ -54,7 +54,7 @@ RANGE_AND_DIGEST_RE=' > ' > > RANGE_AND_DIGEST=($(echo "${PEM}" | \ > - openssl asn1parse -in - | \ > + openssl asn1parse | \ > sed -n -e "${RANGE_AND_DIGEST_RE}")) > > if [ "${#RANGE_AND_DIGEST[@]}" != 3 ]; then > @@ -85,7 +85,7 @@ if [ -z "${DIGEST_MATCH}" ]; then > fi > > echo "${PEM}" | \ > - openssl x509 -in - -outform DER | \ > + openssl x509 -outform DER | \ > dd "bs=1" "skip=${OFFSET}" "count=${END}" "status=none" | \ > - openssl dgst "-${DIGEST_MATCH}" - | \ > + openssl dgst "-${DIGEST_MATCH}" | \ > awk '{printf "tbs:" $2}' > -- > 2.45.2 >
diff --git a/tools/certs/print-cert-tbs-hash.sh b/tools/certs/print-cert-tbs-hash.sh index c93df5387ec9..22bdeec4d286 100755 --- a/tools/certs/print-cert-tbs-hash.sh +++ b/tools/certs/print-cert-tbs-hash.sh @@ -54,7 +54,7 @@ RANGE_AND_DIGEST_RE=' ' RANGE_AND_DIGEST=($(echo "${PEM}" | \ - openssl asn1parse -in - | \ + openssl asn1parse | \ sed -n -e "${RANGE_AND_DIGEST_RE}")) if [ "${#RANGE_AND_DIGEST[@]}" != 3 ]; then @@ -85,7 +85,7 @@ if [ -z "${DIGEST_MATCH}" ]; then fi echo "${PEM}" | \ - openssl x509 -in - -outform DER | \ + openssl x509 -outform DER | \ dd "bs=1" "skip=${OFFSET}" "count=${END}" "status=none" | \ - openssl dgst "-${DIGEST_MATCH}" - | \ + openssl dgst "-${DIGEST_MATCH}" | \ awk '{printf "tbs:" $2}'
Recent OpenSSL versions (2 or 3) broke the "x509" argument parsing by not handling "-in -" (unlike OpenSSL 1.1): Could not open file or uri for loading certificate from -: No such file or directory Avoid this issue and still make this script work with older versions of OpenSSL by using implicit arguments instead. To hopefully make it more future-proof, apply the same simplifications for other OpenSSL commands. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Reported-by: Daniel Urbonas <t-durbonas@microsoft.com> Fixes: 58d416351e6d ("tools/certs: Add print-cert-tbs-hash.sh") Signed-off-by: Mickaël Salaün <mic@digikod.net> --- tools/certs/print-cert-tbs-hash.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)