APPS: Drop interactive mode in the 'openssl' program

This mode is severely untested and unmaintained, is seems not to be
used very much.

Closes #4679
Closes #6292

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12023)

diff --git a/CHANGES.md b/CHANGES.md
index acb4c904bbcd8cb36ce71939009a671a23ea1be0..39088d1bc754ddd2a80c1f3eca5542ac1b6a2782 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 

+ * Dropped interactive mode from the 'openssl' program.  From now on,
+   the `openssl` command without arguments is equivalent to `openssl
+   help`.
+
+   *Richard Levitte*
+

  * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and
    EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq().
    While the old function names have been retained for backward compatibility
  * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and
    EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq().
    While the old function names have been retained for backward compatibility

diff --git a/NEWS.md b/NEWS.md
index c09e9599a498b277f305d31d8d144cf9a8b6fbe4..29fb641d261a5bfec28f9e867f64549b3708571f 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 

+  * Interactive mode is removed from the 'openssl' program.

   * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
     the FIPS provider.  None have the "fips=yes" property set and, as such,
     will not be accidentially used.
   * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
     the FIPS provider.  None have the "fips=yes" property set and, as such,
     will not be accidentially used.

diff --git a/apps/openssl.c b/apps/openssl.c
index 6265bffa67616555e3a9cf1c2968ada777783d5c..7b0ccbcc092ee1cf70ede9af5788f6a30f4b3628 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -30,9 +30,6 @@
 #include "apps.h"
 #include "progs.h"
 
 #include "apps.h"
 #include "progs.h"
 

-/* Special sentinel to exit the program. */
-#define EXIT_THE_PROGRAM (-1)
-

 /*
  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
  * the base prototypes (we cast each variable inside the function to the
 /*
  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
  * the base prototypes (we cast each variable inside the function to the


@@ -212,11 +209,9 @@ int main(int argc, char *argv[])
 {
     FUNCTION f, *fp;
     LHASH_OF(FUNCTION) *prog = NULL;
 {
     FUNCTION f, *fp;
     LHASH_OF(FUNCTION) *prog = NULL;

-    char *p, *pname;
-    char buf[1024];
-    const char *prompt;
+    char *pname;

     ARGS arg;
     ARGS arg;

-    int first, n, i, ret = 0;
+    int ret = 0;

 
     arg.argv = NULL;
     arg.size = 0;
 
     arg.argv = NULL;
     arg.size = 0;


@@ -264,89 +259,17 @@ int main(int argc, char *argv[])
     /* first check the program name */
     f.name = pname;
     fp = lh_FUNCTION_retrieve(prog, &f);
     /* first check the program name */
     f.name = pname;
     fp = lh_FUNCTION_retrieve(prog, &f);

-    if (fp != NULL) {
-        argv[0] = pname;
-        if (fp->deprecated_alternative != NULL)
-            warn_deprecated(fp);
-        ret = fp->func(argc, argv);
-        goto end;
-    }
-
-    /* If there is stuff on the command line, run with that. */
-    if (argc != 1) {
+    if (fp == NULL) {
+        /* We assume we've been called as 'openssl cmd' */

         argc--;
         argv++;
         argc--;
         argv++;

-        ret = do_cmd(prog, argc, argv);
-        if (ret < 0)
-            ret = 0;
-        goto end;

     }
 
     }
 

-    /* ok, lets enter interactive mode */
-    for (;;) {
-        ret = 0;
-        /* Read a line, continue reading if line ends with \ */
-        for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
-            prompt = first ? "OpenSSL> " : "> ";
-            p[0] = '\0';
-#ifndef READLINE
-            fputs(prompt, stdout);
-            fflush(stdout);
-            if (!fgets(p, n, stdin))
-                goto end;
-            if (p[0] == '\0')
-                goto end;
-            i = strlen(p);
-            if (i <= 1)
-                break;
-            if (p[i - 2] != '\\')
-                break;
-            i -= 2;
-            p += i;
-            n -= i;
-#else
-            {
-                extern char *readline(const char *);
-                extern void add_history(const char *cp);
-                char *text;
-
-                text = readline(prompt);
-                if (text == NULL)
-                    goto end;
-                i = strlen(text);
-                if (i == 0 || i > n)
-                    break;
-                if (text[i - 1] != '\\') {
-                    p += strlen(strcpy(p, text));
-                    free(text);
-                    add_history(buf);
-                    break;
-                }
-
-                text[i - 1] = '\0';
-                p += strlen(strcpy(p, text));
-                free(text);
-                n -= i;
-            }
-#endif
-        }
+    /* If there's a command, run with that, otherwise "help". */
+    ret = argc > 0
+        ? do_cmd(prog, argc, argv)
+        : help_main(argc, argv);

 
 

-        if (!chopup_args(&arg, buf)) {
-            BIO_printf(bio_err, "Can't parse (no memory?)\n");
-            break;
-        }
-
-        ret = do_cmd(prog, arg.argc, arg.argv);
-        if (ret == EXIT_THE_PROGRAM) {
-            ret = 0;
-            goto end;
-        }
-        if (ret != 0)
-            BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
-        (void)BIO_flush(bio_out);
-        (void)BIO_flush(bio_err);
-    }
-    ret = 1;

  end:
     app_providers_cleanup();
     OPENSSL_free(default_config_file);
  end:
     app_providers_cleanup();
     OPENSSL_free(default_config_file);


@@ -479,10 +402,6 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
         BIO_printf(bio_out, "%s\n", argv[0] + 3);
         return 1;
     }
         BIO_printf(bio_out, "%s\n", argv[0] + 3);
         return 1;
     }

-    if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
-        strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
-        /* Special value to mean "exit the program. */
-        return EXIT_THE_PROGRAM;

 
     BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
                argv[0]);
 
     BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
                argv[0]);

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 4bf1a00b0efdc61b23eaa533b2ceede33446ec8f..c9e75eb526f2f753101499ea11cda0d1c86ba9a5 100644 (file)
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -1405,7 +1405,11 @@ The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
 is silently ignored.
 
 The B<-xcertform> and B<-xkeyform> options
 is silently ignored.
 
 The B<-xcertform> and B<-xkeyform> options

-are obsolete since OpenSSL 3.0.0 and have no effect.
+are obsolete since OpenSSL 3.0 and have no effect.
+
+The interactive mode, which could be invoked by running C<openssl>
+with no further arguments, was removed in OpenSSL 3.0, and running
+that program with no arguments is now equivalent to C<openssl help>.

 
 =head1 COPYRIGHT
 
 
 =head1 COPYRIGHT