[Pkg-openssl-devel] Bug#843682: openssl: 'openssl dsaparam 2048 -out file' hangs, trying to read from stdin

Tue Nov 8 22:01:57 UTC 2016

On 2016-11-08 22:17, Kurt Roeckx wrote:
>>   openssl dsaparam 2048 -out file
> 
> The 2048 should be the last parameter, like it has always been
> documented. It's now trying to read DSA parameters from stdin,
> instead of generating them.

Thanks. That script is probably a decade old ...

This is a quick grep of all obvious openssl invocations in the sendmail package.
Are there more "wrong" ones?

I especially like 
  openssl dhparam -dsaparam -in $FILE >> $FILE
:-)
(which is probably correct as long as openssl consumes the input before generating any output)

./debian/local/update_tls.in:                           LINK="$CERT_DIR/"$(openssl x509 -noout -hash < $MTA_CRT)".0";
./debian/local/update_tls.in:                           LINK="$CERT_DIR/"$(openssl x509 -noout -hash < $MSP_CRT)".0";
./debian/local/update_tls.in:                           openssl dsaparam 2048 -out $COM_PRM;
./debian/local/update_tls.in:                           openssl dhparam -dsaparam -in $COM_PRM >> $COM_PRM;
./debian/local/update_tls.in:                           openssl genrsa -out $COM_KEY 2048;
./debian/local/update_tls.in:                           #openssl gendsa -out $COM_KEY $COM_PRM;
./debian/local/update_tls.in:                           openssl req -new -config $MTA_CFG -key $COM_KEY \
./debian/local/update_tls.in-                                   -out $MTA_CSR \
./debian/local/update_tls.in-                                   <@sysconfdir@/mail/tls/no_prompt >/dev/null 2>&1;
./debian/local/update_tls.in:                           openssl x509 -req -extfile $MTA_CFG \
./debian/local/update_tls.in-                                   -signkey $COM_KEY -in $MTA_CSR \
./debian/local/update_tls.in-                                   -out $MTA_CRT -days 3650 \
./debian/local/update_tls.in-                                   >/dev/null 2>&1;
./debian/local/update_tls.in:                           openssl req -new -config $MSP_CFG -key $COM_KEY \
./debian/local/update_tls.in-                                   -out $MSP_CSR \
./debian/local/update_tls.in-                                   <@sysconfdir@/mail/tls/no_prompt >/dev/null 2>&1;
./debian/local/update_tls.in:                           openssl x509 -req -extfile $MSP_CFG \
./debian/local/update_tls.in-                                   -signkey $COM_KEY -in $MSP_CSR \
./debian/local/update_tls.in-                                   -out $MSP_CRT -days 3650 \
./debian/local/update_tls.in-                                   >/dev/null 2>&1;
./debian/local/update_tls.in:           LINK="$CERT_DIR/"$(openssl x509 -noout -hash < $MTA_CRT)".0";
./debian/local/update_tls.in:           LINK="$CERT_DIR/"$(openssl x509 -noout -hash < $MSP_CRT)".0";
./doc/op/op.me:openssl dgst -h
./doc/op/op.me: openssl dhparam -out /etc/mail/dhparams.pem 2048
./doc/op/op.me:ln -s $C `openssl x509 -noout -hash < $C`.0
./doc/op/op.me:openssl rand -out /etc/mail/randfile -rand \c
contrib/link_hash.sh:SSL=openssl
contrib/link_hash.sh:    H=`$SSL x509 -noout -hash < $C`.0

Feel free to reassign the bug to sendmail.

Thanks

Andreas