generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactor apps load_certs/load_crls to work incrementally

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Viktor Dukhovni
2016-01-16 00:08:38 -05:00
parent 6e8beabcd4
commit 0996dc5440
10 changed files with 45 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/apps.c
View File

@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,
BIO_free(bio); BIO_free(bio);
if (pcerts) { if (pcerts && *pcerts == NULL) {
*pcerts = sk_X509_new_null(); *pcerts = sk_X509_new_null();
if (!*pcerts) if (!*pcerts)
goto end; goto end;
} }
if (pcrls) { if (pcrls && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null(); *pcrls = sk_X509_CRL_new_null();
if (!*pcrls) if (!*pcrls)
goto end; goto end;
@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
return vp; return vp;
} }
/*
* Initialize or extend, if *certs != NULL, a certificate stack.
STACK_OF(X509) *load_certs(const char *file, int format, */
const char *pass, ENGINE *e, const char *desc) int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *desc)
{ {
STACK_OF(X509) *certs; return load_certs_crls(file, format, pass, e, desc, certs, NULL);
if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
return NULL;
return certs;
} }
STACK_OF(X509_CRL) *load_crls(const char *file, int format, /*
const char *pass, ENGINE *e, const char *desc) * Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, ENGINE *e, const char *desc)
{ {
STACK_OF(X509_CRL) *crls; return load_certs_crls(file, format, pass, e, desc, NULL, crls);
if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
return NULL;
return crls;
} }
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)

10
apps/apps.h
View File

@@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip); const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(const char *file, int format, int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *pass, ENGINE *e, const char *cert_descrip);
const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
STACK_OF(X509_CRL) *load_crls(const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip);
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath, X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath); int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,

4
apps/cms.c
View File

@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
} }
if (certfile) { if (certfile) {
if ((other = load_certs(certfile, FORMAT_PEM, NULL, e, if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
"certificate file")) == NULL) { "certificate file")) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }

15
apps/ocsp.c
View File

@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
rca_cert = load_cert(rca_filename, FORMAT_PEM, rca_cert = load_cert(rca_filename, FORMAT_PEM,
NULL, NULL, "CA certificate"); NULL, NULL, "CA certificate");
if (rcertfile) { if (rcertfile) {
rother = load_certs(rcertfile, FORMAT_PEM, if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
NULL, NULL, "responder other certificates"); "responder other certificates"))
if (!rother)
goto end; goto end;
} }
rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL, rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
goto end; goto end;
} }
if (sign_certfile) { if (sign_certfile) {
sign_other = load_certs(sign_certfile, FORMAT_PEM, if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
NULL, NULL, "signer certificates"); "signer certificates"))
if (!sign_other)
goto end; goto end;
} }
key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL, key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
if (vpmtouched) if (vpmtouched)
X509_STORE_set1_param(store, vpm); X509_STORE_set1_param(store, vpm);
if (verify_certfile) { if (verify_certfile) {
verify_other = load_certs(verify_certfile, FORMAT_PEM, if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
NULL, NULL, "validator certificate"); "validator certificate"))
if (!verify_other)
goto end; goto end;
} }

13
apps/pkcs12.c
View File

@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)
/* Load in all certs in input file */ /* Load in all certs in input file */
if (!(options & NOCERTS)) { if (!(options & NOCERTS)) {
certs = load_certs(infile, FORMAT_PEM, NULL, e, if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
"certificates"); "certificates"))
if (!certs)
goto export_end; goto export_end;
if (key) { if (key) {
@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)
/* Add any more certificates asked for */ /* Add any more certificates asked for */
if (certfile) { if (certfile) {
STACK_OF(X509) *morecerts = NULL; if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e, "certificates from certfile"))
"certificates from certfile")) == NULL)
goto export_end; goto export_end;
while (sk_X509_num(morecerts) > 0)
sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts);
} }
/* If chaining get chain from user cert */ /* If chaining get chain from user cert */

5
apps/s_cb.c
View File

@@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc)
if (!exc->key) if (!exc->key)
return 0; return 0;
if (exc->chainfile) { if (exc->chainfile) {
exc->chain = load_certs(exc->chainfile, FORMAT_PEM, if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
NULL, NULL, "Server Chain"); NULL, "Server Chain"))
if (!exc->chain)
return 0; return 0;
} }
} }

5
apps/s_client.c
View File

@@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv)
} }
if (chain_file) { if (chain_file) {
chain = load_certs(chain_file, FORMAT_PEM, if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
NULL, e, "client certificate chain"); "client certificate chain"))
if (!chain)
goto end; goto end;
} }

10
apps/s_server.c
View File

@@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[])
goto end; goto end;
} }
if (s_chain_file) { if (s_chain_file) {
s_chain = load_certs(s_chain_file, FORMAT_PEM, if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
NULL, e, "server certificate chain"); "server certificate chain"))
if (!s_chain)
goto end; goto end;
} }
@@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[])
goto end; goto end;
} }
if (s_dchain_file) { if (s_dchain_file) {
s_dchain = load_certs(s_dchain_file, FORMAT_PEM, if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
NULL, e, "second server certificate chain"); "second server certificate chain"))
if (!s_dchain)
goto end; goto end;
} }

4
apps/smime.c
View File

@@ -468,8 +468,8 @@ int smime_main(int argc, char **argv)
} }
if (certfile) { if (certfile) {
if ((other = load_certs(certfile, FORMAT_PEM, NULL, if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
e, "certificate file")) == NULL) { "certificate file")) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
} }

13
apps/verify.c
View File

@@ -208,22 +208,19 @@ int verify_main(int argc, char **argv)
ERR_clear_error(); ERR_clear_error();
if (untfile) { if (untfile) {
untrusted = load_certs(untfile, FORMAT_PEM, if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
NULL, e, "untrusted certificates"); "untrusted certificates"))
if (!untrusted)
goto end; goto end;
} }
if (trustfile) { if (trustfile) {
trusted = load_certs(trustfile, FORMAT_PEM, if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
NULL, e, "trusted certificates"); "trusted certificates"))
if (!trusted)
goto end; goto end;
} }
if (crlfile) { if (crlfile) {
crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs"); if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
if (!crls)
goto end; goto end;
} }