Refactor apps load_certs/load_crls to work incrementally
authorViktor Dukhovni <openssl-users@dukhovni.org>
Sat, 16 Jan 2016 05:08:38 +0000 (00:08 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 21 Jan 2016 00:04:26 +0000 (19:04 -0500)
Reviewed-by: Richard Levitte <levitte@openssl.org>
apps/apps.c
apps/apps.h
apps/cms.c
apps/ocsp.c
apps/pkcs12.c
apps/s_cb.c
apps/s_client.c
apps/s_server.c
apps/smime.c
apps/verify.c

index bb47039..9b55f82 100644 (file)
@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,
 
     BIO_free(bio);
 
-    if (pcerts) {
+    if (pcerts && *pcerts == NULL) {
         *pcerts = sk_X509_new_null();
         if (!*pcerts)
             goto end;
     }
 
-    if (pcrls) {
+    if (pcrls && *pcrls == NULL) {
         *pcrls = sk_X509_CRL_new_null();
         if (!*pcrls)
             goto end;
@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
     return vp;
 }
 
-
-
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *certs != NULL,  a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509) *certs;
-    if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
-        return NULL;
-    return certs;
+    return load_certs_crls(file, format, pass, e, desc, certs, NULL);
 }
 
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *crls != NULL,  a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509_CRL) *crls;
-    if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
-        return NULL;
-    return crls;
+    return load_certs_crls(file, format, pass, e, desc, NULL, crls);
 }
 
 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
index e549e3f..e402f3c 100644 (file)
@@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
                    const char *pass, ENGINE *e, const char *key_descrip);
 EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
                       const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(char *CAfile, char *CApath,
                          int noCAfile, int noCApath);
 int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
index 8cf99de..bcfcd54 100644 (file)
@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
     }
 
     if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
             ERR_print_errors(bio_err);
             goto end;
         }
index 0c41c4d..d2e3109 100644 (file)
@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
         rca_cert = load_cert(rca_filename, FORMAT_PEM,
                              NULL, NULL, "CA certificate");
         if (rcertfile) {
-            rother = load_certs(rcertfile, FORMAT_PEM,
-                                NULL, NULL, "responder other certificates");
-            if (!rother)
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+                            "responder other certificates"))
                 goto end;
         }
         rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
             goto end;
         }
         if (sign_certfile) {
-            sign_other = load_certs(sign_certfile, FORMAT_PEM,
-                                    NULL, NULL, "signer certificates");
-            if (!sign_other)
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+                            "signer certificates"))
                 goto end;
         }
         key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
     if (vpmtouched)
         X509_STORE_set1_param(store, vpm);
     if (verify_certfile) {
-        verify_other = load_certs(verify_certfile, FORMAT_PEM,
-                                  NULL, NULL, "validator certificate");
-        if (!verify_other)
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+                        "validator certificate"))
             goto end;
     }
 
index 33a58df..2ede384 100644 (file)
@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)
 
         /* Load in all certs in input file */
         if (!(options & NOCERTS)) {
-            certs = load_certs(infile, FORMAT_PEM, NULL, e,
-                               "certificates");
-            if (!certs)
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates"))
                 goto export_end;
 
             if (key) {
@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)
 
         /* Add any more certificates asked for */
         if (certfile) {
-            STACK_OF(X509) *morecerts = NULL;
-            if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                        "certificates from certfile")) == NULL)
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates from certfile"))
                 goto export_end;
-            while (sk_X509_num(morecerts) > 0)
-                sk_X509_push(certs, sk_X509_shift(morecerts));
-            sk_X509_free(morecerts);
         }
 
         /* If chaining get chain from user cert */
index c72e4c2..55d2c39 100644 (file)
@@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc)
         if (!exc->key)
             return 0;
         if (exc->chainfile) {
-            exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
-                                    NULL, NULL, "Server Chain");
-            if (!exc->chain)
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            NULL, "Server Chain"))
                 return 0;
         }
     }
index 4dea7c4..717d7c1 100644 (file)
@@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv)
     }
 
     if (chain_file) {
-        chain = load_certs(chain_file, FORMAT_PEM,
-                           NULL, e, "client certificate chain");
-        if (!chain)
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+                        "client certificate chain"))
             goto end;
     }
 
index 93f6083..9d9cb24 100644 (file)
@@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
         if (s_chain_file) {
-            s_chain = load_certs(s_chain_file, FORMAT_PEM,
-                                 NULL, e, "server certificate chain");
-            if (!s_chain)
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+                            "server certificate chain"))
                 goto end;
         }
 
@@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
         if (s_dchain_file) {
-            s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
-                                  NULL, e, "second server certificate chain");
-            if (!s_dchain)
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+                            "second server certificate chain"))
                 goto end;
         }
 
index 551a8fd..024e83b 100644 (file)
@@ -468,8 +468,8 @@ int smime_main(int argc, char **argv)
     }
 
     if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL,
-                                 e, "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
             ERR_print_errors(bio_err);
             goto end;
         }
index 16b25c9..183579c 100644 (file)
@@ -208,22 +208,19 @@ int verify_main(int argc, char **argv)
     ERR_clear_error();
 
     if (untfile) {
-        untrusted = load_certs(untfile, FORMAT_PEM,
-                               NULL, e, "untrusted certificates");
-        if (!untrusted)
+        if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
+                        "untrusted certificates"))
             goto end;
     }
 
     if (trustfile) {
-        trusted = load_certs(trustfile, FORMAT_PEM,
-                             NULL, e, "trusted certificates");
-        if (!trusted)
+        if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
+                        "trusted certificates"))
             goto end;
     }
 
     if (crlfile) {
-        crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
-        if (!crls)
+        if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
             goto end;
     }