From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Sat, 16 Jan 2016 05:08:38 +0000 (-0500)
Subject: Refactor apps load_certs/load_crls to work incrementally
X-Git-Tag: OpenSSL_1_1_0-pre3~470
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=0996dc5440cc233f029129182bbb6e3d4613045a

Refactor apps load_certs/load_crls to work incrementally

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/apps/apps.c b/apps/apps.c
index bb47039ce0..9b55f820e1 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,
 
     BIO_free(bio);
 
-    if (pcerts) {
+    if (pcerts && *pcerts == NULL) {
         *pcerts = sk_X509_new_null();
         if (!*pcerts)
             goto end;
     }
 
-    if (pcrls) {
+    if (pcrls && *pcrls == NULL) {
         *pcrls = sk_X509_CRL_new_null();
         if (!*pcrls)
             goto end;
@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
     return vp;
 }
 
-
-
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *certs != NULL,  a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509) *certs;
-    if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
-        return NULL;
-    return certs;
+    return load_certs_crls(file, format, pass, e, desc, certs, NULL);
 }
 
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *crls != NULL,  a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509_CRL) *crls;
-    if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
-        return NULL;
-    return crls;
+    return load_certs_crls(file, format, pass, e, desc, NULL, crls);
 }
 
 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
diff --git a/apps/apps.h b/apps/apps.h
index e549e3ff94..e402f3c9ac 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
                    const char *pass, ENGINE *e, const char *key_descrip);
 EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
                       const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(char *CAfile, char *CApath,
                          int noCAfile, int noCApath);
 int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
diff --git a/apps/cms.c b/apps/cms.c
index 8cf99de516..bcfcd5446a 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
     }
 
     if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
             ERR_print_errors(bio_err);
             goto end;
         }
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 0c41c4d5de..d2e3109630 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
         rca_cert = load_cert(rca_filename, FORMAT_PEM,
                              NULL, NULL, "CA certificate");
         if (rcertfile) {
-            rother = load_certs(rcertfile, FORMAT_PEM,
-                                NULL, NULL, "responder other certificates");
-            if (!rother)
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+                            "responder other certificates"))
                 goto end;
         }
         rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
             goto end;
         }
         if (sign_certfile) {
-            sign_other = load_certs(sign_certfile, FORMAT_PEM,
-                                    NULL, NULL, "signer certificates");
-            if (!sign_other)
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+                            "signer certificates"))
                 goto end;
         }
         key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
     if (vpmtouched)
         X509_STORE_set1_param(store, vpm);
     if (verify_certfile) {
-        verify_other = load_certs(verify_certfile, FORMAT_PEM,
-                                  NULL, NULL, "validator certificate");
-        if (!verify_other)
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+                        "validator certificate"))
             goto end;
     }
 
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 33a58df524..2ede38491b 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)
 
         /* Load in all certs in input file */
         if (!(options & NOCERTS)) {
-            certs = load_certs(infile, FORMAT_PEM, NULL, e,
-                               "certificates");
-            if (!certs)
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates"))
                 goto export_end;
 
             if (key) {
@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)
 
         /* Add any more certificates asked for */
         if (certfile) {
-            STACK_OF(X509) *morecerts = NULL;
-            if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                        "certificates from certfile")) == NULL)
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates from certfile"))
                 goto export_end;
-            while (sk_X509_num(morecerts) > 0)
-                sk_X509_push(certs, sk_X509_shift(morecerts));
-            sk_X509_free(morecerts);
         }
 
         /* If chaining get chain from user cert */
diff --git a/apps/s_cb.c b/apps/s_cb.c
index c72e4c2314..55d2c39e8b 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc)
         if (!exc->key)
             return 0;
         if (exc->chainfile) {
-            exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
-                                    NULL, NULL, "Server Chain");
-            if (!exc->chain)
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            NULL, "Server Chain"))
                 return 0;
         }
     }
diff --git a/apps/s_client.c b/apps/s_client.c
index 4dea7c460a..717d7c146b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv)
     }
 
     if (chain_file) {
-        chain = load_certs(chain_file, FORMAT_PEM,
-                           NULL, e, "client certificate chain");
-        if (!chain)
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+                        "client certificate chain"))
             goto end;
     }
 
diff --git a/apps/s_server.c b/apps/s_server.c
index 93f608319b..9d9cb241be 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
         if (s_chain_file) {
-            s_chain = load_certs(s_chain_file, FORMAT_PEM,
-                                 NULL, e, "server certificate chain");
-            if (!s_chain)
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+                            "server certificate chain"))
                 goto end;
         }
 
@@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
         if (s_dchain_file) {
-            s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
-                                  NULL, e, "second server certificate chain");
-            if (!s_dchain)
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+                            "second server certificate chain"))
                 goto end;
         }
 
diff --git a/apps/smime.c b/apps/smime.c
index 551a8fd44d..024e83b1d2 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -468,8 +468,8 @@ int smime_main(int argc, char **argv)
     }
 
     if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL,
-                                 e, "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
             ERR_print_errors(bio_err);
             goto end;
         }
diff --git a/apps/verify.c b/apps/verify.c
index 16b25c9ef0..183579c06d 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -208,22 +208,19 @@ int verify_main(int argc, char **argv)
     ERR_clear_error();
 
     if (untfile) {
-        untrusted = load_certs(untfile, FORMAT_PEM,
-                               NULL, e, "untrusted certificates");
-        if (!untrusted)
+        if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
+                        "untrusted certificates"))
             goto end;
     }
 
     if (trustfile) {
-        trusted = load_certs(trustfile, FORMAT_PEM,
-                             NULL, e, "trusted certificates");
-        if (!trusted)
+        if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
+                        "trusted certificates"))
             goto end;
     }
 
     if (crlfile) {
-        crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
-        if (!crls)
+        if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
             goto end;
     }