Refactor apps load_certs/load_crls to work incrementally (0996dc54) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/apps.c

+14 −16

Original line number	Diff line number	Diff line
		@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,

		BIO_free(bio);

		if (pcerts) {
		if (pcerts && *pcerts == NULL) {
		*pcerts = sk_X509_new_null();
		if (!*pcerts)
		goto end;
		}

		if (pcrls) {
		if (pcrls && *pcrls == NULL) {
		*pcrls = sk_X509_CRL_new_null();
		if (!*pcrls)
		goto end;
		@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
		return vp;
		}



		STACK_OF(X509) load_certs(const char file, int format,
		/*
		* Initialize or extend, if *certs != NULL, a certificate stack.
		*/
		int load_certs(const char file, STACK_OF(X509) *certs, int format,
		const char pass, ENGINE e, const char *desc)
		{
		STACK_OF(X509) *certs;
		if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
		return NULL;
		return certs;
		return load_certs_crls(file, format, pass, e, desc, certs, NULL);
		}

		STACK_OF(X509_CRL) load_crls(const char file, int format,
		/*
		* Initialize or extend, if *crls != NULL, a certificate stack.
		*/
		int load_crls(const char file, STACK_OF(X509_CRL) *crls, int format,
		const char pass, ENGINE e, const char *desc)
		{
		STACK_OF(X509_CRL) *crls;
		if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
		return NULL;
		return crls;
		return load_certs_crls(file, format, pass, e, desc, NULL, crls);
		}

		#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)

+4 −6

Original line number	Diff line number	Diff line
		@@ -443,12 +443,10 @@ EVP_PKEY load_key(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		EVP_PKEY load_pubkey(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		STACK_OF(X509) load_certs(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		STACK_OF(X509_CRL) load_crls(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		int load_certs(const char file, STACK_OF(X509) *certs, int format,
		const char pass, ENGINE e, const char *cert_descrip);
		int load_crls(const char file, STACK_OF(X509_CRL) *crls, int format,
		const char pass, ENGINE e, const char *cert_descrip);
		X509_STORE setup_verify(char CAfile, char *CApath,
		int noCAfile, int noCApath);
		int ctx_set_verify_locations(SSL_CTX ctx, const char CAfile,

+2 −2

Original line number	Diff line number	Diff line
		@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
		}

		if (certfile) {
		if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
		"certificate file")) == NULL) {
		if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
		"certificate file")) {
		ERR_print_errors(bio_err);
		goto end;
		}

+6 −9

Original line number	Diff line number	Diff line
		@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
		rca_cert = load_cert(rca_filename, FORMAT_PEM,
		NULL, NULL, "CA certificate");
		if (rcertfile) {
		rother = load_certs(rcertfile, FORMAT_PEM,
		NULL, NULL, "responder other certificates");
		if (!rother)
		if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
		"responder other certificates"))
		goto end;
		}
		rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
		@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
		goto end;
		}
		if (sign_certfile) {
		sign_other = load_certs(sign_certfile, FORMAT_PEM,
		NULL, NULL, "signer certificates");
		if (!sign_other)
		if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
		"signer certificates"))
		goto end;
		}
		key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
		@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
		if (vpmtouched)
		X509_STORE_set1_param(store, vpm);
		if (verify_certfile) {
		verify_other = load_certs(verify_certfile, FORMAT_PEM,
		NULL, NULL, "validator certificate");
		if (!verify_other)
		if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
		"validator certificate"))
		goto end;
		}

+4 −9

Original line number	Diff line number	Diff line
		@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)

		/* Load in all certs in input file */
		if (!(options & NOCERTS)) {
		certs = load_certs(infile, FORMAT_PEM, NULL, e,
		"certificates");
		if (!certs)
		if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
		"certificates"))
		goto export_end;

		if (key) {
		@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)

		/* Add any more certificates asked for */
		if (certfile) {
		STACK_OF(X509) *morecerts = NULL;
		if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
		"certificates from certfile")) == NULL)
		if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
		"certificates from certfile"))
		goto export_end;
		while (sk_X509_num(morecerts) > 0)
		sk_X509_push(certs, sk_X509_shift(morecerts));
		sk_X509_free(morecerts);
		}

		/* If chaining get chain from user cert */

Original line number	Diff line number	Diff line
		@@ -443,12 +443,10 @@ EVP_PKEY load_key(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		EVP_PKEY load_pubkey(const char file, int format, int maybe_stdin,
		const char pass, ENGINE e, const char *key_descrip);
		STACK_OF(X509) load_certs(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		STACK_OF(X509_CRL) load_crls(const char file, int format,
		const char pass, ENGINE e,
		const char *cert_descrip);
		int load_certs(const char file, STACK_OF(X509) *certs, int format,
		const char pass, ENGINE e, const char *cert_descrip);
		int load_crls(const char file, STACK_OF(X509_CRL) *crls, int format,
		const char pass, ENGINE e, const char *cert_descrip);
		X509_STORE setup_verify(char CAfile, char *CApath,
		int noCAfile, int noCApath);
		int ctx_set_verify_locations(SSL_CTX ctx, const char CAfile,