diff options
author | Matt Caswell <matt@openssl.org> | 2021-02-11 16:32:58 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-18 16:05:22 +0000 |
commit | 3a2171f6aa0f72ca95210fa80d92214315d1e744 (patch) | |
tree | 4ae71886b5070ef219b147da1492b8ddbc1f40fa /apps | |
parent | 3262300a2c2351c6706f37b89fef015430988a31 (diff) |
Don't forget the type of thing we are loading
The apps helper function load_key_certs_crls() is a general purpose
function for loading different types of objects from a given URI. It
sets up an OSSL_STORE and calls OSSL_STORE_expect() so that the store
knows what type of thing to expect to load. Unfortunately this wasn't
working and was always setting "expect" to 0 - which means "anything".
Fixes #13709
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14191)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/lib/apps.c | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/apps/lib/apps.c b/apps/lib/apps.c index f53f1b2003..7c1015737d 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -730,11 +730,11 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, return 0; } - if (pcerts != NULL && *pcerts == NULL - && (*pcerts = sk_X509_new_null()) == NULL) { - BIO_printf(bio_err, "Out of memory loading"); - goto end; - } else { + if (pcerts != NULL) { + if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) { + BIO_printf(bio_err, "Out of memory loading"); + goto end; + } cnt_expectations++; expect = OSSL_STORE_INFO_CERT; } @@ -743,11 +743,11 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, cnt_expectations++; expect = OSSL_STORE_INFO_CRL; } - if (pcrls != NULL && *pcrls == NULL - && (*pcrls = sk_X509_CRL_new_null()) == NULL) { - BIO_printf(bio_err, "Out of memory loading"); - goto end; - } else { + if (pcrls != NULL) { + if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) { + BIO_printf(bio_err, "Out of memory loading"); + goto end; + } cnt_expectations++; expect = OSSL_STORE_INFO_CRL; } @@ -787,8 +787,21 @@ int load_key_certs_crls(const char *uri, int maybe_stdin, OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); int type, ok = 1; - if (info == NULL) - break; + /* + * This can happen (for example) if we attempt to load a file with + * multiple different types of things in it - but the thing we just + * tried to load wasn't one of the ones we wanted, e.g. if we're trying + * to load a certificate but the file has both the private key and the + * certificate in it. We just retry until eof. + */ + if (info == NULL) { + if (OSSL_STORE_error(ctx)) { + ERR_print_errors(bio_err); + ERR_clear_error(); + } + continue; + } + type = OSSL_STORE_INFO_get_type(info); switch (type) { case OSSL_STORE_INFO_PKEY: |