Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

apps/lib/apps.c: fix load_certs_multifile() and load_certstore() w.r.t. password source vs. actual password

Browse Source 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28477)
This commit is contained in:
Dr. David von Oheimb
2025-04-14 21:00:35 +02:00
parent 48d4c8fb8b
commit 2f949642a1
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/include/apps.h
View File

@@ -145,11 +145,10 @@ char *process_additional_mac_key_arguments(const char *arg);
char *get_str_from_file(const char *filename);
int load_cert_certs(const char *uri,
X509 **pcert, STACK_OF(X509) **pcerts,
int exclude_http, const char *pass, const char *desc,
X509_VERIFY_PARAM *vpm);
STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
int exclude_http, const char *pass, const char *desc, X509_VERIFY_PARAM *vpm);
STACK_OF(X509) *load_certs_multifile(char *files, const char *source,
const char *desc, X509_VERIFY_PARAM *vpm);
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
X509_STORE *load_certstore(char *input, const char *source, const char *desc,
X509_VERIFY_PARAM *vpm);
int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
const char *pass, const char *desc);

16
apps/lib/apps.c
View File

@@ -729,9 +729,10 @@ int load_cert_certs(const char *uri,
return ret;
}
STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
STACK_OF(X509) *load_certs_multifile(char *files, const char *source,
const char *desc, X509_VERIFY_PARAM *vpm)
{
char *pass = get_passwd(source, desc);
STACK_OF(X509) *certs = NULL;
STACK_OF(X509) *result = sk_X509_new_null();
@@ -752,11 +753,13 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
certs = NULL;
files = next;
}
clear_free(pass);
return result;
oom:
BIO_printf(bio_err, "out of memory\n");
err:
clear_free(pass);
OSSL_STACK_OF_X509_free(certs);
OSSL_STACK_OF_X509_free(result);
return NULL;
@@ -784,9 +787,10 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */,
* Create cert store structure with certificates read from given file(s).
* Returns pointer to created X509_STORE on success, NULL on error.
*/
X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
X509_STORE *load_certstore(char *input, const char *source, const char *desc,
X509_VERIFY_PARAM *vpm)
{
char *pass = get_passwd(source, desc);
X509_STORE *store = NULL;
STACK_OF(X509) *certs = NULL;
@@ -796,15 +800,19 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
if (!load_cert_certs(input, NULL, &certs, 1, pass, desc, vpm)) {
X509_STORE_free(store);
return NULL;
store = NULL;
goto end;
}
ok = (store = sk_X509_to_store(store, certs)) != NULL;
OSSL_STACK_OF_X509_free(certs);
certs = NULL;
if (!ok)
return NULL;
goto end;
input = next;
}
end:
clear_free(pass);
return store;
}