diff --git a/apps/apps.c b/apps/apps.c index bb47039ce091c3597d5a70927b8d7fb730cb13e0..9b55f820e163acb573fdb58dae5edce3bd309a1d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format, BIO_free(bio); - if (pcerts) { + if (pcerts && *pcerts == NULL) { *pcerts = sk_X509_new_null(); if (!*pcerts) goto end; } - if (pcrls) { + if (pcrls && *pcrls == NULL) { *pcrls = sk_X509_CRL_new_null(); if (!*pcrls) goto end; @@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what) return vp; } - - -STACK_OF(X509) *load_certs(const char *file, int format, - const char *pass, ENGINE *e, const char *desc) +/* + * Initialize or extend, if *certs != NULL, a certificate stack. + */ +int load_certs(const char *file, STACK_OF(X509) **certs, int format, + const char *pass, ENGINE *e, const char *desc) { - STACK_OF(X509) *certs; - if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL)) - return NULL; - return certs; + return load_certs_crls(file, format, pass, e, desc, certs, NULL); } -STACK_OF(X509_CRL) *load_crls(const char *file, int format, - const char *pass, ENGINE *e, const char *desc) +/* + * Initialize or extend, if *crls != NULL, a certificate stack. + */ +int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, + const char *pass, ENGINE *e, const char *desc) { - STACK_OF(X509_CRL) *crls; - if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls)) - return NULL; - return crls; + return load_certs_crls(file, format, pass, e, desc, NULL, crls); } #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) diff --git a/apps/apps.h b/apps/apps.h index e549e3ff94b71b65e226b8234d3416932b49c8e3..e402f3c9ac16dcc48a46f2dd93a79c770c894b07 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); -STACK_OF(X509) *load_certs(const char *file, int format, - const char *pass, ENGINE *e, - const char *cert_descrip); -STACK_OF(X509_CRL) *load_crls(const char *file, int format, - const char *pass, ENGINE *e, - const char *cert_descrip); +int load_certs(const char *file, STACK_OF(X509) **certs, int format, + const char *pass, ENGINE *e, const char *cert_descrip); +int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, + const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath); int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, diff --git a/apps/cms.c b/apps/cms.c index 8cf99de516aa87cf4d95c66a4982b0a97920f2cf..bcfcd5446a5b78650a8ebd5aabfad6650d40242c 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -735,8 +735,8 @@ int cms_main(int argc, char **argv) } if (certfile) { - if ((other = load_certs(certfile, FORMAT_PEM, NULL, e, - "certificate file")) == NULL) { + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + "certificate file")) { ERR_print_errors(bio_err); goto end; } diff --git a/apps/ocsp.c b/apps/ocsp.c index 0c41c4d5de5fdf04a50f117c95dd858410f5f3d3..d2e3109630424be9843a825cd49fe7303ee3b7dc 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv) rca_cert = load_cert(rca_filename, FORMAT_PEM, NULL, NULL, "CA certificate"); if (rcertfile) { - rother = load_certs(rcertfile, FORMAT_PEM, - NULL, NULL, "responder other certificates"); - if (!rother) + if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL, + "responder other certificates")) goto end; } rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL, @@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv) goto end; } if (sign_certfile) { - sign_other = load_certs(sign_certfile, FORMAT_PEM, - NULL, NULL, "signer certificates"); - if (!sign_other) + if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL, + "signer certificates")) goto end; } key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL, @@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv) if (vpmtouched) X509_STORE_set1_param(store, vpm); if (verify_certfile) { - verify_other = load_certs(verify_certfile, FORMAT_PEM, - NULL, NULL, "validator certificate"); - if (!verify_other) + if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL, + "validator certificate")) goto end; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 33a58df524025a43a2869317de4254a89a790e22..2ede38491bdc64d92f6552aa3a7723932c70f66d 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv) /* Load in all certs in input file */ if (!(options & NOCERTS)) { - certs = load_certs(infile, FORMAT_PEM, NULL, e, - "certificates"); - if (!certs) + if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e, + "certificates")) goto export_end; if (key) { @@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv) /* Add any more certificates asked for */ if (certfile) { - STACK_OF(X509) *morecerts = NULL; - if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e, - "certificates from certfile")) == NULL) + if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e, + "certificates from certfile")) goto export_end; - while (sk_X509_num(morecerts) > 0) - sk_X509_push(certs, sk_X509_shift(morecerts)); - sk_X509_free(morecerts); } /* If chaining get chain from user cert */ diff --git a/apps/s_cb.c b/apps/s_cb.c index c72e4c2314504fa1ae91dde4ef020846ce1a942c..55d2c39e8ba4695a549b1bc365d947e66c280e9a 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc) if (!exc->key) return 0; if (exc->chainfile) { - exc->chain = load_certs(exc->chainfile, FORMAT_PEM, - NULL, NULL, "Server Chain"); - if (!exc->chain) + if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, + NULL, "Server Chain")) return 0; } } diff --git a/apps/s_client.c b/apps/s_client.c index 4dea7c460ad66f5b82bc7f22b537d2a29314cc3b..717d7c146b687d6c4fcc2c100146f1ad633d3817 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv) } if (chain_file) { - chain = load_certs(chain_file, FORMAT_PEM, - NULL, e, "client certificate chain"); - if (!chain) + if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e, + "client certificate chain")) goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index 93f608319bd6cb47ff9ef6e28fdde13de692f6c8..9d9cb241be6e942a8b9d4780858676b70e764b74 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[]) goto end; } if (s_chain_file) { - s_chain = load_certs(s_chain_file, FORMAT_PEM, - NULL, e, "server certificate chain"); - if (!s_chain) + if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e, + "server certificate chain")) goto end; } @@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[]) goto end; } if (s_dchain_file) { - s_dchain = load_certs(s_dchain_file, FORMAT_PEM, - NULL, e, "second server certificate chain"); - if (!s_dchain) + if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e, + "second server certificate chain")) goto end; } diff --git a/apps/smime.c b/apps/smime.c index 551a8fd44d6e12b43bab764f99a5778acecb5dc9..024e83b1d2200390d4a63792a0adeccaa51fef9e 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -468,8 +468,8 @@ int smime_main(int argc, char **argv) } if (certfile) { - if ((other = load_certs(certfile, FORMAT_PEM, NULL, - e, "certificate file")) == NULL) { + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + "certificate file")) { ERR_print_errors(bio_err); goto end; } diff --git a/apps/verify.c b/apps/verify.c index 16b25c9ef0bbdbe983c35cd912368f1604d8c136..183579c06d0872df79477958b80e15417bcccf60 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -208,22 +208,19 @@ int verify_main(int argc, char **argv) ERR_clear_error(); if (untfile) { - untrusted = load_certs(untfile, FORMAT_PEM, - NULL, e, "untrusted certificates"); - if (!untrusted) + if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e, + "untrusted certificates")) goto end; } if (trustfile) { - trusted = load_certs(trustfile, FORMAT_PEM, - NULL, e, "trusted certificates"); - if (!trusted) + if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e, + "trusted certificates")) goto end; } if (crlfile) { - crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs"); - if (!crls) + if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs")) goto end; }