Refactor apps load_certs/load_crls to work incrementally

Reviewed-by: N Richard Levitte <levitte@openssl.org>

Refactor apps load_certs/load_crls to work incrementally
Reviewed-by: N Richard Levitte <levitte@openssl.org>
0996dc54 · Viktor Dukhovni · 6e8beabc · 0996dc54 · 0996dc54 · 0996dc54
10 changed file
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,

    BIO_free(bio);

-    if (pcerts) {
+    if (pcerts && *pcerts == NULL) {
        *pcerts = sk_X509_new_null();
        if (!*pcerts)
            goto end;
    }

-    if (pcrls) {
+    if (pcrls && *pcrls == NULL) {
        *pcrls = sk_X509_CRL_new_null();
        if (!*pcrls)
            goto end;
@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
    return vp;
 }

-
-
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *certs != NULL,  a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509) *certs;
-    if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
-        return NULL;
-    return certs;
+    return load_certs_crls(file, format, pass, e, desc, certs, NULL);
 }

-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *crls != NULL,  a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *desc)
 {
-    STACK_OF(X509_CRL) *crls;
-    if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
-        return NULL;
-    return crls;
+    return load_certs_crls(file, format, pass, e, desc, NULL, crls);
 }

 #define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)

--- a/apps/apps.h
+++ b/apps/apps.h
@@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
                   const char *pass, ENGINE *e, const char *key_descrip);
 EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
                      const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, ENGINE *e, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(char *CAfile, char *CApath,
                         int noCAfile, int noCApath);
 int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,

--- a/apps/cms.c
+++ b/apps/cms.c
@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
    }

    if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
            ERR_print_errors(bio_err);
            goto end;
        }

--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
        rca_cert = load_cert(rca_filename, FORMAT_PEM,
                             NULL, NULL, "CA certificate");
        if (rcertfile) {
-            rother = load_certs(rcertfile, FORMAT_PEM,
-                                NULL, NULL, "responder other certificates");
-            if (!rother)
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+                            "responder other certificates"))
                goto end;
        }
        rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
            goto end;
        }
        if (sign_certfile) {
-            sign_other = load_certs(sign_certfile, FORMAT_PEM,
-                                    NULL, NULL, "signer certificates");
-            if (!sign_other)
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+                            "signer certificates"))
                goto end;
        }
        key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
    if (vpmtouched)
        X509_STORE_set1_param(store, vpm);
    if (verify_certfile) {
-        verify_other = load_certs(verify_certfile, FORMAT_PEM,
-                                  NULL, NULL, "validator certificate");
-        if (!verify_other)
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+                        "validator certificate"))
            goto end;
    }


--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)

        /* Load in all certs in input file */
        if (!(options & NOCERTS)) {
-            certs = load_certs(infile, FORMAT_PEM, NULL, e,
-                               "certificates");
-            if (!certs)
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates"))
                goto export_end;

            if (key) {
@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)

        /* Add any more certificates asked for */
        if (certfile) {
-            STACK_OF(X509) *morecerts = NULL;
-            if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
-                                        "certificates from certfile")) == NULL)
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+                            "certificates from certfile"))
                goto export_end;
-            while (sk_X509_num(morecerts) > 0)
-                sk_X509_push(certs, sk_X509_shift(morecerts));
-            sk_X509_free(morecerts);
        }

        /* If chaining get chain from user cert */

--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc)
        if (!exc->key)
            return 0;
        if (exc->chainfile) {
-            exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
-                                    NULL, NULL, "Server Chain");
-            if (!exc->chain)
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            NULL, "Server Chain"))
                return 0;
        }
    }

--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv)
    }

    if (chain_file) {
-        chain = load_certs(chain_file, FORMAT_PEM,
-                           NULL, e, "client certificate chain");
-        if (!chain)
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+                        "client certificate chain"))
            goto end;
    }


--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[])
            goto end;
        }
        if (s_chain_file) {
-            s_chain = load_certs(s_chain_file, FORMAT_PEM,
-                                 NULL, e, "server certificate chain");
-            if (!s_chain)
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+                            "server certificate chain"))
                goto end;
        }

@@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[])
            goto end;
        }
        if (s_dchain_file) {
-            s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
-                                  NULL, e, "second server certificate chain");
-            if (!s_dchain)
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+                            "second server certificate chain"))
                goto end;
        }


--- a/apps/smime.c
+++ b/apps/smime.c
@@ -468,8 +468,8 @@ int smime_main(int argc, char **argv)
    }

    if (certfile) {
-        if ((other = load_certs(certfile, FORMAT_PEM, NULL,
-                                 e, "certificate file")) == NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+                        "certificate file")) {
            ERR_print_errors(bio_err);
            goto end;
        }

--- a/apps/verify.c
+++ b/apps/verify.c
@@ -208,22 +208,19 @@ int verify_main(int argc, char **argv)
    ERR_clear_error();

    if (untfile) {
-        untrusted = load_certs(untfile, FORMAT_PEM,
-                               NULL, e, "untrusted certificates");
-        if (!untrusted)
+        if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
+                        "untrusted certificates"))
            goto end;
    }

    if (trustfile) {
-        trusted = load_certs(trustfile, FORMAT_PEM,
-                             NULL, e, "trusted certificates");
-        if (!trusted)
+        if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
+                        "trusted certificates"))
            goto end;
    }

    if (crlfile) {
-        crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
-        if (!crls)
+        if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
            goto end;
    }