From: Dr. David von Oheimb Date: Mon, 14 Apr 2025 19:00:35 +0000 (+0200) Subject: apps/lib/apps.c: fix load_certs_multifile() and load_certstore() w.r.t. password... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f949642a11098a46cc47a8df5911d2d90433209;p=thirdparty%2Fopenssl.git apps/lib/apps.c: fix load_certs_multifile() and load_certstore() w.r.t. password source vs. actual password Reviewed-by: Dmitry Belyavskiy Reviewed-by: Norbert Pocs Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/28477) --- diff --git a/apps/include/apps.h b/apps/include/apps.h index 74fca51a2cc..504d80c2505 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -145,11 +145,10 @@ char *process_additional_mac_key_arguments(const char *arg); char *get_str_from_file(const char *filename); int load_cert_certs(const char *uri, X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm); -STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, + int exclude_http, const char *pass, const char *desc, X509_VERIFY_PARAM *vpm); +STACK_OF(X509) *load_certs_multifile(char *files, const char *source, const char *desc, X509_VERIFY_PARAM *vpm); -X509_STORE *load_certstore(char *input, const char *pass, const char *desc, +X509_STORE *load_certstore(char *input, const char *source, const char *desc, X509_VERIFY_PARAM *vpm); int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, const char *pass, const char *desc); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index e57ac3398ee..85c9ce524fa 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -729,9 +729,10 @@ int load_cert_certs(const char *uri, return ret; } -STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, +STACK_OF(X509) *load_certs_multifile(char *files, const char *source, const char *desc, X509_VERIFY_PARAM *vpm) { + char *pass = get_passwd(source, desc); STACK_OF(X509) *certs = NULL; STACK_OF(X509) *result = sk_X509_new_null(); @@ -752,11 +753,13 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, certs = NULL; files = next; } + clear_free(pass); return result; oom: BIO_printf(bio_err, "out of memory\n"); err: + clear_free(pass); OSSL_STACK_OF_X509_free(certs); OSSL_STACK_OF_X509_free(result); return NULL; @@ -784,9 +787,10 @@ static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, * Create cert store structure with certificates read from given file(s). * Returns pointer to created X509_STORE on success, NULL on error. */ -X509_STORE *load_certstore(char *input, const char *pass, const char *desc, +X509_STORE *load_certstore(char *input, const char *source, const char *desc, X509_VERIFY_PARAM *vpm) { + char *pass = get_passwd(source, desc); X509_STORE *store = NULL; STACK_OF(X509) *certs = NULL; @@ -796,15 +800,19 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc, if (!load_cert_certs(input, NULL, &certs, 1, pass, desc, vpm)) { X509_STORE_free(store); - return NULL; + store = NULL; + goto end; } ok = (store = sk_X509_to_store(store, certs)) != NULL; OSSL_STACK_OF_X509_free(certs); certs = NULL; if (!ok) - return NULL; + goto end; input = next; } + +end: + clear_free(pass); return store; }