From: Richard Levitte <levitte@openssl.org>
Date: Thu, 10 Jul 2025 15:55:50 +0000 (+0200)
Subject: Fix OSSL_STORE to consider cached info in the EOF check.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5f4bbb03d07bd7bbc7a140ebed97f28c6501af;p=thirdparty%2Fopenssl.git

Fix OSSL_STORE to consider cached info in the EOF check.

OSSL_STORE_load() called OSSL_STORE_eof() before checking if there is
cached OSSL_STORE_INFO to consider.  To fix this issue, the cached info
check is moved to OSSL_STORE_eof(), as that seems to make most common
sense.

This solves an issue with PKCS#12 files, where the cached info was never
considered because the underlying file IO layer signaled that EOF is
reached.

Fixes #28010

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28016)

(cherry picked from commit 1f3af48c312a5f94612e9a822b78a3afdadc27c1)
---

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 505d606f4a9..ebf170c3e8f 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -428,12 +428,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
     if (ctx->loader != NULL)
         OSSL_TRACE(STORE, "Loading next object\n");
 
-    if (ctx->cached_info != NULL
-        && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
-        sk_OSSL_STORE_INFO_free(ctx->cached_info);
-        ctx->cached_info = NULL;
-    }
-
     if (ctx->cached_info != NULL) {
         v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
     } else {
@@ -556,14 +550,23 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 
 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 {
-    int ret = 1;
+    int ret = 0;
 
-    if (ctx->fetched_loader != NULL)
-        ret = ctx->loader->p_eof(ctx->loader_ctx);
+    if (ctx->cached_info != NULL
+        && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
+        sk_OSSL_STORE_INFO_free(ctx->cached_info);
+        ctx->cached_info = NULL;
+    }
+
+    if (ctx->cached_info == NULL) {
+        ret = 1;
+        if (ctx->fetched_loader != NULL)
+            ret = ctx->loader->p_eof(ctx->loader_ctx);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
-    if (ctx->fetched_loader == NULL)
-        ret = ctx->loader->eof(ctx->loader_ctx);
+        if (ctx->fetched_loader == NULL)
+            ret = ctx->loader->eof(ctx->loader_ctx);
 #endif
+    }
     return ret != 0;
 }