diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index e89f58b2000ac..6e68d7a1114ae 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -409,6 +409,11 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) error_code = SRP_ERR_OPEN_FILE; + if (verifier_file == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (in == NULL || BIO_read_filename(in, verifier_file) <= 0) goto err; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index cd5b75d3a94f5..ad70cca30a9da 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -91,6 +91,11 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, int count = 0; X509 *x = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { @@ -168,6 +173,11 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) int count = 0; X509_CRL *x = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod index b60a9d8f7ac4f..5dcd4bbbcaeda 100644 --- a/doc/man3/BIO_s_file.pod +++ b/doc/man3/BIO_s_file.pod @@ -95,7 +95,8 @@ BIO_seek() returns 0 for success or negative values for failure. BIO_tell() returns the current file position or negative values for failure. BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and -BIO_rw_filename() return 1 for success or <=0 for failure. +BIO_rw_filename() return 1 for success or <=0 for failure. An error is also +returned if the file does not exist. =head1 EXAMPLES diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 021a1a143eb93..5e3245198fe24 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -748,6 +748,10 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); OSSL_LIB_CTX *prev_libctx = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } if (name_hash == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); goto err; @@ -874,6 +878,11 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, int num = 0; LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp); + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (name_hash == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); goto err; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c245c24080f36..dee9d7baf0c49 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -53,10 +53,15 @@ int SSL_use_certificate(SSL *ssl, X509 *x) int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { int j; - BIO *in; + BIO *in = NULL; int ret = 0; X509 *cert = NULL, *x = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); @@ -163,9 +168,14 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) { int j, ret = 0; - BIO *in; + BIO *in = NULL; EVP_PKEY *pkey = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); @@ -296,10 +306,15 @@ static int ssl_set_cert(CERT *c, X509 *x, SSL_CTX *ctx) int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { int j = SSL_R_BAD_VALUE; - BIO *in; + BIO *in = NULL; int ret = 0; X509 *x = NULL, *cert = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); @@ -373,9 +388,14 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j, ret = 0; - BIO *in; + BIO *in = NULL; EVP_PKEY *pkey = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); @@ -436,7 +456,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, */ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) { - BIO *in; + BIO *in = NULL; int ret = 0; X509 *x = NULL; pem_password_cb *passwd_callback; @@ -462,6 +482,11 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) passwd_callback_userdata = sc->default_passwd_callback_userdata; } + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); diff --git a/ssl/ssl_rsa_legacy.c b/ssl/ssl_rsa_legacy.c index 49cd7a3bbaa5a..de63c5b47a789 100644 --- a/ssl/ssl_rsa_legacy.c +++ b/ssl/ssl_rsa_legacy.c @@ -43,9 +43,14 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { int j, ret = 0; - BIO *in; + BIO *in = NULL; RSA *rsa = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); @@ -125,9 +130,14 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j, ret = 0; - BIO *in; + BIO *in = NULL; RSA *rsa = NULL; + if (file == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);