Skip to content

Commit

Permalink
APPS/load_key_certs_crls(): refactor to clean up the code a little an…
Browse files Browse the repository at this point in the history
…d add clarifying comments
  • Loading branch information
DDvO committed Oct 27, 2023
1 parent 91895e3 commit 9fedb4e
Showing 1 changed file with 21 additions and 9 deletions.
30 changes: 21 additions & 9 deletions apps/lib/apps.c
Original file line number Diff line number Diff line change
Expand Up @@ -899,22 +899,25 @@ static const char *format2string(int format)
return NULL;
}

/* Set type expectation, but clear it if objects of different types expected. */
/* Set type expectation, but set to 0 if objects of several types expected. */
#define SET_EXPECT(val) \
(expect = expect < 0 ? (val) : (expect == (val) ? (val) : 0))
#define SET_EXPECT1(pvar, val) \
if ((pvar) != NULL) { \
*(pvar) = NULL; \
SET_EXPECT(val); \
}
/* Provide (error msg) text for some of the credential types to be loaded. */
#define FAIL_NAME \
(ppkey != NULL ? "private key" : ppubkey != NULL ? "public key" : \
pparams != NULL ? "key parameters" : \
pcert != NULL ? "certificate" : pcerts != NULL ? "certificates" : \
pcrl != NULL ? "CRL" : pcrls != NULL ? "CRLs" : NULL)
/*
* Load those types of credentials for which the result pointer is not NULL.
* Reads from stdio if uri is NULL and maybe_stdin is nonzero.
* Reads from stdio if 'uri' is NULL and 'maybe_stdin' is nonzero.
* 'format' parameter may be FORMAT_PEM, FORMAT_ASN1, or 0 for no hint.
* desc may contain more detail on the credential(s) to be loaded for error msg
* For non-NULL ppkey, pcert, and pcrl the first suitable value found is loaded.
* If pcerts is non-NULL and *pcerts == NULL then a new cert list is allocated.
* If pcerts is non-NULL then all available certificates are appended to *pcerts
Expand Down Expand Up @@ -942,13 +945,14 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
OSSL_PARAM itp[2];
const OSSL_PARAM *params = NULL;

/* 'failed' describes type of credential to load for potential error msg */
if (failed == NULL) {
if (!quiet)
BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
BIO_printf(bio_err, "Internal error: nothing was requested to load from %s\n",
uri != NULL ? uri : "<stdin>");
return 0;
}
ERR_set_mark();
ERR_set_mark(); /* suppress (most) low-level errors during loading */

SET_EXPECT1(ppkey, OSSL_STORE_INFO_PKEY);
SET_EXPECT1(ppubkey, OSSL_STORE_INFO_PUBKEY);
Expand Down Expand Up @@ -1005,10 +1009,13 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
}
if (ctx == NULL)
goto end;
/* expect == 0 means here multiple types of credentials are to be loaded */
if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
goto end;

failed = NULL;
/* from here, failed != NULL only if actually an error has been detected */

while ((ppkey != NULL || ppubkey != NULL || pparams != NULL
|| pcert != NULL || pcerts != NULL || pcrl != NULL || pcrls != NULL)
&& !OSSL_STORE_eof(ctx)) {
Expand Down Expand Up @@ -1078,7 +1085,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
ncrls += ok;
break;
default:
/* skip any other type */
/* skip any other type; ok stays == 1 */
break;
}
OSSL_STORE_INFO_free(info);
Expand All @@ -1092,20 +1099,24 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,

end:
OSSL_STORE_close(ctx);
if (ncerts > 0)
pcerts = NULL;
if (ncrls > 0)
pcrls = NULL;

/* see if any of the requested types of credentials was not found */
if (failed == NULL) {
if (ncerts > 0)
pcerts = NULL;
if (ncrls > 0)
pcrls = NULL;
failed = FAIL_NAME;
if (failed != NULL && !quiet)
BIO_printf(bio_err, "Could not find");
} else if (!quiet) {
BIO_printf(bio_err, "Could not read");
}

if (failed != NULL && !quiet) {
unsigned long err = ERR_peek_last_error();

/* contine the error message with the type of the credential affected */
if (desc != NULL && strstr(desc, failed) != NULL) {
BIO_printf(bio_err, " %s", desc);
} else {
Expand Down Expand Up @@ -3444,6 +3455,7 @@ int opt_legacy_okay(void)
{
int provider_options = opt_provider_option_given();
int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;

/*
* Having a provider option specified or a custom library context or
* property query, is a sure sign we're not using legacy.
Expand Down

0 comments on commit 9fedb4e

Please sign in to comment.