diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-12-13 17:47:23 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-01-16 08:32:52 +0100 |
commit | 60c3d732b7b634290e4ec5d7ca6fb9b0a37592bf (patch) | |
tree | 8bd63a7004bbe4fe0798a3cca0e275105e9f2267 /apps/cmp.c | |
parent | 30667f5c306dbc11ac0e6fddc7d26fd984d546ab (diff) | |
download | openssl-new-60c3d732b7b634290e4ec5d7ca6fb9b0a37592bf.tar.gz |
CMP app: fix file output of certs and cert lists on non-existing cert(s)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)
Diffstat (limited to 'apps/cmp.c')
-rw-r--r-- | apps/cmp.c | 55 |
1 files changed, 26 insertions, 29 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index bc446a4654..e44d32fd7f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1989,7 +1989,7 @@ static int write_cert(BIO *bio, X509 *cert) * where DER does not make much sense for writing more than one cert! * Returns number of written certificates on success, -1 on error. */ -static int save_free_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs, +static int save_free_certs(STACK_OF(X509) *certs, const char *file, const char *desc) { BIO *bio = NULL; @@ -2028,24 +2028,28 @@ static int save_free_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs, return n; } -static int delete_certfile(const char *file, const char *desc) +static int delete_file(const char *file, const char *desc) { if (file == NULL) return 1; if (unlink(file) != 0 && errno != ENOENT) { - CMP_err2("Failed to delete %s, which should be done to indicate there is no %s cert", + CMP_err2("Failed to delete %s, which should be done to indicate there is no %s", file, desc); return 0; } return 1; } -static int save_cert(OSSL_CMP_CTX *ctx, X509 *cert, - const char *file, const char *desc) +static int save_cert_or_delete(X509 *cert, const char *file, const char *desc) { - if (file == NULL || cert == NULL) { + if (file == NULL) return 1; + if (cert == NULL) { + char desc_cert[80]; + + snprintf(desc_cert, sizeof(desc_cert), "%s certificate", desc); + return delete_file(file, desc_cert); } else { STACK_OF(X509) *certs = sk_X509_new_null(); @@ -2053,7 +2057,7 @@ static int save_cert(OSSL_CMP_CTX *ctx, X509 *cert, sk_X509_free(certs); return 0; } - return save_free_certs(ctx, certs, file, desc) >= 0; + return save_free_certs(certs, file, desc) >= 0; } } @@ -2858,13 +2862,6 @@ int cmp_main(int argc, char **argv) goto err; ret = 0; - if (!delete_certfile(opt_srvcertout, "validated server") - || !delete_certfile(opt_certout, "enrolled") - || save_free_certs(NULL, NULL, opt_extracertsout, "extra") < 0 - || save_free_certs(NULL, NULL, opt_cacertsout, "CA") < 0 - || save_free_certs(NULL, NULL, opt_chainout, "chain") < 0) - goto err; - if (!app_RAND_load()) goto err; @@ -3011,28 +3008,28 @@ int cmp_main(int argc, char **argv) default: break; } - if (OSSL_CMP_CTX_get_status(cmp_ctx) < OSSL_CMP_PKISTATUS_accepted) + if (OSSL_CMP_CTX_get_status(cmp_ctx) < OSSL_CMP_PKISTATUS_accepted) { + ret = 0; goto err; /* we got no response, maybe even did not send request */ - + } print_status(); - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), - opt_extracertsout, "extra") < 0) + if (!save_cert_or_delete(OSSL_CMP_CTX_get0_validatedSrvCert(cmp_ctx), + opt_srvcertout, "validated server")) ret = 0; if (!ret) goto err; ret = 0; - if (!save_cert(cmp_ctx, OSSL_CMP_CTX_get0_validatedSrvCert(cmp_ctx), - opt_srvcertout, "validated server")) - goto err; - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), - opt_cacertsout, "CA") < 0) - goto err; - if (!save_cert(cmp_ctx, newcert, opt_certout, "enrolled")) - goto err; - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_newChain(cmp_ctx), - opt_chainout, "chain") < 0) + if (save_free_certs(OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), + opt_extracertsout, "extra") < 0) goto err; - + if (newcert != NULL && (opt_cmd == CMP_IR || opt_cmd == CMP_CR + || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR)) + if (!save_cert_or_delete(newcert, opt_certout, "newly enrolled") + || save_free_certs(OSSL_CMP_CTX_get1_newChain(cmp_ctx), + opt_chainout, "chain") < 0 + || save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx), + opt_cacertsout, "CA") < 0) + goto err; if (!OSSL_CMP_CTX_reinit(cmp_ctx)) goto err; } |