/src/boringssl/crypto/x509/by_file.cc

Source (jump to first uncovered line)
// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <stdlib.h>

#include <openssl/err.h>
#include <openssl/pem.h>

#include "internal.h"


static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
                        char **ret);
static const X509_LOOKUP_METHOD x509_file_lookup = {
    NULL,          // new
    NULL,          // free
    by_file_ctrl,  // ctrl
    NULL,          // get_by_subject
};

const X509_LOOKUP_METHOD *X509_LOOKUP_file(void) { return &x509_file_lookup; }

static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                        char **ret) {
  if (cmd != X509_L_FILE_LOAD) {
    return 0;
  }
  const char *file = argp;
  int type = argl;
  if (argl == X509_FILETYPE_DEFAULT) {
    if ((file = getenv(X509_get_default_cert_file_env())) == NULL) {
      file = X509_get_default_cert_file();
    }
    type = X509_FILETYPE_PEM;
  }
  if (X509_load_cert_crl_file(ctx, file, type) != 0) {
    return 1;
  }
  if (argl == X509_FILETYPE_DEFAULT) {
    OPENSSL_PUT_ERROR(X509, X509_R_LOADING_DEFAULTS);
  }
  return 0;
}

int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) {
  int ret = 0;
  BIO *in = NULL;
  int i, count = 0;
  X509 *x = NULL;

  in = BIO_new(BIO_s_file());

  if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
    OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
    goto err;
  }

  if (type == X509_FILETYPE_PEM) {
    for (;;) {
      x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
      if (x == NULL) {
        if (ERR_equals(ERR_peek_last_error(), ERR_LIB_PEM,
                       PEM_R_NO_START_LINE) &&
            count > 0) {
          ERR_clear_error();
          break;
        }
        OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
        goto err;
      }
      i = X509_STORE_add_cert(ctx->store_ctx, x);
      if (!i) {
        goto err;
      }
      count++;
      X509_free(x);
      x = NULL;
    }
    ret = count;
  } else if (type == X509_FILETYPE_ASN1) {
    x = d2i_X509_bio(in, NULL);
    if (x == NULL) {
      OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB);
      goto err;
    }
    i = X509_STORE_add_cert(ctx->store_ctx, x);
    if (!i) {
      goto err;
    }
    ret = i;
  } else {
    OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
    goto err;
  }

  if (ret == 0) {
    OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATE_FOUND);
  }

err:
  X509_free(x);
  BIO_free(in);
  return ret;
}

int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) {
  int ret = 0;
  BIO *in = NULL;
  int i, count = 0;
  X509_CRL *x = NULL;

  in = BIO_new(BIO_s_file());

  if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
    OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
    goto err;
  }

  if (type == X509_FILETYPE_PEM) {
    for (;;) {
      x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
      if (x == NULL) {
        if (ERR_equals(ERR_peek_last_error(), ERR_LIB_PEM,
                       PEM_R_NO_START_LINE) &&
            count > 0) {
          ERR_clear_error();
          break;
        }
        OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
        goto err;
      }
      i = X509_STORE_add_crl(ctx->store_ctx, x);
      if (!i) {
        goto err;
      }
      count++;
      X509_CRL_free(x);
      x = NULL;
    }
    ret = count;
  } else if (type == X509_FILETYPE_ASN1) {
    x = d2i_X509_CRL_bio(in, NULL);
    if (x == NULL) {
      OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB);
      goto err;
    }
    i = X509_STORE_add_crl(ctx->store_ctx, x);
    if (!i) {
      goto err;
    }
    ret = i;
  } else {
    OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
    goto err;
  }

  if (ret == 0) {
    OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_FOUND);
  }

err:
  X509_CRL_free(x);
  BIO_free(in);
  return ret;
}

int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) {
  STACK_OF(X509_INFO) *inf;
  X509_INFO *itmp;
  BIO *in;
  size_t i;
  int count = 0;

  if (type != X509_FILETYPE_PEM) {
    return X509_load_cert_file(ctx, file, type);
  }
  in = BIO_new_file(file, "rb");
  if (!in) {
    OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
    return 0;
  }
  inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
  BIO_free(in);
  if (!inf) {
    OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
    return 0;
  }
  for (i = 0; i < sk_X509_INFO_num(inf); i++) {
    itmp = sk_X509_INFO_value(inf, i);
    if (itmp->x509) {
      if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509)) {
        goto err;
      }
      count++;
    }
    if (itmp->crl) {
      if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl)) {
        goto err;
      }
      count++;
    }
  }

  if (count == 0) {
    OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
  }

err:
  sk_X509_INFO_pop_free(inf, X509_INFO_free);
  return count;
}

int X509_LOOKUP_load_file(X509_LOOKUP *lookup, const char *name, int type) {
  return X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, name, type, NULL);
}

Coverage Report

Created: 2025-09-05 06:13

Line	Count	Source (jump to first uncovered line)
1		// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <stdlib.h>
16
17		#include <openssl/err.h>
18		#include <openssl/pem.h>
19
20		#include "internal.h"
21
22
23		static int by_file_ctrl(X509_LOOKUP ctx, int cmd, const char argc, long argl,
24		char **ret);
25		static const X509_LOOKUP_METHOD x509_file_lookup = {
26		NULL, // new
27		NULL, // free
28		by_file_ctrl, // ctrl
29		NULL, // get_by_subject
30		};
31
32	0	const X509_LOOKUP_METHOD *X509_LOOKUP_file(void) { return &x509_file_lookup; }
33
34		static int by_file_ctrl(X509_LOOKUP ctx, int cmd, const char argp, long argl,
35	0	char **ret) {
36	0	if (cmd != X509_L_FILE_LOAD) {
37	0	return 0;
38	0	}
39	0	const char *file = argp;
40	0	int type = argl;
41	0	if (argl == X509_FILETYPE_DEFAULT) {
42	0	if ((file = getenv(X509_get_default_cert_file_env())) == NULL) {
43	0	file = X509_get_default_cert_file();
44	0	}
45	0	type = X509_FILETYPE_PEM;
46	0	}
47	0	if (X509_load_cert_crl_file(ctx, file, type) != 0) {
48	0	return 1;
49	0	}
50	0	if (argl == X509_FILETYPE_DEFAULT) {
51	0	OPENSSL_PUT_ERROR(X509, X509_R_LOADING_DEFAULTS);
52	0	}
53	0	return 0;
54	0	}
55
56	0	int X509_load_cert_file(X509_LOOKUP ctx, const char file, int type) {
57	0	int ret = 0;
58	0	BIO *in = NULL;
59	0	int i, count = 0;
60	0	X509 *x = NULL;
61
62	0	in = BIO_new(BIO_s_file());
63
64	0	if ((in == NULL) \|\| (BIO_read_filename(in, file) <= 0)) {
65	0	OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
66	0	goto err;
67	0	}
68
69	0	if (type == X509_FILETYPE_PEM) {
70	0	for (;;) {
71	0	x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
72	0	if (x == NULL) {
73	0	if (ERR_equals(ERR_peek_last_error(), ERR_LIB_PEM,
74	0	PEM_R_NO_START_LINE) &&
75	0	count > 0) {
76	0	ERR_clear_error();
77	0	break;
78	0	}
79	0	OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
80	0	goto err;
81	0	}
82	0	i = X509_STORE_add_cert(ctx->store_ctx, x);
83	0	if (!i) {
84	0	goto err;
85	0	}
86	0	count++;
87	0	X509_free(x);
88	0	x = NULL;
89	0	}
90	0	ret = count;
91	0	} else if (type == X509_FILETYPE_ASN1) {
92	0	x = d2i_X509_bio(in, NULL);
93	0	if (x == NULL) {
94	0	OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB);
95	0	goto err;
96	0	}
97	0	i = X509_STORE_add_cert(ctx->store_ctx, x);
98	0	if (!i) {
99	0	goto err;
100	0	}
101	0	ret = i;
102	0	} else {
103	0	OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
104	0	goto err;
105	0	}
106
107	0	if (ret == 0) {
108	0	OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATE_FOUND);
109	0	}
110
111	0	err:
112	0	X509_free(x);
113	0	BIO_free(in);
114	0	return ret;
115	0	}
116
117	0	int X509_load_crl_file(X509_LOOKUP ctx, const char file, int type) {
118	0	int ret = 0;
119	0	BIO *in = NULL;
120	0	int i, count = 0;
121	0	X509_CRL *x = NULL;
122
123	0	in = BIO_new(BIO_s_file());
124
125	0	if ((in == NULL) \|\| (BIO_read_filename(in, file) <= 0)) {
126	0	OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
127	0	goto err;
128	0	}
129
130	0	if (type == X509_FILETYPE_PEM) {
131	0	for (;;) {
132	0	x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
133	0	if (x == NULL) {
134	0	if (ERR_equals(ERR_peek_last_error(), ERR_LIB_PEM,
135	0	PEM_R_NO_START_LINE) &&
136	0	count > 0) {
137	0	ERR_clear_error();
138	0	break;
139	0	}
140	0	OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
141	0	goto err;
142	0	}
143	0	i = X509_STORE_add_crl(ctx->store_ctx, x);
144	0	if (!i) {
145	0	goto err;
146	0	}
147	0	count++;
148	0	X509_CRL_free(x);
149	0	x = NULL;
150	0	}
151	0	ret = count;
152	0	} else if (type == X509_FILETYPE_ASN1) {
153	0	x = d2i_X509_CRL_bio(in, NULL);
154	0	if (x == NULL) {
155	0	OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB);
156	0	goto err;
157	0	}
158	0	i = X509_STORE_add_crl(ctx->store_ctx, x);
159	0	if (!i) {
160	0	goto err;
161	0	}
162	0	ret = i;
163	0	} else {
164	0	OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
165	0	goto err;
166	0	}
167
168	0	if (ret == 0) {
169	0	OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_FOUND);
170	0	}
171
172	0	err:
173	0	X509_CRL_free(x);
174	0	BIO_free(in);
175	0	return ret;
176	0	}
177
178	0	int X509_load_cert_crl_file(X509_LOOKUP ctx, const char file, int type) {
179	0	STACK_OF(X509_INFO) *inf;
180	0	X509_INFO *itmp;
181	0	BIO *in;
182	0	size_t i;
183	0	int count = 0;
184
185	0	if (type != X509_FILETYPE_PEM) {
186	0	return X509_load_cert_file(ctx, file, type);
187	0	}
188	0	in = BIO_new_file(file, "rb");
189	0	if (!in) {
190	0	OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
191	0	return 0;
192	0	}
193	0	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
194	0	BIO_free(in);
195	0	if (!inf) {
196	0	OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB);
197	0	return 0;
198	0	}
199	0	for (i = 0; i < sk_X509_INFO_num(inf); i++) {
200	0	itmp = sk_X509_INFO_value(inf, i);
201	0	if (itmp->x509) {
202	0	if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509)) {
203	0	goto err;
204	0	}
205	0	count++;
206	0	}
207	0	if (itmp->crl) {
208	0	if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl)) {
209	0	goto err;
210	0	}
211	0	count++;
212	0	}
213	0	}
214
215	0	if (count == 0) {
216	0	OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
217	0	}
218
219	0	err:
220	0	sk_X509_INFO_pop_free(inf, X509_INFO_free);
221	0	return count;
222	0	}
223
224	0	int X509_LOOKUP_load_file(X509_LOOKUP lookup, const char name, int type) {
225	0	return X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, name, type, NULL);
226	0	}