Skip to content

Commit

Permalink
Re-remove unnecesary stat calls from by_dir.c
Browse files Browse the repository at this point in the history
After examining consumer test code and discussion with davidben,
the stat here serves only to get out of this code without having
an error on the error stack when the file does not exist, which is
then interpreted as the CA or CRL does not exist. Instead, we
simply attempt to open the files, and if it does not work for
any reason, clear the error that was set.

This changes us to treat any failure in finding a CA or CRL using
the by directory lookup as if the file was just not present. This
ensures a consistent behaviour with the error returned from the
verification code. We don't differentiate between the file not existing
or other errors such as garbage in the file.

Fixed: 708
Change-Id: I1eee01282cde803fb7c9b52003da3dfbd5ba9e33
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66967
Reviewed-by: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
(cherry picked from commit fae0964b3d44e94ca2a2d21f86e61dabe683d130)
  • Loading branch information
Bob Beck authored and nebeid committed Dec 5, 2024
1 parent 03972f4 commit 00380fe
Showing 1 changed file with 7 additions and 13 deletions.
20 changes: 7 additions & 13 deletions crypto/x509/by_dir.c
Original file line number Diff line number Diff line change
Expand Up @@ -307,28 +307,22 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
for (;;) {
snprintf(b->data, b->max, "%s/%08" PRIx32 ".%s%d", ent->dir, h, postfix,
k);
#ifndef OPENSSL_NO_POSIX_IO
#if defined(_WIN32) && !defined(stat)
#define stat _stat
#endif
{
struct stat st;
if (stat(b->data, &st) < 0) {
break;
}
}
#endif
// found one.
if (type == X509_LU_X509) {
if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) {
// Don't expose the lower level error, All of these boil
// down to "we could not find a CA".
ERR_clear_error();
break;
}
} else if (type == X509_LU_CRL) {
if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) {
// Don't expose the lower level error, All of these boil
// down to "we could not find a CRL".
ERR_clear_error();
break;
}
}
// else case will caught higher up
// The lack of a CA or CRL will be caught higher up
k++;
}

Expand Down

0 comments on commit 00380fe

Please sign in to comment.