From 00380fe8d41c9e30578523dbb59a14507b79a3da Mon Sep 17 00:00:00 2001
From: Bob Beck <bbe@google.com>
Date: Tue, 12 Mar 2024 19:31:09 +0000
Subject: [PATCH] Re-remove unnecesary stat calls from by_dir.c

After examining consumer test code and discussion with davidben,
the stat here serves only to get out of this code without having
an error on the error stack when the file does not exist, which is
then interpreted as the CA or CRL does not exist. Instead, we
simply attempt to open the files, and if it does not work for
any reason, clear the error that was set.

This changes us to treat any failure in finding a CA or CRL using
the by directory lookup as if the file was just not present. This
ensures a consistent behaviour with the error returned from the
verification code. We don't differentiate between the file not existing
or other errors such as garbage in the file.

Fixed: 708
Change-Id: I1eee01282cde803fb7c9b52003da3dfbd5ba9e33
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66967
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(cherry picked from commit fae0964b3d44e94ca2a2d21f86e61dabe683d130)
---
 crypto/x509/by_dir.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index fc69b94d117..c628cbcab04 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -307,28 +307,22 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
       for (;;) {
         snprintf(b->data, b->max, "%s/%08" PRIx32 ".%s%d", ent->dir, h, postfix,
                  k);
-#ifndef OPENSSL_NO_POSIX_IO
-#if defined(_WIN32) && !defined(stat)
-#define stat _stat
-#endif
-        {
-          struct stat st;
-          if (stat(b->data, &st) < 0) {
-            break;
-          }
-        }
-#endif
-        // found one.
         if (type == X509_LU_X509) {
           if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) {
+            // Don't expose the lower level error, All of these boil
+            // down to "we could not find a CA".
+            ERR_clear_error();
             break;
           }
         } else if (type == X509_LU_CRL) {
           if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) {
+            // Don't expose the lower level error, All of these boil
+            // down to "we could not find a CRL".
+            ERR_clear_error();
             break;
           }
         }
-        // else case will caught higher up
+        // The lack of a CA or CRL will be caught higher up
         k++;
       }