diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-08-04 15:25:22 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-08-04 22:25:53 +0000 |
commit | a25d477fa7969f6311bc8df0ff4df8208e80fa6f (patch) | |
tree | 83cfc0800a20bcf5de54aad0e8a4313cf72168cf /epan/dissectors/packet-ssl-utils.c | |
parent | 8d09f2a3adc4ac3d394ca07e5a12607ed0368d60 (diff) |
Clean up private key file error reporting.
Ensure that rsa_load_pem_key() and rsa_load_pkcs12() always return an
error message string if they fail, so that
1) they don't return NULL without supplying an error string;
2) they don't supply an error string if they succeed.
If either of them fails, report the error; if there's no error string,
report an unknown error (that shouldn't happen, but the wsutil/rsa.c
code needs more cleanup before I'll believe it can't happen).
While we're at it, clean up some of those error strings, return NULL
rather than 0 as the failure case from rsa_load_pkcs12() as we do in
rsa_load_pem_key() (they mean the same thing, but NULL makes it a bit
clearer), and de-initialize the private key structure in
rsa_load_pem_key() if we fail (so that we don't leak memory).
Change-Id: Id9dd331800d87b017a500a6f579df446057f555b
Reviewed-on: https://code.wireshark.org/review/22941
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 1abf74e2b4..cd94d70fc1 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -4641,23 +4641,26 @@ ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const c if ((gint)strlen(uats->password) == 0) { priv_key = rsa_load_pem_key(fp, &err); - if (err) { - ssl_debug_printf("%s\n", err); - g_free(err); - } } else { priv_key = rsa_load_pkcs12(fp, uats->password, &err); - if (err) { - report_failure("%s\n", err); - g_free(err); - } } fclose(fp); if (!priv_key) { - report_failure("Can't load private key from %s\n", uats->keyfile); + if (err) { + report_failure("Can't load private key from %s: %s", + uats->keyfile, err); + g_free(err); + } else + report_failure("Can't load private key from %s: unknown error", + uats->keyfile); return; } + if (err) { + report_failure("Load of private key from %s \"succeeded\" with error %s", + uats->keyfile, err); + g_free(err); + } key_id = (guchar *) g_malloc0(key_id_len); ret = gnutls_x509_privkey_get_key_id(priv_key, 0, key_id, &key_id_len); |