Changed x509parse_crt_der() to support adding to chain.
Removed chain functionality from x509parse_crt() as x509parse_crt_der()
now handles that much cleaner.
(cherry picked from commit d6d4109adc01417abde44b3325d8438b584de5e5)
diff --git a/library/x509parse.c b/library/x509parse.c
index 42ddd70..12ad67c 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1026,7 +1026,8 @@
/*
* Parse and fill a single X.509 certificate in DER format
*/
-int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
+int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
+ size_t buflen )
{
int ret;
size_t len;
@@ -1071,7 +1072,7 @@
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
crt_end = p + len;
-
+
/*
* TBSCertificate ::= SEQUENCE {
*/
@@ -1277,15 +1278,13 @@
}
/*
- * Parse one or more PEM certificates from a buffer and add them to the chained list
+ * Parse one X.509 certificate in DER format from a buffer and add them to a
+ * chained list
*/
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
+int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen )
{
- int ret, success = 0, first_error = 0, total_failed = 0;
- x509_cert *crt, *prev = NULL;
- int buf_format = X509_FORMAT_DER;
-
- crt = chain;
+ int ret;
+ x509_cert *crt = chain, *prev = NULL;
/*
* Check for valid input
@@ -1314,6 +1313,34 @@
memset( crt, 0, sizeof( x509_cert ) );
}
+ if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
+ {
+ if( prev )
+ prev->next = NULL;
+
+ if( crt != chain )
+ free( crt );
+
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+/*
+ * Parse one or more PEM certificates from a buffer and add them to the chained list
+ */
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
+{
+ int ret, success = 0, first_error = 0, total_failed = 0;
+ int buf_format = X509_FORMAT_DER;
+
+ /*
+ * Check for valid input
+ */
+ if( chain == NULL || buf == NULL )
+ return( POLARSSL_ERR_X509_INVALID_INPUT );
+
/*
* Determine buffer content. Buffer contains either one DER certificate or
* one or more PEM certificates.
@@ -1324,8 +1351,8 @@
#endif
if( buf_format == X509_FORMAT_DER )
- return x509parse_crt_der( crt, buf, buflen );
-
+ return x509parse_crt_der( chain, buf, buflen );
+
#if defined(POLARSSL_PEM_C)
if( buf_format == X509_FORMAT_PEM )
{
@@ -1371,61 +1398,30 @@
else
break;
- ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
+ ret = x509parse_crt_der( chain, pem.buf, pem.buflen );
pem_free( &pem );
if( ret != 0 )
{
/*
- * quit parsing on a memory error
+ * Quit parsing on a memory error
*/
if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
- {
- if( prev )
- prev->next = NULL;
-
- if( crt != chain )
- free( crt );
-
return( ret );
- }
if( first_error == 0 )
first_error = ret;
-
- total_failed++;
- memset( crt, 0, sizeof( x509_cert ) );
+ total_failed++;
continue;
}
success = 1;
-
- /*
- * Add new certificate to the list
- */
- crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
-
- if( crt->next == NULL )
- return( POLARSSL_ERR_X509_MALLOC_FAILED );
-
- prev = crt;
- crt = crt->next;
- memset( crt, 0, sizeof( x509_cert ) );
}
}
#endif
- if( crt->version == 0 )
- {
- if( prev )
- prev->next = NULL;
-
- if( crt != chain )
- free( crt );
- }
-
if( success )
return( total_failed );
else if( first_error )