add CertManager Verify with Buffer

2012-05-29 12:04:48 -07:00 · 2012-05-29 12:04:48 -07:00 · f528f5a7d3
parent c2292c31b0
commit f528f5a7d3
2 changed files with 47 additions and 32 deletions
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@ -789,6 +789,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
                                        const char* d);
 CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
                                        int format);
+CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
+                                 const unsigned char* buff, int sz, int format);
 CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
                                          int sz);
 CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1280,28 +1280,64 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
 }


+/* Verify the ceritficate, 1 for success, < 0 for error */
+int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
+                                   int sz, int format)
+{
+    int ret = 0;
+    int eccKey = 0;  /* not used */
+
+    DecodedCert cert;
+    buffer      der;
+
+    CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
+
+    der.buffer = NULL;
+
+    if (format == SSL_FILETYPE_PEM) { 
+        EncryptedInfo info;
+            
+        info.set      = 0;
+        info.ctx      = NULL;
+        info.consumed = 0;
+        ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
+        InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
+    }
+    else
+        InitDecodedCert(&cert, buff, sz, cm->heap);
+
+    if (ret == 0)
+        ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
+#ifdef HAVE_CRL
+    if (ret == 0 && cm->crlEnabled)
+        ret = CheckCertCRL(cm->crl, &cert);
+#endif
+
+    FreeDecodedCert(&cert);
+    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
+
+    return ret;
+}
+
+
 /* Verify the ceritficate, 1 for success, < 0 for error */
 int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
                             int format)
 {
-    int           ret = SSL_FATAL_ERROR;
-    int           eccKey = 0;  /* not used */
-    DecodedCert   cert;
-
+    int    ret = SSL_FATAL_ERROR;
    byte   staticBuffer[FILE_BUFFER_SIZE];
    byte*  myBuffer = staticBuffer;
    int    dynamic = 0;
    long   sz = 0;
-    buffer der;
    XFILE* file = XFOPEN(fname, "rb"); 

+    CYASSL_ENTER("CyaSSL_CertManagerVerify");
+
    if (!file) return SSL_BAD_FILE;
    XFSEEK(file, 0, XSEEK_END);
    sz = XFTELL(file);
    XREWIND(file);

-    der.buffer = NULL;
-
    if (sz > (long)sizeof(staticBuffer)) {
        CYASSL_MSG("Getting dynamic buffer");
        myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
@ -1314,32 +1350,9 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,

    if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
        ret = SSL_BAD_FILE;
-    else {
-        ret = 0;  /* ok */
-        if (format == SSL_FILETYPE_PEM) { 
-            EncryptedInfo info;
-            
-            info.set       = 0;
-            info.ctx      = NULL;
-            info.consumed = 0;
-            ret = PemToDer(myBuffer, sz, CERT_TYPE, &der, cm->heap, &info,
-                           &eccKey);
-            InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
+    else 
+        ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);

-        }
-        else
-            InitDecodedCert(&cert, myBuffer, sz, cm->heap);
-
-        if (ret == 0)
-            ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
-#ifdef HAVE_CRL
-        if (ret == 0 && cm->crlEnabled)
-            ret = CheckCertCRL(cm->crl, &cert);
-#endif
-    }
-
-    FreeDecodedCert(&cert);
-    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
    XFCLOSE(file);
    if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);