From 153bcb52978d7ca227e3e459dba2d4f93f8199c3 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Sat, 19 May 2018 14:44:49 +0900
Subject: [PATCH] d2i_X509_fp

---
 src/ssl.c             | 139 ++++++++++++++++++++++++------------------
 tests/api.c           |  19 +++++-
 wolfssl/openssl/ssl.h |   1 +
 wolfssl/ssl.h         |   6 +-
 4 files changed, 104 insertions(+), 61 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8a0131bc7..bcf16c2a7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17993,14 +17993,94 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
 }
 #endif /* NO_CERTS */
 
+#ifndef NO_FILESYSTEM
+static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
+{
+    void *new = NULL;
+    DerBuffer*   der = NULL;
+    byte *fileBuffer = NULL;
+
+    if (file != XBADFILE)
+    {
+        long sz = 0;
+
+        XFSEEK(file, 0, XSEEK_END);
+        sz = XFTELL(file);
+        XREWIND(file);
+
+        if (sz < 0)
+        {
+            WOLFSSL_MSG("Bad tell on FILE");
+            return NULL;
+        }
+
+        fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
+        if (fileBuffer != NULL)
+        {
+            if((long)XFREAD(fileBuffer, 1, sz, file) != sz)
+            {
+                WOLFSSL_MSG("File read failed");
+                goto err_exit;
+            }          
+            if(type == CERT_TYPE)
+                new = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
+            #ifdef HAVE_CRL
+            else if(type == CRL_TYPE)
+                new = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
+            #endif
+            else goto err_exit;
+            if(new == NULL)
+            {
+                WOLFSSL_MSG("X509 failed");
+                goto err_exit;
+            }
+        }
+    }
+    if (x509 != NULL)
+        *x509 = new;
+
+    goto _exit;
+
+err_exit:
+    if(new != NULL){
+        if(type == CERT_TYPE)
+            wolfSSL_X509_free(new);
+        #ifdef HAVE_CRL
+        else {
+           if(type == CRL_TYPE)
+                wolfSSL_X509_CRL_free(new);
+        }
+        #endif
+    }
+_exit:
+    if(der != NULL)
+        FreeDer(&der);
+    if(fileBuffer != NULL)
+        XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
+    return new;
+}
+
+WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
+    return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
+}
+#endif /* NO_FILESYSTEM */
+
+
 #ifdef HAVE_CRL
+WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
+{
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
+    return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
+}
 
 WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len)
 {
     WOLFSSL_X509_CRL *newcrl = NULL;
     int ret ;
 
-    WOLFSSL_ENTER("wolfSSL_X509_CRL_d2i");
+    WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL");
 
     if(in == NULL){
         WOLFSSL_MSG("Bad argument value");
@@ -18034,63 +18114,6 @@ _exit:
     return newcrl;
 }
 
-#ifndef NO_FILESYSTEM
-WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file)
-{
-    WOLFSSL_X509_CRL *newcrl = NULL;
-    DerBuffer*   der = NULL;
-    byte *fileBuffer = NULL;
-    
-    WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
-
-    if (file != XBADFILE)
-    {
-        long sz = 0;
-
-        XFSEEK(file, 0, XSEEK_END);
-        sz = XFTELL(file);
-        XREWIND(file);
-
-        if (sz < 0)
-        {
-            WOLFSSL_MSG("Bad tell on FILE");
-            return NULL;
-        }
-
-        fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
-        if (fileBuffer != NULL)
-        {
-            if((long)XFREAD(fileBuffer, 1, sz, file) != sz)
-            {
-                WOLFSSL_MSG("File read failed");
-                goto err_exit;
-            }          
-            
-            newcrl = wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
-            if(newcrl == NULL)
-            {
-                WOLFSSL_MSG("X509_CRL failed");
-                goto err_exit;
-            }
-        }
-    }
-    if (crl != NULL)
-        *crl = newcrl;
-
-    goto _exit;
-
-err_exit:
-    if(newcrl != NULL)
-        wolfSSL_X509_CRL_free(newcrl);
-_exit:
-    if(der != NULL)
-        FreeDer(&der);
-    if(fileBuffer != NULL)
-        XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
-    return newcrl;
-}
-#endif
-
 void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
 {
     WOLFSSL_ENTER("wolfSSL_X509_CRL_free");
diff --git a/tests/api.c b/tests/api.c
index 2c7a6fd7c..aa58f52d4 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -16671,6 +16671,9 @@ static void test_wolfSSL_X509(void)
     X509_STORE_CTX* ctx;
     X509_STORE* store;
 
+    char der[] = "certs/ca-cert.der";
+    XFILE fp;
+
     printf(testingFmt, "wolfSSL_X509()");
 
     AssertNotNull(x509 = X509_new());
@@ -16695,6 +16698,18 @@ static void test_wolfSSL_X509(void)
     X509_STORE_CTX_free(ctx);
     BIO_free(bio);
 
+    /** d2i_X509_fp test **/
+    AssertNotNull(fp = XFOPEN(der, "rb"));
+    AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
+    AssertNotNull(x509);
+    X509_free(x509);
+    XFCLOSE(fp);
+    AssertNotNull(fp = XFOPEN(der, "rb"));
+    AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
+    AssertNotNull(x509);
+    X509_free(x509);
+    XFCLOSE(fp);
+
     printf(resultFmt, passed);
     #endif
 }
@@ -18724,12 +18739,12 @@ static void test_wolfSSL_X509_CRL(void)
 #ifdef HAVE_TEST_d2i_X509_CRL_fp
     for(i = 0; der[i][0] != '\0'; i++){
         AssertNotNull(fp = XFOPEN(der[i], "rb"));
-        AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)NULL, fp));
+        AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
         AssertNotNull(crl);
         X509_CRL_free(crl);
         XFCLOSE(fp);
         AssertNotNull(fp = XFOPEN(der[i], "rb"));
-        AssertNotNull((X509_CRL *)d2i_X509_CRL_fp((X509_CRL **)&crl, fp));
+        AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
         AssertNotNull(crl);
         X509_CRL_free(crl);
         XFCLOSE(fp);
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index b7ac3b5a8..a2b8a49ca 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -513,6 +513,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define sk_X509_free wolfSSL_sk_X509_free
 #define i2d_X509_bio wolfSSL_i2d_X509_bio
 #define d2i_X509_bio wolfSSL_d2i_X509_bio
+#define d2i_X509_fp wolfSSL_d2i_X509_fp
 #define i2d_X509     wolfSSL_i2d_X509
 #define d2i_X509     wolfSSL_d2i_X509
 #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 28c8c6698..30b5fb32a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1521,7 +1521,7 @@ WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
                                                    const unsigned char *in, int len);
 #ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(WOLFSSL_X509_CRL **crl, XFILE file);
+WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
 #endif
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
 
@@ -2537,6 +2537,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses
 WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
                                                        WOLFSSL_X509_STORE* str);
 WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
+#if !defined(NO_FILESYSTEM)
+WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
+                                               WOLFSSL_X509** x509);
+#endif
 WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
                                                WOLFSSL_X509** x509);
 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);