TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 2492622289039005536e6e949c0000ce13b52f72^! / .
commit2492622289039005536e6e949c0000ce13b52f72[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Thu Feb 21 13:10:55 2019 +0000
committerHanno Becker <hanno.becker@arm.com>Tue Jun 25 09:06:26 2019 +0100
treed9bd909011067b89966b2ff6c38908e827296757
parentded167e18cf7f82fecb5f0d08a356e241056db5d [diff]
Pass raw data to x509_check_wildcard() and `x509_crt_check_cn()`

In preparation for rewriting the `SubjectAlternativeName` search routine
to use raw ASN.1 data, this commit changes `x509_check_wildcard()` and
`x509_check_cn()`, responsible for checking whether a name matches a
wildcard pattern, to take a raw buffer pointer and length as parameters
instead of an `mbedtls_x509_buf` instance.

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 243373e..c628e81 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -230,13 +230,16 @@
 /*
  * Return 0 if name matches wildcard, -1 otherwise
  */
-static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
+static int x509_check_wildcard( char const *cn,
+                                size_t cn_len,
+                                unsigned char const *buf,
+                                size_t buf_len )
 {
     size_t i;
-    size_t cn_idx = 0, cn_len = strlen( cn );
+    size_t cn_idx = 0;
 
     /* We can't have a match if there is no wildcard to match */
-    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
+    if( buf_len < 3 || buf[0] != '*' || buf[1] != '.' )
         return( -1 );
 
     for( i = 0; i < cn_len; ++i )
@@ -251,8 +254,8 @@
     if( cn_idx == 0 )
         return( -1 );
 
-    if( cn_len - cn_idx == name->len - 1 &&
-        mbedtls_x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+    if( cn_len - cn_idx == buf_len - 1 &&
+        mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx, buf_len - 1 ) == 0 )
     {
         return( 0 );
     }
@@ -2387,18 +2390,20 @@
 /*
  * Check for CN match
  */
-static int x509_crt_check_cn( const mbedtls_x509_buf *name,
-                              const char *cn, size_t cn_len )
+static int x509_crt_check_cn( unsigned char const *buf,
+                              size_t buflen,
+                              const char *cn,
+                              size_t cn_len )
 {
-    /* try exact match */
-    if( name->len == cn_len &&
-        mbedtls_x509_memcasecmp( cn, name->p, cn_len ) == 0 )
+    /* Try exact match */
+    if( buflen == cn_len &&
+        mbedtls_x509_memcasecmp( cn, buf, cn_len ) == 0 )
     {
         return( 0 );
     }
 
     /* try wildcard match */
-    if( x509_check_wildcard( cn, name ) == 0 )
+    if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 )
     {
         return( 0 );
     }
@@ -2418,7 +2423,7 @@
     size_t cn_len = strlen( cn );
 
     if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, oid ) == 0 &&
-        x509_crt_check_cn( val, cn, cn_len ) == 0 )
+        x509_crt_check_cn( val->p, val->len, cn, cn_len ) == 0 )
     {
         return( 1 );
     }
@@ -2440,7 +2445,8 @@
     {
         for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
         {
-            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
+            if( x509_crt_check_cn( cur->buf.p, cur->buf.len,
+                                   cn, cn_len ) == 0 )
                 break;
         }