Solely use raw X.509 name data references including SEQUENCE header
So far, the CRT frame structure `mbedtls_x509_crt_frame` used
as `issuer_raw` and `subject_raw` the _content_ of the ASN.1
name structure for issuer resp. subject. This was in contrast
to the fields `issuer_raw` and `subject_raw` from the legacy
`mbedtls_x509_crt` structure, and caused some information
duplication by having both variants `xxx_no_hdr` and `xxx_with_hdr`
in `mbedtls_x509_crt` and `mbedtls_x509_crt_frame`.
This commit removes this mismatch by solely using the legacy
form of `issuer_raw` and `subject_raw`, i.e. those _including_
the ASN.1 name header.
diff --git a/library/x509.c b/library/x509.c
index 55726da..9d00beb 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -544,53 +544,67 @@
void *abort_check_ctx )
{
int ret;
+ size_t idx;
+ unsigned char *p[2], *end[2], *set[2];
- unsigned char *p_a, *end_a, *set_a;
- unsigned char *p_b, *end_b, *set_b;
+ p[0] = a->p;
+ p[1] = b->p;
+ end[0] = p[0] + a->len;
+ end[1] = p[1] + b->len;
- p_a = set_a = (unsigned char*) a->p;
- p_b = set_b = (unsigned char*) b->p;
+ for( idx = 0; idx < 2; idx++ )
+ {
+ size_t len;
+ ret = mbedtls_asn1_get_tag( &p[idx], end[idx], &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE );
- end_a = p_a + a->len;
- end_b = p_b + b->len;
+ if( end[idx] != p[idx] + len )
+ {
+ return( MBEDTLS_ERR_X509_INVALID_NAME +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ }
+
+ set[idx] = p[idx];
+ }
while( 1 )
{
int next_merged;
- mbedtls_x509_buf oid_a, val_a, oid_b, val_b;
+ mbedtls_x509_buf oid[2], val[2];
- ret = x509_set_sequence_iterate( &p_a, (const unsigned char **) &set_a,
- end_a, &oid_a, &val_a );
+ ret = x509_set_sequence_iterate( &p[0], (const unsigned char **) &set[0],
+ end[0], &oid[0], &val[0] );
if( ret != 0 )
goto exit;
- ret = x509_set_sequence_iterate( &p_b, (const unsigned char **) &set_b,
- end_b, &oid_b, &val_b );
+ ret = x509_set_sequence_iterate( &p[1], (const unsigned char **) &set[1],
+ end[1], &oid[1], &val[1] );
if( ret != 0 )
goto exit;
- if( oid_a.len != oid_b.len ||
- memcmp( oid_a.p, oid_b.p, oid_b.len ) != 0 )
+ if( oid[0].len != oid[1].len ||
+ memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 )
{
return( 1 );
}
- if( x509_string_cmp( &val_a, &val_b ) != 0 )
+ if( x509_string_cmp( &val[0], &val[1] ) != 0 )
return( 1 );
- next_merged = ( set_a != p_a );
- if( next_merged != ( set_b != p_b ) )
+ next_merged = ( set[0] != p[0] );
+ if( next_merged != ( set[1] != p[1] ) )
return( 1 );
if( abort_check != NULL )
{
- ret = abort_check( abort_check_ctx, &oid_a, &val_a,
+ ret = abort_check( abort_check_ctx, &oid[0], &val[0],
next_merged );
if( ret != 0 )
return( ret );
}
- if( p_a == end_a && p_b == end_b )
+ if( p[0] == end[0] && p[1] == end[1] )
break;
}
@@ -626,20 +640,15 @@
return( 0 );
}
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+int mbedtls_x509_get_name( unsigned char *p,
+ size_t len,
mbedtls_x509_name *cur )
{
- int ret;
- mbedtls_x509_buf_raw name_buf = { *p, end - *p };
+ mbedtls_x509_buf_raw name_buf = { p, len };
memset( cur, 0, sizeof( mbedtls_x509_name ) );
- ret = mbedtls_x509_name_cmp_raw( &name_buf, &name_buf,
- x509_get_name_cb,
- &cur );
- if( ret != 0 )
- return( ret );
-
- *p = (unsigned char*) end;
- return( 0 );
+ return( mbedtls_x509_name_cmp_raw( &name_buf, &name_buf,
+ x509_get_name_cb,
+ &cur ) );
}
static int x509_parse_int( unsigned char **p, size_t n, int *res )