commit 1e11f217d4ea1c698617dfadfff5c63d7dff7b55
author Hanno Becker <hanno.becker@arm.com> Mon Mar 04 14:43:43 2019 +0000
committer Hanno Becker <hanno.becker@arm.com> Tue Jun 25 09:07:16 2019 +0100
tree f5c4d60e0ae0851ca784c084a8cdff304df7b19d
parent 4e021c8f50f12fcb8c8924d25aaecff905f907b0

Solely use raw X.509 name data references including SEQUENCE header

So far, the CRT frame structure `mbedtls_x509_crt_frame` used
as `issuer_raw` and `subject_raw` the _content_ of the ASN.1
name structure for issuer resp. subject. This was in contrast
to the fields `issuer_raw` and `subject_raw` from the legacy
`mbedtls_x509_crt` structure, and caused some information
duplication by having both variants `xxx_no_hdr` and `xxx_with_hdr`
in `mbedtls_x509_crt` and `mbedtls_x509_crt_frame`.

This commit removes this mismatch by solely using the legacy
form of `issuer_raw` and `subject_raw`, i.e. those _including_
the ASN.1 name header.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index fb5265a..bd452b6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -126,8 +126,10 @@
     frame->serial.len = crt->serial.len;
     frame->pubkey_raw.p   = crt->pk_raw.p;
     frame->pubkey_raw.len = crt->pk_raw.len;
-    frame->issuer_raw = crt->issuer_raw_no_hdr;
-    frame->subject_raw = crt->subject_raw_no_hdr;
+    frame->issuer_raw.p = crt->issuer_raw.p;
+    frame->issuer_raw.len = crt->issuer_raw.len;
+    frame->subject_raw.p = crt->subject_raw.p;
+    frame->subject_raw.len = crt->subject_raw.len;
     frame->issuer_id.p   = crt->issuer_id.p;
     frame->issuer_id.len = crt->issuer_id.len;
     frame->subject_id.p   = crt->subject_id.p;
@@ -136,10 +138,6 @@
     frame->sig.len = crt->sig.len;
     frame->v3_ext.p   = crt->v3_ext.p;
     frame->v3_ext.len = crt->v3_ext.len;
-    frame->issuer_raw_with_hdr.p   = crt->issuer_raw.p;
-    frame->issuer_raw_with_hdr.len = crt->issuer_raw.len;
-    frame->subject_raw_with_hdr.p   = crt->subject_raw.p;
-    frame->subject_raw_with_hdr.len = crt->subject_raw.len;
 
     /* The legacy CRT structure doesn't explicitly contain
      * the `AlgorithmIdentifier` bounds; however, those can
@@ -1185,15 +1183,14 @@
      *
      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
      */
-    frame->issuer_raw_with_hdr.p = p;
+    frame->issuer_raw.p = p;
 
     ret = mbedtls_asn1_get_tag( &p, end, &len,
                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
     if( ret != 0 )
         return( ret + MBEDTLS_ERR_X509_INVALID_FORMAT );
-    frame->issuer_raw.p   = p;
-    frame->issuer_raw.len = len;
     p += len;
+    frame->issuer_raw.len = p - frame->issuer_raw.p;
 
     ret = mbedtls_x509_name_cmp_raw( &frame->issuer_raw,
                                      &frame->issuer_raw,
@@ -1201,8 +1198,6 @@
     if( ret != 0 )
         return( ret );
 
-    frame->issuer_raw_with_hdr.len = p - frame->issuer_raw_with_hdr.p;
-
     /*
      * Validity ::= SEQUENCE { ...
      */
@@ -1218,15 +1213,14 @@
      *
      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
      */
-    frame->subject_raw_with_hdr.p = p;
+    frame->subject_raw.p = p;
 
     ret = mbedtls_asn1_get_tag( &p, end, &len,
                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
     if( ret != 0 )
         return( ret + MBEDTLS_ERR_X509_INVALID_FORMAT );
-    frame->subject_raw.p   = p;
-    frame->subject_raw.len = len;
     p += len;
+    frame->subject_raw.len = p - frame->subject_raw.p;
 
     ret = mbedtls_x509_name_cmp_raw( &frame->subject_raw,
                                      &frame->subject_raw,
@@ -1234,8 +1228,6 @@
     if( ret != 0 )
         return( ret );
 
-    frame->subject_raw_with_hdr.len = p - frame->subject_raw_with_hdr.p;
-
     /*
      * SubjectPublicKeyInfo
      */
@@ -1317,19 +1309,17 @@
 static int x509_crt_subject_from_frame( mbedtls_x509_crt_frame *frame,
                                         mbedtls_x509_name *subject )
 {
-    unsigned char *p = frame->subject_raw.p;
-    unsigned char *end = p + frame->subject_raw.len;
-
-    return( mbedtls_x509_get_name( &p, end, subject ) );
+    return( mbedtls_x509_get_name( frame->subject_raw.p,
+                                   frame->subject_raw.len,
+                                   subject ) );
 }
 
 static int x509_crt_issuer_from_frame( mbedtls_x509_crt_frame *frame,
                                        mbedtls_x509_name *issuer )
 {
-    unsigned char *p = frame->issuer_raw.p;
-    unsigned char *end = p + frame->issuer_raw.len;
-
-    return( mbedtls_x509_get_name( &p, end, issuer ) );
+    return( mbedtls_x509_get_name( frame->issuer_raw.p,
+                                   frame->issuer_raw.len,
+                                   issuer ) );
 }
 
 static int x509_crt_subject_alt_from_frame( mbedtls_x509_crt_frame *frame,
@@ -1453,12 +1443,10 @@
     crt->tbs.len = frame->tbs.len;
     crt->serial.p   = frame->serial.p;
     crt->serial.len = frame->serial.len;
-    crt->issuer_raw.p   = frame->issuer_raw_with_hdr.p;
-    crt->issuer_raw.len = frame->issuer_raw_with_hdr.len;
-    crt->subject_raw.p   = frame->subject_raw_with_hdr.p;
-    crt->subject_raw.len = frame->subject_raw_with_hdr.len;
-    crt->issuer_raw_no_hdr = frame->issuer_raw;
-    crt->subject_raw_no_hdr = frame->subject_raw;
+    crt->issuer_raw.p   = frame->issuer_raw.p;
+    crt->issuer_raw.len = frame->issuer_raw.len;
+    crt->subject_raw.p   = frame->subject_raw.p;
+    crt->subject_raw.len = frame->subject_raw.len;
     crt->issuer_id.p   = frame->issuer_id.p;
     crt->issuer_id.len = frame->issuer_id.len;
     crt->subject_id.p   = frame->subject_id.p;
@@ -2561,7 +2549,7 @@
     while( crl_list != NULL )
     {
         if( crl_list->version == 0 ||
-            mbedtls_x509_name_cmp_raw( &crl_list->issuer_raw_no_hdr,
+            mbedtls_x509_name_cmp_raw( &crl_list->issuer_raw,
                                        &ca_subject, NULL, NULL ) != 0 )
         {
             crl_list = crl_list->next;