Add abort condition callback to `mbedtls_x509_name_cmp_raw()`
There are three operations that need to be performed on an X.509 name:
1 Initial traversal to check well-formedness of the ASN.1 structure.
2 Comparison between two X.509 name sequences.
3 Checking whether an X.509 name matches a client's ServerName request.
Each of these tasks involves traversing the nested ASN.1 structure,
In the interest of saving code, we aim to provide a single function
which can perform all of the above tasks.
The existing comparison function is already suitable not only for task 2,
but also for 1: One can simply pass two equal ASN.1 name buffers, in which
case the function will succeed if and only if that buffer is a well-formed
ASN.1 name.
This commit further adds a callback to `mbedtls_x509_name_cmp_raw()` which
is called after each successful step in the simultaneous name traversal and
comparison; it may perform any operation on the current name and potentially
signal that the comparison should be aborted.
With that, task 3 can be implemented by passing equal names and a callback
which aborts as soon as it finds the desired name component.
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index ba7a174..c7b8cc4 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -312,8 +312,12 @@
mbedtls_x509_time *t );
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
-int mbedtls_x509_name_cmp_raw( const mbedtls_x509_buf_raw *a,
- const mbedtls_x509_buf_raw *b );
+int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a,
+ mbedtls_x509_buf_raw const *b,
+ int (*check)( void *ctx,
+ mbedtls_x509_buf *oid,
+ mbedtls_x509_buf *val ),
+ void *check_ctx );
int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );