commit 6b37812a45be3321ae98e7dea346f4ec383db132
author Hanno Becker <hanno.becker@arm.com> Sat Feb 23 10:20:14 2019 +0000
committer Hanno Becker <hanno.becker@arm.com> Tue Jun 25 09:06:26 2019 +0100
tree fa40e819e9ed761f7fd5c719b021713fe43c64a0
parent 10e6b9b2b5a1b338cb1f395b101fe1a4965ce81c

Add `next_merged` field to X.509 name comparison abort callback

library/x509.c

diff --git a/library/x509.c b/library/x509.c
index 05d995c..8b63572 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -451,39 +451,6 @@
     return( ret );
 }
 
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                           mbedtls_x509_name *cur )
-{
-    int ret;
-    const unsigned char *end_set;
-
-    end_set = *p;
-    while( 1 )
-    {
-        ret = x509_set_sequence_iterate( p, &end_set, end,
-                                         &cur->oid, &cur->val );
-        if( ret != 0 )
-            return( ret + MBEDTLS_ERR_X509_INVALID_NAME );
-
-        if( *p != end_set )
-            cur->next_merged = 1;
-
-        if( *p == end )
-        {
-            cur->next = NULL;
-            break;
-        }
-
-        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
-        if( cur->next == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-        cur = cur->next;
-    }
-
-    return( 0 );
-}
-
 /*
  * Like memcmp, but case-insensitive and always returns -1 if different
  */
@@ -572,7 +539,8 @@
                                mbedtls_x509_buf_raw const *b,
                                int (*abort_check)( void *ctx,
                                              mbedtls_x509_buf *oid,
-                                             mbedtls_x509_buf *val ),
+                                             mbedtls_x509_buf *val,
+                                             int next_merged ),
                                void *abort_check_ctx )
 {
     int ret;
@@ -588,7 +556,8 @@
 
     while( 1 )
     {
-         mbedtls_x509_buf oid_a, val_a, oid_b, val_b;
+        int next_merged;
+        mbedtls_x509_buf oid_a, val_a, oid_b, val_b;
 
         ret = x509_set_sequence_iterate( &p_a, (const unsigned char **) &set_a,
                                          end_a, &oid_a, &val_a );
@@ -609,12 +578,14 @@
         if( x509_string_cmp( &val_a, &val_b ) != 0 )
             return( 1 );
 
-        if( ( set_a == p_a ) != ( set_b == p_b ) )
+        next_merged = ( set_a != p_a );
+        if( next_merged != ( set_b != p_b ) )
             return( 1 );
 
         if( abort_check != NULL )
         {
-            ret = abort_check( abort_check_ctx, &oid_a, &val_a );
+            ret = abort_check( abort_check_ctx, &oid_a, &val_a,
+                               next_merged );
             if( ret != 0 )
                 return( ret );
         }
@@ -630,6 +601,41 @@
     return( ret );
 }
 
+
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                           mbedtls_x509_name *cur )
+{
+    int ret;
+    const unsigned char *end_set;
+
+    end_set = *p;
+    while( 1 )
+    {
+        ret = x509_set_sequence_iterate( p, &end_set, end,
+                                         &cur->oid, &cur->val );
+        if( ret != 0 )
+            return( ret + MBEDTLS_ERR_X509_INVALID_NAME );
+
+        if( *p != end_set )
+            cur->next_merged = 1;
+
+        if( *p == end )
+        {
+            cur->next = NULL;
+            break;
+        }
+
+        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+        if( cur->next == NULL )
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+        cur = cur->next;
+    }
+
+    return( 0 );
+}
+
+
 static int x509_parse_int( unsigned char **p, size_t n, int *res )
 {
     *res = 0;