yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-28 20:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make use of CRT acquire/release in x509_crt_verify_name()

Browse source 
This commit modifies the static function `x509_crt_verify_name()` to
use the acquire/release API to access the given CRTs `subject` field.

This function is solely called from the beginning of the CRT chain
verification routine, which also needs to access the child's CRT frame.
It should therefore be considered - for a later commit - to collapse
the two acquire/release pairs to one, thereby saving some code.
This commit is contained in:
Hanno Becker 2019-02-25 18:14:40 +00:00
parent 58c35646df
commit 082435c011
1 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
library/x509_crt.c
View file

@ -3030,18 +3030,23 @@ static int x509_crt_subject_alt_check_name( void *ctx,
/* /*
* Verify the requested CN - only call this if cn is not NULL! * Verify the requested CN - only call this if cn is not NULL!
*/ */
static void x509_crt_verify_name( const mbedtls_x509_crt *crt, static int x509_crt_verify_name( const mbedtls_x509_crt *crt,
const char *cn, const char *cn,
uint32_t *flags ) uint32_t *flags )
{ {
int ret; int ret;
mbedtls_x509_crt_frame *frame;
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) ret = x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
if( frame->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{ {
unsigned char *p = unsigned char *p =
crt->subject_alt_raw.p; frame->subject_alt_raw.p;
const unsigned char *end = const unsigned char *end =
crt->subject_alt_raw.p + crt->subject_alt_raw.len; frame->subject_alt_raw.p + frame->subject_alt_raw.len;
ret = mbedtls_asn1_traverse_sequence_of( &p, end, ret = mbedtls_asn1_traverse_sequence_of( &p, end,
MBEDTLS_ASN1_TAG_CLASS_MASK, MBEDTLS_ASN1_TAG_CLASS_MASK,
@ -3053,13 +3058,23 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
} }
else else
{ {
ret = mbedtls_x509_name_cmp_raw( &crt->subject_raw_no_hdr, ret = mbedtls_x509_name_cmp_raw( &frame->subject_raw,
&crt->subject_raw_no_hdr, &frame->subject_raw,
x509_crt_check_name, (void*) cn ); x509_crt_check_name, (void*) cn );
} }
if( ret != 1 ) x509_crt_frame_release( crt, frame );
/* x509_crt_check_name() and x509_crt_subject_alt_check_name()
* return 1 when finding a name component matching `cn`. */
if( ret == 1 )
return( 0 );
if( ret != 0 )
ret = MBEDTLS_ERR_X509_FATAL_ERROR;
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
return( ret );
} }
/* /*