Extract name checking to separate function

Just copy-paste and unindent
This commit is contained in:
Manuel Pégourié-Gonnard 2017-07-04 01:13:44 +02:00
parent 6368612a8f
commit 1300e99eb1

View file

@ -2154,52 +2154,16 @@ callback:
} }
/* /*
* Verify the certificate validity * Verify the requested CN - only call this if cn is not NULL!
*/ */
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, static void x509_crt_verify_name( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca, const char *cn,
mbedtls_x509_crl *ca_crl, uint32_t *flags )
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{ {
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
}
/*
* Verify the certificate validity, with profile
*
* This function only checks the requested CN (if any) and then delegates
* chain building/verification to verify_chain(). Before that, it checks the
* key size of the EE certificate, as verify_chain() will only verify that of
* parent certificates.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
size_t cn_len;
int ret;
mbedtls_x509_name *name; mbedtls_x509_name *name;
mbedtls_x509_sequence *cur = NULL; mbedtls_x509_sequence *cur = NULL;
mbedtls_pk_type_t pk_type; size_t cn_len;
*flags = 0;
if( profile == NULL )
{
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto exit;
}
if( cn != NULL )
{
name = &crt->subject; name = &crt->subject;
cn_len = strlen( cn ); cn_len = strlen( cn );
@ -2248,8 +2212,53 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
if( name == NULL ) if( name == NULL )
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
} }
}
/*
* Verify the certificate validity
*/
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
}
/*
* Verify the certificate validity, with profile
*
* This function only checks the requested CN (if any) and then delegates
* chain building/verification to verify_chain(). Before that, it checks the
* key size of the EE certificate, as verify_chain() will only verify that of
* parent certificates.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
int ret;
mbedtls_pk_type_t pk_type;
*flags = 0;
if( profile == NULL )
{
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
goto exit;
} }
/* check name if requested */
if( cn != NULL )
x509_crt_verify_name( crt, cn, flags );
/* Check the type and size of the key */ /* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk ); pk_type = mbedtls_pk_get_type( &crt->pk );