diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 2a9ce99a4..e37573f8f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -313,8 +313,8 @@ int mbedtls_x509_self_test( int verbose ); * Internal module functions. You probably do not want to use these unless you * know you do. */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ); +int mbedtls_x509_get_name( unsigned char *p, size_t len, + mbedtls_x509_name *cur ); int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg ); int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index b035c6c4f..2950f302f 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -76,7 +76,6 @@ typedef struct mbedtls_x509_crl mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */ - mbedtls_x509_buf_raw issuer_raw_no_hdr; mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 4335ab3c6..e4b888259 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -95,9 +95,6 @@ typedef struct mbedtls_x509_crt_frame mbedtls_x509_buf_raw subject_alt_raw; /**< The raw data for the SubjectAlternativeNames extension. */ mbedtls_x509_buf_raw ext_key_usage_raw; /**< The raw data for the ExtendedKeyUsage extension. */ - mbedtls_x509_buf_raw issuer_raw_with_hdr; - mbedtls_x509_buf_raw subject_raw_with_hdr; - } mbedtls_x509_crt_frame; /* This is an internal structure used for caching parsed data from an X.509 CRT. @@ -139,9 +136,6 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ - mbedtls_x509_buf_raw subject_raw_no_hdr; - mbedtls_x509_buf_raw issuer_raw_no_hdr; - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f00e44ba6..6757e2ab2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3001,7 +3001,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( ret != 0 ) return( ret ); - dn_size = frame->subject_raw_with_hdr.len; + dn_size = frame->subject_raw.len; if( end < p || (size_t)( end - p ) < dn_size || @@ -3014,7 +3014,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( dn_size >> 8 ); *p++ = (unsigned char)( dn_size ); - memcpy( p, frame->subject_raw_with_hdr.p, dn_size ); + memcpy( p, frame->subject_raw.p, dn_size ); p += dn_size; MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size ); diff --git a/library/x509.c b/library/x509.c index 55726da98..9d00bebb5 100644 --- a/library/x509.c +++ b/library/x509.c @@ -544,53 +544,67 @@ int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a, void *abort_check_ctx ) { int ret; + size_t idx; + unsigned char *p[2], *end[2], *set[2]; - unsigned char *p_a, *end_a, *set_a; - unsigned char *p_b, *end_b, *set_b; + p[0] = a->p; + p[1] = b->p; + end[0] = p[0] + a->len; + end[1] = p[1] + b->len; - p_a = set_a = (unsigned char*) a->p; - p_b = set_b = (unsigned char*) b->p; + for( idx = 0; idx < 2; idx++ ) + { + size_t len; + ret = mbedtls_asn1_get_tag( &p[idx], end[idx], &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ); - end_a = p_a + a->len; - end_b = p_b + b->len; + if( end[idx] != p[idx] + len ) + { + return( MBEDTLS_ERR_X509_INVALID_NAME + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + set[idx] = p[idx]; + } while( 1 ) { int next_merged; - mbedtls_x509_buf oid_a, val_a, oid_b, val_b; + mbedtls_x509_buf oid[2], val[2]; - ret = x509_set_sequence_iterate( &p_a, (const unsigned char **) &set_a, - end_a, &oid_a, &val_a ); + ret = x509_set_sequence_iterate( &p[0], (const unsigned char **) &set[0], + end[0], &oid[0], &val[0] ); if( ret != 0 ) goto exit; - ret = x509_set_sequence_iterate( &p_b, (const unsigned char **) &set_b, - end_b, &oid_b, &val_b ); + ret = x509_set_sequence_iterate( &p[1], (const unsigned char **) &set[1], + end[1], &oid[1], &val[1] ); if( ret != 0 ) goto exit; - if( oid_a.len != oid_b.len || - memcmp( oid_a.p, oid_b.p, oid_b.len ) != 0 ) + if( oid[0].len != oid[1].len || + memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 ) { return( 1 ); } - if( x509_string_cmp( &val_a, &val_b ) != 0 ) + if( x509_string_cmp( &val[0], &val[1] ) != 0 ) return( 1 ); - next_merged = ( set_a != p_a ); - if( next_merged != ( set_b != p_b ) ) + next_merged = ( set[0] != p[0] ); + if( next_merged != ( set[1] != p[1] ) ) return( 1 ); if( abort_check != NULL ) { - ret = abort_check( abort_check_ctx, &oid_a, &val_a, + ret = abort_check( abort_check_ctx, &oid[0], &val[0], next_merged ); if( ret != 0 ) return( ret ); } - if( p_a == end_a && p_b == end_b ) + if( p[0] == end[0] && p[1] == end[1] ) break; } @@ -626,20 +640,15 @@ static int x509_get_name_cb( void *ctx, return( 0 ); } -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, +int mbedtls_x509_get_name( unsigned char *p, + size_t len, mbedtls_x509_name *cur ) { - int ret; - mbedtls_x509_buf_raw name_buf = { *p, end - *p }; + mbedtls_x509_buf_raw name_buf = { p, len }; memset( cur, 0, sizeof( mbedtls_x509_name ) ); - ret = mbedtls_x509_name_cmp_raw( &name_buf, &name_buf, - x509_get_name_cb, - &cur ); - if( ret != 0 ) - return( ret ); - - *p = (unsigned char*) end; - return( 0 ); + return( mbedtls_x509_name_cmp_raw( &name_buf, &name_buf, + x509_get_name_cb, + &cur ) ); } static int x509_parse_int( unsigned char **p, size_t n, int *res ) diff --git a/library/x509_crl.c b/library/x509_crl.c index f07784128..5829425c4 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -428,17 +428,17 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } - crl->issuer_raw_no_hdr.p = p; + p += len; + crl->issuer_raw.len = p - crl->issuer_raw.p; - if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) + if( ( ret = mbedtls_x509_get_name( crl->issuer_raw.p, + crl->issuer_raw.len, + &crl->issuer ) ) != 0 ) { mbedtls_x509_crl_free( crl ); return( ret ); } - crl->issuer_raw_no_hdr.len = p - crl->issuer_raw_no_hdr.p; - crl->issuer_raw.len = p - crl->issuer_raw.p; - /* * thisUpdate Time * nextUpdate Time OPTIONAL diff --git a/library/x509_crt.c b/library/x509_crt.c index fb5265a7f..bd452b693 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -126,8 +126,10 @@ int mbedtls_x509_crt_cache_provide_frame( mbedtls_x509_crt const *crt ) frame->serial.len = crt->serial.len; frame->pubkey_raw.p = crt->pk_raw.p; frame->pubkey_raw.len = crt->pk_raw.len; - frame->issuer_raw = crt->issuer_raw_no_hdr; - frame->subject_raw = crt->subject_raw_no_hdr; + frame->issuer_raw.p = crt->issuer_raw.p; + frame->issuer_raw.len = crt->issuer_raw.len; + frame->subject_raw.p = crt->subject_raw.p; + frame->subject_raw.len = crt->subject_raw.len; frame->issuer_id.p = crt->issuer_id.p; frame->issuer_id.len = crt->issuer_id.len; frame->subject_id.p = crt->subject_id.p; @@ -136,10 +138,6 @@ int mbedtls_x509_crt_cache_provide_frame( mbedtls_x509_crt const *crt ) frame->sig.len = crt->sig.len; frame->v3_ext.p = crt->v3_ext.p; frame->v3_ext.len = crt->v3_ext.len; - frame->issuer_raw_with_hdr.p = crt->issuer_raw.p; - frame->issuer_raw_with_hdr.len = crt->issuer_raw.len; - frame->subject_raw_with_hdr.p = crt->subject_raw.p; - frame->subject_raw_with_hdr.len = crt->subject_raw.len; /* The legacy CRT structure doesn't explicitly contain * the `AlgorithmIdentifier` bounds; however, those can @@ -1185,15 +1183,14 @@ static int x509_crt_parse_frame( unsigned char *start, * * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName */ - frame->issuer_raw_with_hdr.p = p; + frame->issuer_raw.p = p; ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) return( ret + MBEDTLS_ERR_X509_INVALID_FORMAT ); - frame->issuer_raw.p = p; - frame->issuer_raw.len = len; p += len; + frame->issuer_raw.len = p - frame->issuer_raw.p; ret = mbedtls_x509_name_cmp_raw( &frame->issuer_raw, &frame->issuer_raw, @@ -1201,8 +1198,6 @@ static int x509_crt_parse_frame( unsigned char *start, if( ret != 0 ) return( ret ); - frame->issuer_raw_with_hdr.len = p - frame->issuer_raw_with_hdr.p; - /* * Validity ::= SEQUENCE { ... */ @@ -1218,15 +1213,14 @@ static int x509_crt_parse_frame( unsigned char *start, * * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName */ - frame->subject_raw_with_hdr.p = p; + frame->subject_raw.p = p; ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) return( ret + MBEDTLS_ERR_X509_INVALID_FORMAT ); - frame->subject_raw.p = p; - frame->subject_raw.len = len; p += len; + frame->subject_raw.len = p - frame->subject_raw.p; ret = mbedtls_x509_name_cmp_raw( &frame->subject_raw, &frame->subject_raw, @@ -1234,8 +1228,6 @@ static int x509_crt_parse_frame( unsigned char *start, if( ret != 0 ) return( ret ); - frame->subject_raw_with_hdr.len = p - frame->subject_raw_with_hdr.p; - /* * SubjectPublicKeyInfo */ @@ -1317,19 +1309,17 @@ static int x509_crt_parse_frame( unsigned char *start, static int x509_crt_subject_from_frame( mbedtls_x509_crt_frame *frame, mbedtls_x509_name *subject ) { - unsigned char *p = frame->subject_raw.p; - unsigned char *end = p + frame->subject_raw.len; - - return( mbedtls_x509_get_name( &p, end, subject ) ); + return( mbedtls_x509_get_name( frame->subject_raw.p, + frame->subject_raw.len, + subject ) ); } static int x509_crt_issuer_from_frame( mbedtls_x509_crt_frame *frame, mbedtls_x509_name *issuer ) { - unsigned char *p = frame->issuer_raw.p; - unsigned char *end = p + frame->issuer_raw.len; - - return( mbedtls_x509_get_name( &p, end, issuer ) ); + return( mbedtls_x509_get_name( frame->issuer_raw.p, + frame->issuer_raw.len, + issuer ) ); } static int x509_crt_subject_alt_from_frame( mbedtls_x509_crt_frame *frame, @@ -1453,12 +1443,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, crt->tbs.len = frame->tbs.len; crt->serial.p = frame->serial.p; crt->serial.len = frame->serial.len; - crt->issuer_raw.p = frame->issuer_raw_with_hdr.p; - crt->issuer_raw.len = frame->issuer_raw_with_hdr.len; - crt->subject_raw.p = frame->subject_raw_with_hdr.p; - crt->subject_raw.len = frame->subject_raw_with_hdr.len; - crt->issuer_raw_no_hdr = frame->issuer_raw; - crt->subject_raw_no_hdr = frame->subject_raw; + crt->issuer_raw.p = frame->issuer_raw.p; + crt->issuer_raw.len = frame->issuer_raw.len; + crt->subject_raw.p = frame->subject_raw.p; + crt->subject_raw.len = frame->subject_raw.len; crt->issuer_id.p = frame->issuer_id.p; crt->issuer_id.len = frame->issuer_id.len; crt->subject_id.p = frame->subject_id.p; @@ -2561,7 +2549,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial, while( crl_list != NULL ) { if( crl_list->version == 0 || - mbedtls_x509_name_cmp_raw( &crl_list->issuer_raw_no_hdr, + mbedtls_x509_name_cmp_raw( &crl_list->issuer_raw, &ca_subject, NULL, NULL ) != 0 ) { crl_list = crl_list->next; diff --git a/library/x509_csr.c b/library/x509_csr.c index d1a276041..23af9aebc 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -183,15 +183,17 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } + p += len; + csr->subject_raw.len = p - csr->subject_raw.p; - if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) + if( ( ret = mbedtls_x509_get_name( csr->subject_raw.p, + csr->subject_raw.len, + &csr->subject ) ) != 0 ) { mbedtls_x509_csr_free( csr ); return( ret ); } - csr->subject_raw.len = p - csr->subject_raw.p; - /* * subjectPKInfo SubjectPublicKeyInfo */ diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 535807e3a..f404f898b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -216,7 +216,7 @@ void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result ) { int ret; - size_t len = 0; + size_t len; mbedtls_asn1_named_data *names = NULL; mbedtls_x509_name parsed, *parsed_cur, *parsed_prv; unsigned char buf[1024], out[1024], *c; @@ -234,10 +234,9 @@ void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result ret = mbedtls_x509_write_names( &c, buf, names ); TEST_ASSERT( ret > 0 ); + len = (size_t) ret; - TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 ); - TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 ); + TEST_ASSERT( mbedtls_x509_get_name( c, len, &parsed ) == 0 ); ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed ); TEST_ASSERT( ret > 0 );