yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-12 05:05:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pass raw data to x509_check_wildcard() and x509_crt_check_cn()

Browse source 
In preparation for rewriting the `SubjectAlternativeName` search routine
to use raw ASN.1 data, this commit changes `x509_check_wildcard()` and
`x509_check_cn()`, responsible for checking whether a name matches a
wildcard pattern, to take a raw buffer pointer and length as parameters
instead of an `mbedtls_x509_buf` instance.
This commit is contained in:
Hanno Becker 2019-02-21 13:10:55 +00:00
parent ded167e18c
commit 2492622289
1 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
library/x509_crt.c
View file

@ -230,13 +230,16 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
/*
* Return 0 if name matches wildcard, -1 otherwise
*/
static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
static int x509_check_wildcard( char const *cn,
size_t cn_len,
unsigned char const *buf,
size_t buf_len )
{
size_t i;
size_t cn_idx = 0, cn_len = strlen( cn );
size_t cn_idx = 0;
/* We can't have a match if there is no wildcard to match */
if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
if( buf_len < 3 || buf[0] != '*' || buf[1] != '.' )
return( -1 );
for( i = 0; i < cn_len; ++i )
@ -251,8 +254,8 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
if( cn_idx == 0 )
return( -1 );
if( cn_len - cn_idx == name->len - 1 &&
mbedtls_x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
if( cn_len - cn_idx == buf_len - 1 &&
mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx, buf_len - 1 ) == 0 )
{
return( 0 );
}
@ -2387,18 +2390,20 @@ find_parent:
/*
* Check for CN match
*/
static int x509_crt_check_cn( const mbedtls_x509_buf *name,
const char *cn, size_t cn_len )
static int x509_crt_check_cn( unsigned char const *buf,
size_t buflen,
const char *cn,
size_t cn_len )
{
/* try exact match */
if( name->len == cn_len &&
mbedtls_x509_memcasecmp( cn, name->p, cn_len ) == 0 )
/* Try exact match */
if( buflen == cn_len &&
mbedtls_x509_memcasecmp( cn, buf, cn_len ) == 0 )
{
return( 0 );
}
/* try wildcard match */
if( x509_check_wildcard( cn, name ) == 0 )
if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 )
{
return( 0 );
}
@ -2418,7 +2423,7 @@ static int x509_crt_check_name( void *ctx,
size_t cn_len = strlen( cn );
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, oid ) == 0 &&
x509_crt_check_cn( val, cn, cn_len ) == 0 )
x509_crt_check_cn( val->p, val->len, cn, cn_len ) == 0 )
{
return( 1 );
}
@ -2440,7 +2445,8 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
{
for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
{
if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
if( x509_crt_check_cn( cur->buf.p, cur->buf.len,
cn, cn_len ) == 0 )
break;
}