From 2492622289039005536e6e949c0000ce13b52f72 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 21 Feb 2019 13:10:55 +0000
Subject: [PATCH] Pass raw data to x509_check_wildcard() and
 `x509_crt_check_cn()`

In preparation for rewriting the `SubjectAlternativeName` search routine
to use raw ASN.1 data, this commit changes `x509_check_wildcard()` and
`x509_check_cn()`, responsible for checking whether a name matches a
wildcard pattern, to take a raw buffer pointer and length as parameters
instead of an `mbedtls_x509_buf` instance.
---
 library/x509_crt.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 243373ea7..c628e812a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -230,13 +230,16 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
 /*
  * Return 0 if name matches wildcard, -1 otherwise
  */
-static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
+static int x509_check_wildcard( char const *cn,
+                                size_t cn_len,
+                                unsigned char const *buf,
+                                size_t buf_len )
 {
     size_t i;
-    size_t cn_idx = 0, cn_len = strlen( cn );
+    size_t cn_idx = 0;
 
     /* We can't have a match if there is no wildcard to match */
-    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
+    if( buf_len < 3 || buf[0] != '*' || buf[1] != '.' )
         return( -1 );
 
     for( i = 0; i < cn_len; ++i )
@@ -251,8 +254,8 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
     if( cn_idx == 0 )
         return( -1 );
 
-    if( cn_len - cn_idx == name->len - 1 &&
-        mbedtls_x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+    if( cn_len - cn_idx == buf_len - 1 &&
+        mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx, buf_len - 1 ) == 0 )
     {
         return( 0 );
     }
@@ -2387,18 +2390,20 @@ find_parent:
 /*
  * Check for CN match
  */
-static int x509_crt_check_cn( const mbedtls_x509_buf *name,
-                              const char *cn, size_t cn_len )
+static int x509_crt_check_cn( unsigned char const *buf,
+                              size_t buflen,
+                              const char *cn,
+                              size_t cn_len )
 {
-    /* try exact match */
-    if( name->len == cn_len &&
-        mbedtls_x509_memcasecmp( cn, name->p, cn_len ) == 0 )
+    /* Try exact match */
+    if( buflen == cn_len &&
+        mbedtls_x509_memcasecmp( cn, buf, cn_len ) == 0 )
     {
         return( 0 );
     }
 
     /* try wildcard match */
-    if( x509_check_wildcard( cn, name ) == 0 )
+    if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 )
     {
         return( 0 );
     }
@@ -2418,7 +2423,7 @@ static int x509_crt_check_name( void *ctx,
     size_t cn_len = strlen( cn );
 
     if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, oid ) == 0 &&
-        x509_crt_check_cn( val, cn, cn_len ) == 0 )
+        x509_crt_check_cn( val->p, val->len, cn, cn_len ) == 0 )
     {
         return( 1 );
     }
@@ -2440,7 +2445,8 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
     {
         for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
         {
-            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
+            if( x509_crt_check_cn( cur->buf.p, cur->buf.len,
+                                   cn, cn_len ) == 0 )
                 break;
         }