yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 15:55:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement SubjectAltName traversal via ASN.1 SEQUENCE OF traversal

Browse source 
This commit re-implements the `SubjectAlternativeName` traversal
routine in terms of the generic ASN.1 SEQUENCE traversal routine.
This commit is contained in:
Hanno Becker 2019-02-21 21:13:21 +00:00
parent 8730610ae0
commit 90b9408dd0
1 changed files with 22 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
library/x509_crt.c
View file

@ -525,19 +525,12 @@ static int x509_get_subject_alt_name_cb( void *ctx,
mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx; mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx;
mbedtls_asn1_sequence *cur = *cur_ptr; mbedtls_asn1_sequence *cur = *cur_ptr;
/* Skip everything but DNS name */
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
return( 0 );
/* Allocate and assign next pointer */ /* Allocate and assign next pointer */
if( cur->buf.p != NULL ) if( cur->buf.p != NULL )
{ {
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL ) if( cur->next == NULL )
{ return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_ALLOC_FAILED );
}
cur = cur->next; cur = cur->next;
} }
@ -549,63 +542,21 @@ static int x509_get_subject_alt_name_cb( void *ctx,
return( 0 ); return( 0 );
} }
static int x509_subject_alt_name_traverse( unsigned char *p,
const unsigned char *end,
int (*cb)( void *ctx,
int tag,
unsigned char *data,
size_t data_len ),
void *ctx )
{
int ret;
size_t len;
/* Get main sequence tag */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
}
if( p + len != end )
{
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
while( p < end )
{
unsigned char const tag = *p++;
if( ( ret = mbedtls_asn1_get_len( &p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
MBEDTLS_ASN1_CONTEXT_SPECIFIC )
{
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
}
if( cb != NULL )
{
ret = cb( ctx, tag, p, len );
if( ret != 0 )
return( ret );
}
p += len;
}
return( 0 );
}
static int x509_get_subject_alt_name( unsigned char *p, static int x509_get_subject_alt_name( unsigned char *p,
const unsigned char *end, const unsigned char *end,
mbedtls_x509_sequence *subject_alt_name ) mbedtls_x509_sequence *subject_alt_name )
{ {
return( x509_subject_alt_name_traverse( p, end, int ret;
x509_get_subject_alt_name_cb, ret = mbedtls_asn1_traverse_sequence_of( &p, end,
(void*) &subject_alt_name ) ); MBEDTLS_ASN1_TAG_CLASS_MASK,
MBEDTLS_ASN1_CONTEXT_SPECIFIC,
MBEDTLS_ASN1_TAG_VALUE_MASK,
2 /* SubjectAlt DNS */,
x509_get_subject_alt_name_cb,
(void*) &subject_alt_name );
if( ret != 0 )
ret += MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
return( ret );
} }
/* /*
@ -2460,10 +2411,7 @@ static int x509_crt_subject_alt_check_name( void *ctx,
{ {
char const *cn = (char const*) ctx; char const *cn = (char const*) ctx;
size_t cn_len = strlen( cn ); size_t cn_len = strlen( cn );
((void) tag);
/* Skip everything but DNS name */
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
return( 0 );
if( x509_crt_check_cn( data, data_len, cn, cn_len ) == 0 ) if( x509_crt_check_cn( data, data_len, cn, cn_len ) == 0 )
return( 1 ); return( 1 );
@ -2482,13 +2430,18 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{ {
unsigned char *p =
crt->subject_alt_raw.p;
const unsigned char *end = const unsigned char *end =
crt->subject_alt_raw.p + crt->subject_alt_raw.len; crt->subject_alt_raw.p + crt->subject_alt_raw.len;
ret = x509_subject_alt_name_traverse( crt->subject_alt_raw.p, ret = mbedtls_asn1_traverse_sequence_of( &p, end,
end, MBEDTLS_ASN1_TAG_CLASS_MASK,
x509_crt_subject_alt_check_name, MBEDTLS_ASN1_CONTEXT_SPECIFIC,
(void*) cn ); MBEDTLS_ASN1_TAG_VALUE_MASK,
2 /* SubjectAlt DNS */,
x509_crt_subject_alt_check_name,
(void*) cn );
} }
else else
{ {