Provide X.509 name comparison based on raw ASN.1 data

This commit provides a new function `mbedtls_x509_name_cmp_raw()`
to x509.c for comparing to X.509 names by traversing the raw ASN.1
data (as opposed to using the dynamically allocated linked list
of `mbedtls_x509_name` structures). It has external linkage because
it will be needed in `x509_crt` and `x509_crl`, but is marked
internal and hence not part of the public API.
This commit is contained in:
Hanno Becker 2019-02-20 12:42:07 +00:00
parent 88de342c95
commit a3a2ca1333
2 changed files with 53 additions and 0 deletions

View file

@ -305,6 +305,8 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
int mbedtls_x509_name_cmp( const mbedtls_x509_name *a,
const mbedtls_x509_name *b );
int mbedtls_x509_name_cmp_raw( const mbedtls_x509_buf_raw *a,
const mbedtls_x509_buf_raw *b );
int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );

View file

@ -583,6 +583,57 @@ int mbedtls_x509_name_cmp( const mbedtls_x509_name *a,
return( 0 );
}
int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a,
mbedtls_x509_buf_raw const *b )
{
int ret;
unsigned char *p_a, *end_a, *set_a;
unsigned char *p_b, *end_b, *set_b;
p_a = set_a = (unsigned char*) a->p;
p_b = set_b = (unsigned char*) b->p;
end_a = p_a + a->len;
end_b = p_b + b->len;
while( 1 )
{
mbedtls_x509_buf oid_a, val_a, oid_b, val_b;
ret = x509_set_sequence_iterate( &p_a, (const unsigned char **) &set_a,
end_a, &oid_a, &val_a );
if( ret != 0 )
goto exit;
ret = x509_set_sequence_iterate( &p_b, (const unsigned char **) &set_b,
end_b, &oid_b, &val_b );
if( ret != 0 )
goto exit;
if( oid_a.len != oid_b.len ||
memcmp( oid_a.p, oid_b.p, oid_b.len ) != 0 )
{
return( 1 );
}
if( x509_string_cmp( &val_a, &val_b ) != 0 )
return( 1 );
if( ( set_a == p_a ) != ( set_b == p_b ) )
return( 1 );
if( p_a == end_a && p_b == end_b )
break;
}
exit:
if( ret < 0 )
ret += MBEDTLS_ERR_X509_INVALID_NAME;
return( ret );
}
static int x509_parse_int( unsigned char **p, size_t n, int *res )
{
*res = 0;