Move length check into mbedtls_x509_memcasecmp()

At every occasion where we're using `mbedtls_x509_memcasecmp()` we're checking that the two buffer lengths coincide before making the call. This commit saves a few bytes of code by moving this length check to `mbedtls_x509_memcasecmp()`.
2025-01-23 02:11:07 +00:00 · 2019-02-22 11:46:06 +00:00 · 2019-02-22 11:46:06 +00:00 · b3def1d341
parent f1b39bf18c
commit b3def1d341
3 changed files with 13 additions and 11 deletions
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@ -318,7 +318,8 @@ int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a,
                                             mbedtls_x509_buf *oid,
                                             mbedtls_x509_buf *val ),
                               void *check_ctx );
-int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len );
+int mbedtls_x509_memcasecmp( const void *s1, const void *s2,
+                             size_t len1, size_t lend2 );
 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
                  mbedtls_x509_buf *ext, int tag );

--- a/library/x509.c
+++ b/library/x509.c
@ -487,13 +487,17 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
 /*
 * Like memcmp, but case-insensitive and always returns -1 if different
 */
-int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len )
+int mbedtls_x509_memcasecmp( const void *s1, const void *s2,
+                             size_t len1, size_t len2 )
 {
    size_t i;
    unsigned char diff;
    const unsigned char *n1 = s1, *n2 = s2;

-    for( i = 0; i < len; i++ )
+    if( len1 != len2 )
+        return( -1 );
+
+    for( i = 0; i < len1; i++ )
    {
        diff = n1[i] ^ n2[i];

@ -531,8 +535,8 @@ static int x509_string_cmp( const mbedtls_x509_buf *a,

    if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
        ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
-        a->len == b->len &&
-        mbedtls_x509_memcasecmp( a->p, b->p, b->len ) == 0 )
+        mbedtls_x509_memcasecmp( a->p, b->p,
+                                 a->len, b->len ) == 0 )
    {
        return( 0 );
    }
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -254,8 +254,8 @@ static int x509_check_wildcard( char const *cn,
    if( cn_idx == 0 )
        return( -1 );

-    if( cn_len - cn_idx == buf_len - 1 &&
-        mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx, buf_len - 1 ) == 0 )
+    if( mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx,
+                                 buf_len - 1, cn_len - cn_idx ) == 0 )
    {
        return( 0 );
    }
@ -2387,11 +2387,8 @@ static int x509_crt_check_cn( unsigned char const *buf,
                              size_t cn_len )
 {
    /* Try exact match */
-    if( buflen == cn_len &&
-        mbedtls_x509_memcasecmp( cn, buf, cn_len ) == 0 )
-    {
+    if( mbedtls_x509_memcasecmp( cn, buf, buflen, cn_len ) == 0 )
        return( 0 );
-    }

    /* try wildcard match */
    if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 )