yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-10-29 22:47:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

x509: rename a few variables and parameters

Browse source 
cn is not fully adequate as the name is not necessarily the Common Name.

Also, it's better have an explicit indication in the name of the variable if
it holds the expected name or some name from the certificate.
This commit is contained in:
Manuel Pégourié-Gonnard 2016-01-28 17:04:28 +01:00
parent af58894233
commit b74b50b4b1
2 changed files with 26 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
include/mbedtls/x509_crt.h
View file

@ -274,7 +274,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* \param crt a certificate to be verified
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
* \param cn expected Common Name (can be set to
* \param exp_name expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
@ -290,7 +290,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
@ -308,7 +308,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
* \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's
* \param profile security profile for verification
* \param cn expected Common Name (can be set to
* \param exp_name expected Common Name (can be set to
* NULL if the CN must not be verified)
* \param flags result of the verification
* \param f_vrfy verification function
@ -325,7 +325,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );

45
library/x509_crt.c
View file

@ -1798,28 +1798,28 @@ static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
/*
* Return 0 if name matches wildcard, -1 otherwise
*/
static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
static int x509_check_wildcard( const char *exp_name, mbedtls_x509_buf *name )
{
size_t i;
size_t cn_idx = 0, cn_len = strlen( cn );
size_t idx = 0, exp_len = strlen( exp_name );
if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
return( 0 );
for( i = 0; i < cn_len; ++i )
for( i = 0; i < exp_len; ++i )
{
if( cn[i] == '.' )
if( exp_name[i] == '.' )
{
cn_idx = i;
idx = i;
break;
}
}
if( cn_idx == 0 )
if( idx == 0 )
return( -1 );
if( cn_len - cn_idx == name->len - 1 &&
x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
if( exp_len - idx == name->len - 1 &&
x509_memcasecmp( name->p + 1, exp_name + idx, name->len - 1 ) == 0 )
{
return( 0 );
}
@ -2209,26 +2209,27 @@ static int x509_crt_verify_child(
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
&mbedtls_x509_crt_profile_default,
exp_name, flags, f_vrfy, p_vrfy ) );
}
/*
* Verify that the certificate matches wit the expected name
*/
static int x509_crt_verify_name( mbedtls_x509_crt *crt,
const char *cn )
const char *exp_name )
{
size_t cn_len;
size_t exp_len;
mbedtls_x509_name *name;
mbedtls_x509_sequence *cur;
name = &crt->subject;
cn_len = strlen( cn );
exp_len = strlen( exp_name );
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
@ -2236,15 +2237,15 @@ static int x509_crt_verify_name( mbedtls_x509_crt *crt,
while( cur != NULL )
{
if( cur->buf.len == cn_len &&
x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
if( cur->buf.len == exp_len &&
x509_memcasecmp( exp_name, cur->buf.p, exp_len ) == 0 )
{
return( 0 );
}
if( cur->buf.len > 2 &&
memcmp( cur->buf.p, "*.", 2 ) == 0 &&
x509_check_wildcard( cn, &cur->buf ) == 0 )
x509_check_wildcard( exp_name, &cur->buf ) == 0 )
{
return( 0 );
}
@ -2258,15 +2259,15 @@ static int x509_crt_verify_name( mbedtls_x509_crt *crt,
{
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
{
if( name->val.len == cn_len &&
x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
if( name->val.len == exp_len &&
x509_memcasecmp( name->val.p, exp_name, exp_len ) == 0 )
{
return( 0 );
}
if( name->val.len > 2 &&
memcmp( name->val.p, "*.", 2 ) == 0 &&
x509_check_wildcard( cn, &name->val ) == 0 )
x509_check_wildcard( exp_name, &name->val ) == 0 )
{
return( 0 );
}
@ -2286,7 +2287,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
const char *exp_name, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
@ -2301,10 +2302,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
*flags = 0;
/* Check the expected name */
if( cn != NULL && x509_crt_verify_name( crt, cn ) != 0 )
{
if( exp_name != NULL && x509_crt_verify_name( crt, exp_name ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
}
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk );