Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.

Also updated the x509_get_general_names function to be able to parse rfc822Names Test are also updated according these changes. Signed-off-by: toth92g <toth92g@gmail.com>
2021-05-10 15:16:33 +02:00 · 2021-05-10 15:16:33 +02:00 · 8d435a0c8b
commit 8d435a0c8b
parent 5042b104c2
5 changed files with 375 additions and 107 deletions
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@ -248,7 +248,7 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
 */
 typedef struct mbedtls_x509_authority {
    mbedtls_x509_buf keyIdentifier;
-    mbedtls_x509_name authorityCertIssuer;
+    mbedtls_x509_sequence authorityCertIssuer;
    mbedtls_x509_buf authorityCertSerialNumber;
    mbedtls_x509_buf raw;
 }
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -561,6 +561,36 @@ int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);

 #endif /* MBEDTLS_FS_IO */
+/**
+ * \brief          This function parses an item in the SubjectAlternativeNames
+ *                 extension.
+ *
+ * \param san_buf  The buffer holding the raw data item of the subject
+ *                 alternative name.
+ * \param san      The target structure to populate with the parsed presentation
+ *                 of the subject alternative name encoded in \p san_raw.
+ *
+ * \note           Only "dnsName" and "otherName" and "rfc822Name" of type hardware_module_name
+ *                 as defined in RFC 4180 is supported.
+ *
+ * \note           This function should be called on a single raw data of
+ *                 subject alternative name. For example, after successful
+ *                 certificate parsing, one must iterate on every item in the
+ *                 \p crt->subject_alt_names sequence, and pass it to
+ *                 this function.
+ *
+ * \warning        The target structure contains pointers to the raw data of the
+ *                 parsed certificate, and its lifetime is restricted by the
+ *                 lifetime of the certificate.
+ *
+ * \return         \c 0 on success
+ * \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+ *                 SAN type.
+ * \return         Another negative value for any other failure.
+ */
+int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf,
+                                    mbedtls_x509_subject_alternative_name *san);
+
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
 * \brief          Returns an informational string about the