From a632e3638cbeeb32240cd1e4468b699f5694e7a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 20 Feb 2019 13:44:36 +0000 Subject: [PATCH] Add buffer with raw issuer data to CRL structure To make use of the X.509 name comparison function based on raw ASN.1 data that was introduced in the previous commit, this commit adds an ASN.1 buffer field `issuer_raw_no_hdr` to `mbedtls_x509_crl` which delimits the raw contents of the CRLs `Issuer` field. The previous field `issuer_raw` isn't suitable for that because it includes the ASN.1 header. --- include/mbedtls/x509.h | 9 +++++++++ include/mbedtls/x509_crl.h | 3 ++- library/x509_crl.c | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 13067b8f3..152e4b683 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -183,6 +183,15 @@ extern "C" { * \{ */ +/** + * Basic length-value buffer structure + */ +typedef struct mbedtls_x509_buf_raw +{ + unsigned char *p; /*!< The address of the first byte in the buffer. */ + size_t len; /*!< The number of Bytes in the buffer. */ +} mbedtls_x509_buf_raw; + /** * Type-length-value structure that allows for ASN1 using DER. */ diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 2bb95de16..b035c6c4f 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -75,7 +75,8 @@ typedef struct mbedtls_x509_crl int version; /**< CRL version (1=v1, 2=v2) */ mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ + mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). */ + mbedtls_x509_buf_raw issuer_raw_no_hdr; mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ diff --git a/library/x509_crl.c b/library/x509_crl.c index a56d5e3e8..f07784128 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -428,6 +428,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); } + crl->issuer_raw_no_hdr.p = p; if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) { @@ -435,6 +436,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } + crl->issuer_raw_no_hdr.len = p - crl->issuer_raw_no_hdr.p; crl->issuer_raw.len = p - crl->issuer_raw.p; /*