eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move length check into mbedtls_x509_memcasecmp()

Browse source 
At every occasion where we're using `mbedtls_x509_memcasecmp()` we're
checking that the two buffer lengths coincide before making the call.

This commit saves a few bytes of code by moving this length check
to `mbedtls_x509_memcasecmp()`.
This commit is contained in:
Hanno Becker 2019-02-22 11:46:06 +00:00
parent f1b39bf18c
commit b3def1d341
3 changed files with 13 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/x509.h
View file

@ -318,7 +318,8 @@ int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a,
mbedtls_x509_buf *oid, mbedtls_x509_buf *oid,
mbedtls_x509_buf *val ), mbedtls_x509_buf *val ),
void *check_ctx ); void *check_ctx );
int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len ); int mbedtls_x509_memcasecmp( const void *s1, const void *s2,
size_t len1, size_t lend2 );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag ); mbedtls_x509_buf *ext, int tag );

12
library/x509.c
View file

@ -487,13 +487,17 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
/* /*
* Like memcmp, but case-insensitive and always returns -1 if different * Like memcmp, but case-insensitive and always returns -1 if different
*/ */
int mbedtls_x509_memcasecmp( const void *s1, const void *s2, size_t len ) int mbedtls_x509_memcasecmp( const void *s1, const void *s2,
size_t len1, size_t len2 )
{ {
size_t i; size_t i;
unsigned char diff; unsigned char diff;
const unsigned char *n1 = s1, *n2 = s2; const unsigned char *n1 = s1, *n2 = s2;
for( i = 0; i < len; i++ ) if( len1 != len2 )
return( -1 );
for( i = 0; i < len1; i++ )
{ {
diff = n1[i] ^ n2[i]; diff = n1[i] ^ n2[i];
@ -531,8 +535,8 @@ static int x509_string_cmp( const mbedtls_x509_buf *a,
if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
a->len == b->len && mbedtls_x509_memcasecmp( a->p, b->p,
mbedtls_x509_memcasecmp( a->p, b->p, b->len ) == 0 ) a->len, b->len ) == 0 )
{ {
return( 0 ); return( 0 );
} }

9
library/x509_crt.c
View file

@ -254,8 +254,8 @@ static int x509_check_wildcard( char const *cn,
if( cn_idx == 0 ) if( cn_idx == 0 )
return( -1 ); return( -1 );
if( cn_len - cn_idx == buf_len - 1 && if( mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx,
mbedtls_x509_memcasecmp( buf + 1, cn + cn_idx, buf_len - 1 ) == 0 ) buf_len - 1, cn_len - cn_idx ) == 0 )
{ {
return( 0 ); return( 0 );
} }
@ -2387,11 +2387,8 @@ static int x509_crt_check_cn( unsigned char const *buf,
size_t cn_len ) size_t cn_len )
{ {
/* Try exact match */ /* Try exact match */
if( buflen == cn_len && if( mbedtls_x509_memcasecmp( cn, buf, buflen, cn_len ) == 0 )
mbedtls_x509_memcasecmp( cn, buf, cn_len ) == 0 )
{
return( 0 ); return( 0 );
}
/* try wildcard match */ /* try wildcard match */
if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 ) if( x509_check_wildcard( cn, cn_len, buf, buflen ) == 0 )