From 8fd98d6e62a653a01ea096702b11149e016a7038 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 27 Jun 2023 15:17:44 +0100
Subject: [PATCH 1/3] Return an error when no name is parsed

When less than 1 RDN is successfully parsed in
mbedtls_x509_string_to_names(), return an error. Previously this
returned success when a string containing neither '=' or ',' was
supplied.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/x509_create.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/x509_create.c b/library/x509_create.c
index 50db95688..cdfc82aa5 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -125,7 +125,7 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name,
 
 int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
 {
-    int ret = 0;
+    int ret = MBEDTLS_ERR_X509_INVALID_NAME;
     const char *s = name, *c = s;
     const char *end = s + strlen(s);
     const char *oid = NULL;
@@ -177,6 +177,9 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
 
             s = c + 1;
             in_tag = 1;
+
+            /* Successfully parsed one name, update ret to success */
+            ret = 0;
         }
 
         if (!in_tag && s != c + 1) {

From b50ae1fef10699fc94fd95cbedb17ee292dbe541 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 27 Jun 2023 15:29:46 +0100
Subject: [PATCH 2/3] Add regression testcase for string_to_names()

Test against a string with no '=' or ',' in it, which previously caused
mbedtls_x509_string_to_names() to return 0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/suites/test_suite_x509write.data | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 4eeeacdcc..084855019 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -184,5 +184,8 @@ mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_
 X509 String to Names #6 (Escape at end)
 mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
 
+X509 String to Names #6 (Invalid, no '=' or ',')
+mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
+
 Check max serial length
 x509_set_serial_check:

From 582b7cf0d4ab719dcd9cded1f95f49d633e73812 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 27 Jun 2023 15:38:02 +0100
Subject: [PATCH 3/3] Add ChangeLog entry for string_to_names() fix

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 ChangeLog.d/fix-string-to-names-retcode.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/fix-string-to-names-retcode.txt

diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
new file mode 100644
index 000000000..ac4b3d176
--- /dev/null
+++ b/ChangeLog.d/fix-string-to-names-retcode.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a bug in which mbedtls_x509_string_to_names() would return success
+     when given a invalid name string if it did not contain '=' or ','.