verify_name(): factor duplicated code to function

2025-11-03 20:33:16 +03:00 · 2017-07-04 01:31:59 +02:00
parent 1300e99eb1
commit a468eb1764
1 changed files with 35 additions and 34 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1752,7 +1752,7 @@ static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
 /*
 * Return 0 if name matches wildcard, -1 otherwise
 */
-static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
+static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
 {
    size_t i;
    size_t cn_idx = 0, cn_len = strlen( cn );
@@ -2153,38 +2153,47 @@ callback:
    return( 0 );
 }
 /*
 * Check for CN match
 */
 static int x509_crt_check_cn( const mbedtls_x509_buf *name,
                              const char *cn, size_t cn_len )
 {
    /* try exact match */
    if( name->len == cn_len &&
        x509_memcasecmp( cn, name->p, cn_len ) == 0 )
    {
        return( 0 );
    }
    /* try wildcard match */
    if( name->len > 2 &&
        memcmp( name->p, "*.", 2 ) == 0 &&
        x509_check_wildcard( cn, name ) == 0 )
    {
        return( 0 );
    }
    return( -1 );
 }
 /*
 * Verify the requested CN - only call this if cn is not NULL!
 */
-static void x509_crt_verify_name( mbedtls_x509_crt *crt,
+static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
                                  const char *cn,
                                  uint32_t *flags )
 {
-    mbedtls_x509_name *name;
+    const mbedtls_x509_name *name;
-    mbedtls_x509_sequence *cur = NULL;
+    const mbedtls_x509_sequence *cur;
-    size_t cn_len;
+    size_t cn_len = strlen( cn );
    name = &crt->subject;
    cn_len = strlen( cn );
    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
    {
-        cur = &crt->subject_alt_names;
+        for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
        while( cur != NULL )
        {
-            if( cur->buf.len == cn_len &&
+            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
                x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
                break;
            if( cur->buf.len > 2 &&
                memcmp( cur->buf.p, "*.", 2 ) == 0 &&
                x509_check_wildcard( cn, &cur->buf ) == 0 )
            {
                break;
            }
            cur = cur->next;
        }
        if( cur == NULL )
@@ -2192,21 +2201,13 @@ static void x509_crt_verify_name( mbedtls_x509_crt *crt,
    }
    else
    {
-        while( name != NULL )
+        for( name = &crt->subject; name != NULL;  name = name->next )
        {
-            if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
+            if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
                x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
            {
-                if( name->val.len == cn_len &&
+                break;
                    x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
                    break;
                if( name->val.len > 2 &&
                    memcmp( name->val.p, "*.", 2 ) == 0 &&
                    x509_check_wildcard( cn, &name->val ) == 0 )
                    break;
            }
            name = name->next;
        }
        if( name == NULL )