TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8d435a0c8b080e3d1c8fa2533d299cab818f65d1^! / . / include / mbedtls
commit8d435a0c8b080e3d1c8fa2533d299cab818f65d1[log] [tgz]
authortoth92g <toth92g@gmail.com>Mon May 10 15:16:33 2021 +0200
committerPrzemek Stekiel <przemyslaw.stekiel@mobica.com>Tue Apr 04 17:48:28 2023 +0200
tree4e0dbf3499d29ea9f1189426b370475fc63ff157
parent5042b104c23d1eb4e952c5bad859a2135c48e425 [diff]
Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 5a9f2b5..ed9ae63 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h

@@ -248,7 +248,7 @@
  */
 typedef struct mbedtls_x509_authority {
     mbedtls_x509_buf keyIdentifier;
-    mbedtls_x509_name authorityCertIssuer;
+    mbedtls_x509_sequence authorityCertIssuer;
     mbedtls_x509_buf authorityCertSerialNumber;
     mbedtls_x509_buf raw;
 }

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 672cdf5..42ae671a 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -561,6 +561,36 @@
 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
 
 #endif /* MBEDTLS_FS_IO */
+/**
+ * \brief          This function parses an item in the SubjectAlternativeNames
+ *                 extension.
+ *
+ * \param san_buf  The buffer holding the raw data item of the subject
+ *                 alternative name.
+ * \param san      The target structure to populate with the parsed presentation
+ *                 of the subject alternative name encoded in \p san_raw.
+ *
+ * \note           Only "dnsName" and "otherName" and "rfc822Name" of type hardware_module_name
+ *                 as defined in RFC 4180 is supported.
+ *
+ * \note           This function should be called on a single raw data of
+ *                 subject alternative name. For example, after successful
+ *                 certificate parsing, one must iterate on every item in the
+ *                 \p crt->subject_alt_names sequence, and pass it to
+ *                 this function.
+ *
+ * \warning        The target structure contains pointers to the raw data of the
+ *                 parsed certificate, and its lifetime is restricted by the
+ *                 lifetime of the certificate.
+ *
+ * \return         \c 0 on success
+ * \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+ *                 SAN type.
+ * \return         Another negative value for any other failure.
+ */
+int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf,
+                                    mbedtls_x509_subject_alternative_name *san);
+
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
  * \brief          Returns an informational string about the