Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Mbedtls
提交
6bb53146
T
Third Party Mbedtls
项目概览
OpenHarmony
/
Third Party Mbedtls
9 个月 前同步成功
通知
0
Star
19
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Mbedtls
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
6bb53146
编写于
9月 27, 2022
作者:
O
openharmony_ci
提交者:
Gitee
9月 27, 2022
浏览文件
操作
浏览文件
下载
差异文件
!60 合入CVE-2020-36477
Merge pull request !60 from 毛宇锋/cherry-pick-1664263357
上级
3d4d4d93
9bac3fdf
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
42 addition
and
1 deletion
+42
-1
include/mbedtls/x509.h
include/mbedtls/x509.h
+22
-0
library/x509_crt.c
library/x509_crt.c
+20
-1
未找到文件。
include/mbedtls/x509.h
浏览文件 @
6bb53146
...
@@ -131,6 +131,28 @@
...
@@ -131,6 +131,28 @@
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
/**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
/**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
/**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
/**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
/*
* X.509 v3 Subject Alternative Name types.
* otherName [0] OtherName,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
*/
#define MBEDTLS_X509_SAN_OTHER_NAME 0
#define MBEDTLS_X509_SAN_RFC822_NAME 1
#define MBEDTLS_X509_SAN_DNS_NAME 2
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3
#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
#define MBEDTLS_X509_SAN_IP_ADDRESS 7
#define MBEDTLS_X509_SAN_REGISTERED_ID 8
/* \} name */
/* \} name */
/* \} addtogroup x509_module */
/* \} addtogroup x509_module */
...
...
library/x509_crt.c
浏览文件 @
6bb53146
...
@@ -2452,6 +2452,25 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
...
@@ -2452,6 +2452,25 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name,
return
(
-
1
);
return
(
-
1
);
}
}
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
static
int
x509_crt_check_san
(
const
mbedtls_x509_buf
*
name
,
const
char
*
cn
,
size_t
cn_len
)
{
const
unsigned
char
san_type
=
(
unsigned
char
)
name
->
tag
&
MBEDTLS_ASN1_TAG_VALUE_MASK
;
/* dNSName */
if
(
san_type
==
MBEDTLS_X509_SAN_DNS_NAME
)
return
(
x509_crt_check_cn
(
name
,
cn
,
cn_len
)
);
/* (We may handle other types here later.) */
/* Unrecognized type */
return
(
-
1
);
}
/*
/*
* Verify the requested CN - only call this if cn is not NULL!
* Verify the requested CN - only call this if cn is not NULL!
*/
*/
...
@@ -2467,7 +2486,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
...
@@ -2467,7 +2486,7 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
{
{
for
(
cur
=
&
crt
->
subject_alt_names
;
cur
!=
NULL
;
cur
=
cur
->
next
)
for
(
cur
=
&
crt
->
subject_alt_names
;
cur
!=
NULL
;
cur
=
cur
->
next
)
{
{
if
(
x509_crt_check_
c
n
(
&
cur
->
buf
,
cn
,
cn_len
)
==
0
)
if
(
x509_crt_check_
sa
n
(
&
cur
->
buf
,
cn
,
cn_len
)
==
0
)
break
;
break
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录