From ded167e18cf7f82fecb5f0d08a356e241056db5d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 Feb 2019 14:34:46 +0000 Subject: [PATCH] Add raw buffer holding SubjectAlternativeName ext to CRT structure This is analogous to a previous commit for the `ExtendedKeyUsage` extension: We aim at not using dynamically allocated linked lists to represent the components of the `SubjectAlternativeName` extension, but to traverse the raw ASN.1 data when needed. This commit adds a field to `mbedtls_x509_crt` containing the raw ASN.1 buffer bounds of the `SubjectAlternativeNames` extension. --- include/mbedtls/x509_crt.h | 1 + library/x509_crt.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 0c71dae18..76d829bed 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -80,6 +80,7 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */ + mbedtls_x509_buf_raw subject_alt_raw; /**< Raw data for SubjectAlternativeNames extension. */ int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 46d6434a9..243373ea7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -706,6 +706,8 @@ static int x509_get_crt_ext( unsigned char **p, case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: /* Parse subject alt name */ + crt->subject_alt_raw.p = *p; + crt->subject_alt_raw.len = end_ext_octet - *p; if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, &crt->subject_alt_names ) ) != 0 ) return( ret );