From 5f72ea87575d65b37fc663e3a6c91a54df05e976 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 24 Aug 2017 17:05:07 +0100 Subject: [PATCH] Document the general idea of the code in x509_ocsp.c --- library/x509_ocsp.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/library/x509_ocsp.c b/library/x509_ocsp.c index 3861a40c24..37674cacde 100644 --- a/library/x509_ocsp.c +++ b/library/x509_ocsp.c @@ -95,6 +95,28 @@ static int x509_ocsp_get_response_bytes( unsigned char **p, return( 0 ); } +/* + * In general, the idea for each parsing function is to parse the current + * top-level component and delegate parsing of its members to helper functions. + * The process can be summarised as follows: + * 1. Parse the top level component(s) for the current ASN.1 object + * - Note that sometimes the top level component contains tagged + * subcomponents + * 2. Calls helper parsing functions for individual subcomponents. Note + * that some of the helpers functions are static others are from + * asn1parse.c or x509.c + * 3. Perform any required bounds checking + * + * The code is kept consistent throughout for checking bounds. Each parsing + * function must perform the following check: + * 1. At the begining, there is enough space in the buffer to parse + * whatever is being processed. + * 2. Prior to returning, the length specified in the ASN1 encoding + * matches the number of bytes consumed from the buffer p. + * 3. The lengths of any intermediate sub-components (such as EXPLICIT + * tags) parsed matches the number of bytes consumed by its helper + * functions + */ int mbedtls_x509_ocsp_parse_response( mbedtls_x509_ocsp_response *resp, unsigned char *buf, size_t buflen ) {