From ad9cbd337a91e451faa7ebc234f8bfdb3417c427 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Fri, 28 Apr 2023 22:53:52 +0200
Subject: [PATCH] Change DistinguishedName data

---
 rustls/src/anchors.rs             | 15 ++++++++++++++-
 rustls/src/msgs/handshake.rs      | 23 ++++++++++++++++-------
 rustls/src/msgs/handshake_test.rs |  4 ++--
 3 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/rustls/src/anchors.rs b/rustls/src/anchors.rs
index 5b4136ea..1a5ff824 100644
--- a/rustls/src/anchors.rs
+++ b/rustls/src/anchors.rs
@@ -41,7 +41,7 @@ impl OwnedTrustAnchor {
         name_constraints: Option<impl Into<Vec<u8>>>,
     ) -> Self {
         Self {
-            subject: DistinguishedName::from(subject.into()),
+            subject: DistinguishedName::new(&subject.into()),
             spki: spki.into(),
             name_constraints: name_constraints.map(|x| x.into()),
         }
@@ -145,3 +145,16 @@ impl RootCertStore {
         (valid_count, invalid_count)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn owned_trust_anchor_subject_is_correctly_encoding_dn() {
+        let ota = super::OwnedTrustAnchor::from_subject_spki_name_constraints(
+            b"subject".to_owned(),
+            b"".to_owned(),
+            None::<Vec<u8>>,
+        );
+        assert_eq!(ota.subject().as_ref(), b"\x30\x07subject");
+    }
+}
diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs
index 37d6e72f..94a48b9e 100644
--- a/rustls/src/msgs/handshake.rs
+++ b/rustls/src/msgs/handshake.rs
@@ -1749,27 +1749,36 @@ impl TlsListElement for ClientCertificateType {
 /// }
 /// ```
 #[derive(Clone, Debug)]
-pub struct DistinguishedName(PayloadU16);
+pub struct DistinguishedName {
+    outer: Vec<u8>,
+}
 
-impl From<Vec<u8>> for DistinguishedName {
-    fn from(v: Vec<u8>) -> Self {
-        Self(PayloadU16::new(v))
+impl DistinguishedName {
+    pub(crate) fn new(inner: &[u8]) -> Self {
+        let mut outer = Vec::with_capacity(2 + inner.len());
+        outer.extend((inner.len() as u16).to_be_bytes());
+        outer.extend(inner);
+        Self { outer }
     }
 }
 
 impl AsRef<[u8]> for DistinguishedName {
     fn as_ref(&self) -> &[u8] {
-        self.0 .0.as_slice()
+        &self.outer[..]
     }
 }
 
 impl Codec for DistinguishedName {
     fn encode(&self, bytes: &mut Vec<u8>) {
-        self.0.encode(bytes);
+        bytes.extend(&self.outer);
     }
 
     fn read(r: &mut Reader) -> Result<Self, InvalidMessage> {
-        Ok(Self(PayloadU16::read(r)?))
+        let len = u16::read(r)? as usize;
+        let mut sub = r.sub(len)?;
+        Ok(Self {
+            outer: sub.rest().to_vec(),
+        })
     }
 }
 
diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs
index 137a6768..7ad0bbb9 100644
--- a/rustls/src/msgs/handshake_test.rs
+++ b/rustls/src/msgs/handshake_test.rs
@@ -846,7 +846,7 @@ fn get_sample_certificaterequestpayload() -> CertificateRequestPayload {
     CertificateRequestPayload {
         certtypes: vec![ClientCertificateType::RSASign],
         sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256],
-        canames: vec![DistinguishedName::from(vec![1, 2, 3])],
+        canames: vec![DistinguishedName::new(&[1, 2, 3])],
     }
 }
 
@@ -855,7 +855,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTLS13
         context: PayloadU8(vec![1, 2, 3]),
         extensions: vec![
             CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
-            CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]),
+            CertReqExtension::AuthorityNames(vec![DistinguishedName::new(&[1, 2, 3])]),
             CertReqExtension::Unknown(UnknownExtension {
                 typ: ExtensionType::Unknown(12345),
                 payload: Payload(vec![1, 2, 3]),