mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove redundant check and add comment to inform about processing of empty extensions

Browse Source 
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.

A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-01-25 14:26:15 +01:00
parent d7992df529
commit 32e20919ac
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/x509.c
View File

@ -1328,6 +1328,8 @@ int mbedtls_x509_get_ns_cert_type(unsigned char **p,
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
/* A bitstring with no flags set is still technically valid, as it will mean
that the certificate has no designated purpose at the time of creation. */
if (bs.len == 0) {
*ns_cert_type = 0;
return 0;
@ -1355,16 +1357,13 @@ int mbedtls_x509_get_key_usage(unsigned char **p,
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
/* A bitstring with no flags set is still technically valid, as it will mean
that the certificate has no designated purpose at the time of creation. */
if (bs.len == 0) {
*key_usage = 0;
return 0;
}
if (bs.len < 1) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH);
}
/* Get actual bitstring */
*key_usage = 0;
for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) {