From 2ea44d28de575c673c40c5ad0947e212865f1530 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 18:36:02 +0100 Subject: [PATCH 1/4] Fix: Set type_id in x509_get_other_name() When parsing a subject alternative name of type otherName, retain the type-id field of the otherName. Previously this was not copied to the mbedtls_x509_san_other_name struct when it should have been. Signed-off-by: David Horstmann --- library/x509.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509.c b/library/x509.c index ba8d719606..cee854c0c3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1097,6 +1097,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } + other_name->type_id = cur_oid; p += len; if ((ret = mbedtls_asn1_get_tag(&p, end, &len, From cfae6a1ae99aaf5e3e4172f0722623ec59d49b0e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:12:59 +0100 Subject: [PATCH 2/4] Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann --- library/x509.c | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index cee854c0c3..ee7a2b2f3a 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1489,7 +1489,7 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid) != 0) { + &other_name->type_id) == 0) { ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; ret = diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7a2bbefd91..ce80e569ea 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -242,7 +242,7 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.value.hardware_module_name.oid) != 0) { + &san->san.other_name.type_id) == 0) { ret = mbedtls_snprintf(p, n, " hardware module name :"); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, " hardware type : "); From 1923c91e15db4e726e50ac17b291c78daff10f8c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:01:10 +0100 Subject: [PATCH 3/4] Add ChangeLog entry for otherName SAN fixes Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/initialize-struct-get-other-name.txt diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt new file mode 100644 index 0000000000..6bba4cbcc5 --- /dev/null +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -0,0 +1,8 @@ +Bugfix + * Fix an issue when parsing an otherName subject alternative name into a + mbedtls_x509_san_other_name struct. The type-id of the otherName was not + copied to the struct. This meant that the struct had incomplete + information about the otherName SAN and contained uninitialized memory. + * Fix the detection of HardwareModuleName otherName SANs. These were being + detected by comparing the wrong field and the check was erroneously + inverted. \ No newline at end of file From 43f7602fcc13c4290a88f19898ffe74de8e2d1e4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 21 Aug 2023 17:34:45 +0100 Subject: [PATCH 4/4] Fixup incorrectly-formatted ChangeLog entry Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt index 6bba4cbcc5..dc8395d408 100644 --- a/ChangeLog.d/initialize-struct-get-other-name.txt +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -1,8 +1,8 @@ Bugfix * Fix an issue when parsing an otherName subject alternative name into a mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete + copied to the struct. This meant that the struct had incomplete information about the otherName SAN and contained uninitialized memory. * Fix the detection of HardwareModuleName otherName SANs. These were being detected by comparing the wrong field and the check was erroneously - inverted. \ No newline at end of file + inverted.