From 8194285cf1f2d5384f180e26b1924b299a56c09d Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Wed, 3 May 2023 16:19:16 +0200
Subject: [PATCH] Fix parsing of authorityCertSerialNumber (use valid tags)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/x509_crt.c                         | 5 ++---
 tests/suites/test_suite_x509parse.function | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 08874284bc..59a694634d 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -674,13 +674,12 @@ static int x509_get_authority_key_id(unsigned char **p,
 
             /* Getting authorityCertSerialNumber using the required specific class tag [2] */
             if ((ret = mbedtls_asn1_get_tag(p, end, &len,
-                                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER |
-                                            2)) != 0) {
+                                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) {
                 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
             } else {
                 authority_key_id->authorityCertSerialNumber.len = len;
                 authority_key_id->authorityCertSerialNumber.p = *p;
-                authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
+                authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER;
                 *p += len;
             }
         }
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 4d89410898..1970b5d699 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1538,7 +1538,7 @@ void x509_crt_parse_authoritykeyid(data_t *buf,
 
         /* Serial test */
         TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag ==
-                    MBEDTLS_ASN1_OCTET_STRING);
+                    MBEDTLS_ASN1_INTEGER);
         TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serialLength);
     } else {
         TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0);