From d96027acd25a2f15f5792f5d5b8bac413fa16b57 Mon Sep 17 00:00:00 2001
From: toth92g <toth92g@gmail.com>
Date: Tue, 27 Apr 2021 15:41:25 +0200
Subject: [PATCH] Correcting documentation issues: - Changelog entry is Feature
 instead of API Change - Correcting whitespaces around braces - Also adding
 defensive mechanism to x509_get_subject_key_id   to avoid malfunction in case
 of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
---
 ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt | 5 +++--
 library/x509_crt.c                                      | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
index cf4c9e9531..9aa3ff91d1 100644
--- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
+++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
@@ -1,2 +1,3 @@
-API changes
-   * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields
+Features
+   * When parsing X.509 certificates, support the extensions
+     SignatureKeyIdentifier and AuthorityKeyIdentifier.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index e7a98dd622..8cb78e553c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -608,6 +608,11 @@ static int x509_get_subject_key_id(unsigned char **p,
         *p += len;
     }
 
+    if (*p != end) {
+        return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
     return 0;
 }