Allow empty ns_cert_type, key_usage while parsing certificates

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2025-02-05 00:40:09 +00:00 · 2023-01-16 13:33:19 +01:00 · 2023-01-16 13:33:19 +01:00 · db128f518c
commit db128f518c
parent 21c37288e5
1 changed files with 10 additions and 0 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -573,6 +573,11 @@ int mbedtls_x509_get_ns_cert_type(unsigned char **p,
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
    }

+    if (bs.len == 0) {
+        *ns_cert_type = 0;
+        return 0;
+    }
+
    if (bs.len != 1) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
@ -595,6 +600,11 @@ int mbedtls_x509_get_key_usage(unsigned char **p,
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
    }

+    if (bs.len == 0) {
+        *key_usage = 0;
+        return 0;
+    }
+
    if (bs.len < 1) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);