From db128f518ccbb8e902e1234571a0412834a7be1f Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 16 Jan 2023 13:33:19 +0100
Subject: [PATCH] Allow empty ns_cert_type, key_usage while parsing
 certificates

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/x509_crt.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index a4eb7128ed..f77991eb5c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -573,6 +573,11 @@ int mbedtls_x509_get_ns_cert_type(unsigned char **p,
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
+    if (bs.len == 0) {
+        *ns_cert_type = 0;
+        return 0;
+    }
+
     if (bs.len != 1) {
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
                                  MBEDTLS_ERR_ASN1_INVALID_LENGTH);
@@ -595,6 +600,11 @@ int mbedtls_x509_get_key_usage(unsigned char **p,
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
+    if (bs.len == 0) {
+        *key_usage = 0;
+        return 0;
+    }
+
     if (bs.len < 1) {
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
                                  MBEDTLS_ERR_ASN1_INVALID_LENGTH);