mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-01 13:13:28 +00:00
authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
94cf710edc
commit
f5b8f78ad7
@ -660,27 +660,29 @@ static int x509_get_authority_key_id(unsigned char **p,
|
|||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
|
||||||
1)) != 0) {
|
1)) != 0) {
|
||||||
/* authorityCertIssuer is an OPTIONAL field */
|
/* authorityCertIssuer and authorityCertSerialNumber MUST both
|
||||||
|
be present or both be absent. At this point we expect to have both. */
|
||||||
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
} else {
|
} else {
|
||||||
/* "end" also includes the CertSerialNumber field so "len" shall be used */
|
/* "end" also includes the CertSerialNumber field so "len" shall be used */
|
||||||
ret = mbedtls_x509_get_subject_alt_name_ext(p,
|
ret = mbedtls_x509_get_subject_alt_name_ext(p,
|
||||||
(*p+len),
|
(*p+len),
|
||||||
&authority_key_id->authorityCertIssuer);
|
&authority_key_id->authorityCertIssuer);
|
||||||
}
|
if (ret != 0) {
|
||||||
}
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
if (*p < end) {
|
/* Getting authorityCertSerialNumber using the required specific class tag [2] */
|
||||||
/* Getting authorityCertSerialNumber using the required specific class tag [2] */
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER |
|
||||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER |
|
2)) != 0) {
|
||||||
2)) != 0) {
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
/* authorityCertSerialNumber is an OPTIONAL field */
|
} else {
|
||||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
authority_key_id->authorityCertSerialNumber.len = len;
|
||||||
} else {
|
authority_key_id->authorityCertSerialNumber.p = *p;
|
||||||
authority_key_id->authorityCertSerialNumber.len = len;
|
authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
|
||||||
authority_key_id->authorityCertSerialNumber.p = *p;
|
*p += len;
|
||||||
authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
|
}
|
||||||
*p += len;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1677,14 +1679,16 @@ cleanup:
|
|||||||
|
|
||||||
#define CERT_TYPE(type, name) \
|
#define CERT_TYPE(type, name) \
|
||||||
do { \
|
do { \
|
||||||
if (ns_cert_type & (type)) \
|
if (ns_cert_type & (type)) { \
|
||||||
PRINT_ITEM(name); \
|
PRINT_ITEM(name); \
|
||||||
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
#define KEY_USAGE(code, name) \
|
#define KEY_USAGE(code, name) \
|
||||||
do { \
|
do { \
|
||||||
if (key_usage & (code)) \
|
if (key_usage & (code)) { \
|
||||||
PRINT_ITEM(name); \
|
PRINT_ITEM(name); \
|
||||||
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
static int x509_info_ext_key_usage(char **buf, size_t *size,
|
static int x509_info_ext_key_usage(char **buf, size_t *size,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user