Adding some comments for easier understand

Signed-off-by: toth92g <toth92g@gmail.com>
2026-04-02 10:36:07 +02:00 · 2021-05-11 12:55:58 +02:00
parent 58b1ec7db2
commit 7dbc47e8e6
1 changed files with 28 additions and 23 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -808,50 +808,55 @@ static int x509_get_authority_key_id(unsigned char **p,
    } else {
        authority_key_id->keyIdentifier.len = len;
        authority_key_id->keyIdentifier.p = *p;
+        /* Setting tag of the keyIdentfier intentionally to 0x04.
+         * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL),
+         * its tag with the content is the payload of on OCTET STRING primitive   */
        authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;

        *p += len;
    }

    if (*p < end) {
+        /* Getting authorityCertIssuer using the required specific class tag [1] */
        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
                                        1)) != 0) {
            /* authorityCertIssuer is an OPTIONAL field */
        } else {
-            if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+            /* Getting directoryName using the required specific class tag [4] *
+               if ((ret = mbedtls_asn1_get_tag(p, end, &len,
                                            MBEDTLS_ASN1_CONTEXT_SPECIFIC |
                                            MBEDTLS_ASN1_CONSTRUCTED | 4)) != 0) {
                return ret;
-            } else {
+               } else {
                /* "end" also includes the CertSerialNumber field so "len" shall be used */
-                ret = x509_get_general_names(p,
-                                             (*p+len),
-                                             &authority_key_id->authorityCertIssuer);
-            }
+            ret = x509_get_general_names(p,
+                                         (*p+len),
+                                         &authority_key_id->authorityCertIssuer);
        }
    }
+}

-    if (*p < end) {
-        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
-                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) !=
-            0) {
-            /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */
-            return ret;
-        } else {
-            authority_key_id->authorityCertSerialNumber.len = len;
-            authority_key_id->authorityCertSerialNumber.p = *p;
-            authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
-            *p += len;
-        }
+if (*p < end) {
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) !=
+        0) {
+        /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */
+        return ret;
+    } else {
+        authority_key_id->authorityCertSerialNumber.len = len;
+        authority_key_id->authorityCertSerialNumber.p = *p;
+        authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING;
+        *p += len;
    }
+}

-    if (*p != end) {
-        return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
-    }
+if (*p != end) {
+    return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+           MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+}

-    return 0;
+return 0;
 }

 /*