TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-05 01:23:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correcting documentation issues:

Browse Source 
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
This commit is contained in:
toth92g
2021-04-27 15:41:25 +02:00
committed by Przemek Stekiel
parent fcdd0297b8
commit 98fa4c9d0c
3 changed files with 32 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
View File

@@ -1,2 +1,3 @@
API changes
* x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields
Features
* When parsing X.509 certificates, support the extensions
SignatureKeyIdentifier and AuthorityKeyIdentifier.

34
library/x509_crt.c
View File

@@ -624,8 +624,8 @@ static int x509_get_subject_key_id( unsigned char** p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0u;
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_OCTET_STRING)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
{
return( ret );
}
@@ -636,6 +636,10 @@ static int x509_get_subject_key_id( unsigned char** p,
subject_key_id->p = *p;
*p += len;
}
if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
@@ -655,14 +659,14 @@ static int x509_get_authority_key_id( unsigned char** p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0u;
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( ret );
}
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0 )
if ( (ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
{
/* KeyIdentifier is an OPTIONAL field */
}
@@ -677,15 +681,15 @@ static int x509_get_authority_key_id( unsigned char** p,
if ( *p < end )
{
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_BOOLEAN)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
{
/* authorityCertIssuer is an OPTIONAL field */
}
else
{
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_OCTET_STRING)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
{
return( ret );
}
@@ -693,13 +697,13 @@ static int x509_get_authority_key_id( unsigned char** p,
{
authority_key_id->raw.p = *p;
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( ret );
}
if ( (ret = mbedtls_x509_get_name(p, *p + len, &authority_key_id->authorityCertIssuer)) != 0 )
if ( ( ret = mbedtls_x509_get_name( p, *p + len, &authority_key_id->authorityCertIssuer ) ) != 0 )
{
return( ret );
}
@@ -711,8 +715,8 @@ static int x509_get_authority_key_id( unsigned char** p,
if ( *p < end )
{
if ( (ret = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != 0 )
if ( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER ) ) != 0 )
{
/* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */
return( ret );

20
tests/suites/test_suite_x509parse.function
View File

@@ -1414,16 +1414,16 @@ void mbedtls_x509_crt_parse_subjectkeyid( char * crt_path, char *subjectKeyId, i
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_path ) == retVal );
if(retVal != 0)
if( retVal != 0 )
{
while(i < subjectKeyIdLength)
while( i < subjectKeyIdLength )
{
result |= crt.subject_key_id.p[i] != subjectKeyId[i*2];
result |= crt.subject_key_id.p[i+1] != subjectKeyId[i*2+1];
i++;
}
TEST_ASSERT(result == 0);
TEST_ASSERT( result == 0 );
}
exit:
@@ -1444,10 +1444,10 @@ void mbedtls_x509_crt_parse_authoritykeyid( char * crt_path, char *authorityKeyI
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_path ) == retVal );
if (retVal != 0)
if ( retVal != 0 )
{
/* KeyId test */
while(i < keyIdLength)
while( i < keyIdLength )
{
result |= crt.authority_key_id.keyIdentifier.p[i] != authorityKeyId_keyId[i*2];
result |= crt.authority_key_id.keyIdentifier.p[i+1] != authorityKeyId_keyId[i*2+1];
@@ -1456,11 +1456,11 @@ void mbedtls_x509_crt_parse_authoritykeyid( char * crt_path, char *authorityKeyI
/* Issuer test */
mbedtls_x509_name* issuerPtr = &crt.authority_key_id.authorityCertIssuer;
while (issuerPtr != NULL)
while ( issuerPtr != NULL )
{
for (issuerCounter = 0u; issuerCounter < issuerPtr->val.len; issuerCounter++)
for ( issuerCounter = 0u; issuerCounter < issuerPtr->val.len; issuerCounter++ )
{
result |= (authorityKeyId_issuer[bufferCounter++] != issuerPtr->val.p[issuerCounter]);
result |= ( authorityKeyId_issuer[bufferCounter++] != issuerPtr->val.p[issuerCounter] );
}
bufferCounter++; /* Skipping the slash */
issuerPtr = issuerPtr->next;
@@ -1468,14 +1468,14 @@ void mbedtls_x509_crt_parse_authoritykeyid( char * crt_path, char *authorityKeyI
/* Serial test */
i = 0;
while(i < serialLength)
while( i < serialLength )
{
result |= crt.authority_key_id.authorityCertSerialNumber.p[i] != authorityKeyId_serial[i*2];
result |= crt.authority_key_id.authorityCertSerialNumber.p[i+1] != authorityKeyId_serial[i*2+1];
i++;
}
TEST_ASSERT(result == 0);
TEST_ASSERT( result == 0 );
}
exit: