diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d0aaa9f1b..21e36b598 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -303,7 +303,10 @@ int mbedtls_x509write_crt_set_ext_key_usage( mbedtls_x509write_cert *ctx, unsigned char *c = buf + sizeof(buf); int ret; size_t len = 0; - const mbedtls_asn1_sequence *last_ext = 0, *ext; + const mbedtls_asn1_sequence *last_ext = NULL; + mbedtls_asn1_sequence *ext; + + memset( buf, 0, sizeof(buf) ); /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */ if( exts == NULL ) @@ -324,14 +327,10 @@ int mbedtls_x509write_crt_set_ext_key_usage( mbedtls_x509write_cert *ctx, MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); - ret = mbedtls_x509write_crt_set_extension( ctx, + return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_EXTENDED_KEY_USAGE, MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ), 1, c, len ); - if( ret != 0 ) - return( ret ); - - return( 0 ); } int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bffc4ab86..dbdc4eebf 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -1,4 +1,3 @@ - /* * Certificate generation and signing * @@ -832,7 +831,7 @@ int main( int argc, char *argv[] ) ret = mbedtls_x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type ); if( ret != 0 ) { - mbedtls_strerror( ret, buf, 1024 ); + mbedtls_strerror( ret, buf, sizeof(buf) ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); goto exit; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 5781fe0d8..2e5965864 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -350,19 +350,24 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, if( strcmp( ext_key_usage, "NULL" ) != 0 ) { mbedtls_asn1_sequence exts[2]; - memset(exts, 0, sizeof(exts)); -#define SET_OID(x, oid) \ - do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char*)oid; \ - x.tag = MBEDTLS_ASN1_OID; } while( 0 ) + memset( exts, 0, sizeof(exts) ); + +#define SET_OID(x, oid) \ + do { \ + x.len = MBEDTLS_OID_SIZE(oid); \ + x.p = (unsigned char*)oid; \ + x.tag = MBEDTLS_ASN1_OID; \ + } while( 0 ) + if( strcmp( ext_key_usage, "serverAuth" ) == 0 ) { - SET_OID( exts[0].buf, MBEDTLS_OID_SERVER_AUTH ); + SET_OID( exts[0].buf, MBEDTLS_OID_SERVER_AUTH ); } else if( strcmp( ext_key_usage, "codeSigning,timeStamping" ) == 0 ) { - SET_OID( exts[0].buf, MBEDTLS_OID_CODE_SIGNING ); - exts[0].next = &exts[1]; - SET_OID( exts[1].buf, MBEDTLS_OID_TIME_STAMPING ); + SET_OID( exts[0].buf, MBEDTLS_OID_CODE_SIGNING ); + exts[0].next = &exts[1]; + SET_OID( exts[1].buf, MBEDTLS_OID_TIME_STAMPING ); } TEST_ASSERT( mbedtls_x509write_crt_set_ext_key_usage( &crt, exts ) == 0 ); }