yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions.

Browse source 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
This commit is contained in:
Matthias Schulz 2023-10-17 16:02:20 +02:00
parent 0ca58e3c10
commit 873a202d18
1 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
library/x509_csr.c
View file

@ -75,13 +75,13 @@ static int x509_csr_get_version(unsigned char **p,
static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
unsigned char **p, const unsigned char *end)
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len;
unsigned char *end_ext_data;
int critical;
while (*p < end) {
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
int is_critical = 0; /* DEFAULT FALSE */
int ext_type = 0;
/* Read sequence tag */
@ -102,8 +102,11 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
extn_oid.p = *p;
*p += extn_oid.len;
/* Get and ignore optional critical flag */
(void)mbedtls_asn1_get_bool(p, end_ext_data, &critical);
/* Get optional critical */
if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
(ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
/* Data should be octet string type */
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
@ -157,6 +160,12 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
default:
break;
}
} else {
if (is_critical) {
/* Data is marked as critical: fail */
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
}
}
*p = end_ext_data;
}