Fix incorrect detection of HardwareModuleName
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
parent
2ea44d28de
commit
cfae6a1ae9
2 changed files with 2 additions and 2 deletions
|
|
@ -1489,7 +1489,7 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
|
|||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
|
||||
&other_name->value.hardware_module_name.oid) != 0) {
|
||||
&other_name->type_id) == 0) {
|
||||
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
ret =
|
||||
|
|
|
|||
|
|
@ -242,7 +242,7 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
|
|||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
|
||||
&san->san.other_name.value.hardware_module_name.oid) != 0) {
|
||||
&san->san.other_name.type_id) == 0) {
|
||||
ret = mbedtls_snprintf(p, n, " hardware module name :");
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
ret = mbedtls_snprintf(p, n, " hardware type : ");
|
||||
|
|
|
|||
Loading…
Reference in a new issue