From 4a46d23a36528816af28bf64abd3349d9841ada8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 18:36:02 +0100 Subject: [PATCH 1/4] Fix: Set type_id in x509_get_other_name() When parsing a subject alternative name of type otherName, retain the type-id field of the otherName. Previously this was not copied to the mbedtls_x509_san_other_name struct when it should have been. Signed-off-by: David Horstmann --- library/x509_crt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5b51694740..3578c4af81 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1741,6 +1741,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } + other_name->type_id = cur_oid; p += len; if ((ret = mbedtls_asn1_get_tag(&p, end, &len, From dcf73265baa54c3306efc203deada066decddbb9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:12:59 +0100 Subject: [PATCH 2/4] Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann --- library/x509_crt.c | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 3578c4af81..0e91bd83b2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1830,7 +1830,7 @@ static int x509_info_subject_alt_name(char **buf, size_t *size, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid) != 0) { + &other_name->type_id) == 0) { ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; ret = diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 377f9e8875..09a9d12874 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -240,7 +240,7 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.value.hardware_module_name.oid) != 0) { + &san->san.other_name.type_id) == 0) { ret = mbedtls_snprintf(p, n, " hardware module name :"); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, " hardware type : "); From 869609f2283c61359b137052b522bbdcd685b32f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:01:10 +0100 Subject: [PATCH 3/4] Add ChangeLog entry for otherName SAN fixes Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/initialize-struct-get-other-name.txt diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt new file mode 100644 index 0000000000..6bba4cbcc5 --- /dev/null +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -0,0 +1,8 @@ +Bugfix + * Fix an issue when parsing an otherName subject alternative name into a + mbedtls_x509_san_other_name struct. The type-id of the otherName was not + copied to the struct. This meant that the struct had incomplete + information about the otherName SAN and contained uninitialized memory. + * Fix the detection of HardwareModuleName otherName SANs. These were being + detected by comparing the wrong field and the check was erroneously + inverted. \ No newline at end of file From d81f75bbbf5106d411e91dc80a1cdd266ea4d5de Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 21 Aug 2023 17:34:45 +0100 Subject: [PATCH 4/4] Fixup incorrectly-formatted ChangeLog entry Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt index 6bba4cbcc5..dc8395d408 100644 --- a/ChangeLog.d/initialize-struct-get-other-name.txt +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -1,8 +1,8 @@ Bugfix * Fix an issue when parsing an otherName subject alternative name into a mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete + copied to the struct. This meant that the struct had incomplete information about the otherName SAN and contained uninitialized memory. * Fix the detection of HardwareModuleName otherName SANs. These were being detected by comparing the wrong field and the check was erroneously - inverted. \ No newline at end of file + inverted.