Merge branch 'mbedtls-1.3' into development

* mbedtls-1.3: Add missing depends in x509 programs Simplify ifdef checks in programs/x509 Fix thread safety issue in RSA operations Add test certificate for bitstring in DN Add support for X.520 uniqueIdentifier Accept bitstrings in X.509 names
2025-07-28 00:21:48 +03:00 · 2015-03-31 17:56:15 +02:00
parent c89d6cf77c 0878a0d884
commit 26c9f90cae
12 changed files with 143 additions and 81 deletions
--- a/library/oid.c
+++ b/library/oid.c
@ -235,6 +235,10 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
        { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent",           "Domain component" },
        "DC",
    },
+    {
+        { ADD_LEN( OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier",    "Unique Identifier" },
+        "uniqueIdentifier",
+    },
    {
        { NULL, 0, NULL, NULL },
        NULL,
--- a/library/rsa.c
+++ b/library/rsa.c
@ -282,11 +282,18 @@ int rsa_public( rsa_context *ctx,
        return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
    }

+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_lock( &ctx->mutex );
+#endif
+
    olen = ctx->len;
    MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
    MPI_CHK( mpi_write_binary( &T, output, olen ) );

 cleanup:
+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_unlock( &ctx->mutex );
+#endif

    mpi_free( &T );

@ -400,6 +407,10 @@ int rsa_private( rsa_context *ctx,
        MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
    }

+#if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_lock( &ctx->mutex );
+#endif
+
 #if defined(POLARSSL_RSA_NO_CRT)
    MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
 #else
@ -440,10 +451,11 @@ int rsa_private( rsa_context *ctx,
    MPI_CHK( mpi_write_binary( &T, output, olen ) );

 cleanup:
-    mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
 #if defined(POLARSSL_THREADING_C)
+    polarssl_mutex_unlock( &ctx->mutex );
    mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
 #endif
+    mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );

    if( ret != 0 )
        return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
--- a/library/x509.c
+++ b/library/x509.c
@ -380,7 +380,8 @@ static int x509_get_attr_type_value( unsigned char **p,

    if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING      &&
        **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
-        **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
+        **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING &&
+        **p != ASN1_BIT_STRING )
        return( POLARSSL_ERR_X509_INVALID_NAME +
                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );