lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor

Browse Source 
Add accessor for x509 certificate extension types
This commit is contained in:
Dave Rodgman
2022-06-06 21:51:38 +01:00
committed by GitHub
parent 5e03d9e601 5c9c2ce86d
commit 4b55a89327
4 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/x509_ext_types_accessor.txt Normal file
View File

@@ -0,0 +1,3 @@
Features
* Add the function mbedtls_x509_crt_has_ext_type() to access the ext types
field within mbedtls_x509_crt context, as requested in #5585.

17
include/mbedtls/x509_crt.h
View File

@@ -957,6 +957,23 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Query certificate for given extension type
*
* \param[in] ctx Certificate context to be queried, must not be \c NULL
* \param ext_type Extension type being queried for, must be a valid
* extension type. Must be one of the MBEDTLS_X509_EXT_XXX
* values
*
* \return 0 if the given extension type is not present,
* non-zero otherwise
*/
static inline int mbedtls_x509_crt_has_ext_type( const mbedtls_x509_crt *ctx,
int ext_type )
{
return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
}
/** \} name Structures and functions for parsing and writing X.509 certificates */ /** \} name Structures and functions for parsing and writing X.509 certificates */
#if defined(MBEDTLS_X509_CRT_WRITE_C) #if defined(MBEDTLS_X509_CRT_WRITE_C)

8
tests/suites/test_suite_x509parse.data
View File

@@ -2791,3 +2791,11 @@ x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.c
X509 CRT verify restart: one int, int badsign, max_ops=500 X509 CRT verify restart: one int, int badsign, max_ops=500
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
X509 ext types accessor: ext type present
depends_on:MBEDTLS_X509_CRT_PARSE_C
x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE
X509 ext types accessor: ext type not present
depends_on:MBEDTLS_X509_CRT_PARSE_C
x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME

16
tests/suites/test_suite_x509parse.function
View File

@@ -401,6 +401,22 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509_accessor_ext_types( int ext_type, int has_ext_type )
{
mbedtls_x509_crt crt;
int expected_result = ext_type & has_ext_type;
mbedtls_x509_crt_init( &crt );
crt.ext_types = ext_type;
TEST_ASSERT( mbedtls_x509_crt_has_ext_type( &crt, has_ext_type ) == expected_result );
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san( char * crt_file, char * result_str ) void x509_parse_san( char * crt_file, char * result_str )
{ {