mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
This commit is contained in:
@ -75,13 +75,13 @@ static int x509_csr_get_version(unsigned char **p,
|
|||||||
static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
||||||
unsigned char **p, const unsigned char *end)
|
unsigned char **p, const unsigned char *end)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *end_ext_data;
|
unsigned char *end_ext_data;
|
||||||
int critical;
|
|
||||||
|
|
||||||
while (*p < end) {
|
while (*p < end) {
|
||||||
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
||||||
|
int is_critical = 0; /* DEFAULT FALSE */
|
||||||
int ext_type = 0;
|
int ext_type = 0;
|
||||||
|
|
||||||
/* Read sequence tag */
|
/* Read sequence tag */
|
||||||
@ -102,8 +102,11 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
extn_oid.p = *p;
|
extn_oid.p = *p;
|
||||||
*p += extn_oid.len;
|
*p += extn_oid.len;
|
||||||
|
|
||||||
/* Get and ignore optional critical flag */
|
/* Get optional critical */
|
||||||
(void)mbedtls_asn1_get_bool(p, end_ext_data, &critical);
|
if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
|
||||||
|
(ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
|
||||||
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
|
}
|
||||||
|
|
||||||
/* Data should be octet string type */
|
/* Data should be octet string type */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
||||||
@ -157,6 +160,12 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if (is_critical) {
|
||||||
|
/* Data is marked as critical: fail */
|
||||||
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
|
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
*p = end_ext_data;
|
*p = end_ext_data;
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user