mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 20:05:37 +00:00
Implement ExtKeyUsage traversal via ASN.1 SEQUENCE OF traversal
This commit re-implements the `ExtendedKeyUsage` traversal routine in terms of the generic ASN.1 SEQUENCE traversal routine.
This commit is contained in:
parent
90b9408dd0
commit
c7c638eddd
|
@ -1650,14 +1650,44 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
const char *oid;
|
||||||
|
size_t oid_len;
|
||||||
|
} x509_crt_check_ext_key_usage_cb_ctx_t;
|
||||||
|
|
||||||
|
static int x509_crt_check_ext_key_usage_cb( void *ctx,
|
||||||
|
int tag,
|
||||||
|
unsigned char *data,
|
||||||
|
size_t data_len )
|
||||||
|
{
|
||||||
|
x509_crt_check_ext_key_usage_cb_ctx_t *cb_ctx =
|
||||||
|
(x509_crt_check_ext_key_usage_cb_ctx_t *) ctx;
|
||||||
|
((void) tag);
|
||||||
|
|
||||||
|
if( MBEDTLS_OID_CMP_RAW( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE,
|
||||||
|
data, data_len ) == 0 )
|
||||||
|
{
|
||||||
|
return( 1 );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( data_len == cb_ctx->oid_len && memcmp( data, cb_ctx->oid,
|
||||||
|
data_len ) == 0 )
|
||||||
|
{
|
||||||
|
return( 1 );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
||||||
const char *usage_oid,
|
const char *usage_oid,
|
||||||
size_t usage_len )
|
size_t usage_len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
|
||||||
unsigned ext_types;
|
unsigned ext_types;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
|
x509_crt_check_ext_key_usage_cb_ctx_t cb_ctx = { usage_oid, usage_len };
|
||||||
|
|
||||||
/* Extension is not mandatory, absent means no restriction */
|
/* Extension is not mandatory, absent means no restriction */
|
||||||
ext_types = crt->ext_types;
|
ext_types = crt->ext_types;
|
||||||
|
@ -1667,50 +1697,14 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
||||||
p = crt->ext_key_usage_raw.p;
|
p = crt->ext_key_usage_raw.p;
|
||||||
end = p + crt->ext_key_usage_raw.len;
|
end = p + crt->ext_key_usage_raw.len;
|
||||||
|
|
||||||
ret = mbedtls_asn1_get_tag( &p, end, &len,
|
ret = mbedtls_asn1_traverse_sequence_of( &p, end,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED |
|
0xFF, MBEDTLS_ASN1_OID, 0, 0,
|
||||||
MBEDTLS_ASN1_SEQUENCE );
|
x509_crt_check_ext_key_usage_cb,
|
||||||
if( ret != 0 )
|
&cb_ctx );
|
||||||
goto exit;
|
if( ret == 1 )
|
||||||
|
return( 0 );
|
||||||
if( end != p + len )
|
|
||||||
{
|
|
||||||
ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( len == 0 )
|
|
||||||
{
|
|
||||||
ret = MBEDTLS_ERR_ASN1_INVALID_LENGTH;
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
while( p < end )
|
|
||||||
{
|
|
||||||
ret = mbedtls_asn1_get_tag( &p, end, &len,
|
|
||||||
MBEDTLS_ASN1_OID );
|
|
||||||
if( ret != 0 )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
if( usage_oid != NULL )
|
|
||||||
{
|
|
||||||
if( len == usage_len && memcmp( p, usage_oid, len ) == 0 )
|
|
||||||
return( 0 );
|
|
||||||
|
|
||||||
if( MBEDTLS_OID_CMP_RAW( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE,
|
|
||||||
p, len ) == 0 )
|
|
||||||
{
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
p += len;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
exit:
|
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue