From c3c6e7867ea726523c48a09ed66afb4f5cea6e43 Mon Sep 17 00:00:00 2001
From: u707860 <peter.d.fredriksson@afconsult.com>
Date: Tue, 14 Aug 2018 08:34:46 +0200
Subject: [PATCH 1/2] Added parsing of v3 extension subject key identifier

---
 include/mbedtls/x509_crt.h |  2 ++
 library/oid.c              |  4 ++++
 library/x509_crt.c         | 15 +++++++++++++++
 3 files changed, 21 insertions(+)

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index d41ec93a66e7..85e58afc6ad2 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -73,6 +73,8 @@ typedef struct mbedtls_x509_crt
     mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
     mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
     mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
+    mbedtls_x509_buf subject_key_id;    /**< Optional X.509 v3 extension subject key identifier. */
+
     mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
 
     int ext_types;              /**< Bit string containing detected and parsed extensions */
diff --git a/library/oid.c b/library/oid.c
index edea950f8fab..2e04251676ed 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -278,6 +278,10 @@ static const oid_x509_ext_t oid_x509_ext[] =
         { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ),         "id-netscape-certtype",     "Netscape Certificate Type" },
         MBEDTLS_X509_EXT_NS_CERT_TYPE,
     },
+    {
+        { ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier",           "Subject Key Identifier" }, //Peter added
+        MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER,
+    },
     {
         { NULL, 0, NULL, NULL },
         0,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 290c1eb3d1b2..a630486244b4 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -648,6 +648,21 @@ static int x509_get_crt_ext( unsigned char **p,
                 return( ret );
             break;
 
+        case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
+            if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+                MBEDTLS_ASN1_OCTET_STRING ) ) == 0 )
+            {
+                crt->subject_key_id.len = len;
+                crt->subject_key_id.tag =  MBEDTLS_ASN1_OCTET_STRING;
+                crt->subject_key_id.p = *p;
+                *p +=len;
+            }
+            else
+            {
+                return( ret );
+            }
+            break;
+
         case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
             /* Parse subject alt name */
             if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,

From 9b4c0f43585890a748281c089b88f2a778016492 Mon Sep 17 00:00:00 2001
From: u707860 <peter.d.fredriksson@afconsult.com>
Date: Wed, 14 Nov 2018 08:41:55 +0100
Subject: [PATCH 2/2] Fixed some minors after review of pull request

---
 ChangeLog          |  1 +
 library/oid.c      |  2 +-
 library/x509_crt.c | 12 ++++++------
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 214b414eb920..37508894dd04 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,7 @@ Features
      may be up to two bytes shorter. This allows the library to support all
      hash and signature sizes that comply with FIPS 186-4, including SHA-512
      with a 1024-bit key.
+   * Added parsing of x509 v3 extension subject key identifier.
 
 Bugfix
    * Fix wrong order of freeing in programs/ssl/ssl_server2 example
diff --git a/library/oid.c b/library/oid.c
index 2e04251676ed..0ea9b622d940 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -279,7 +279,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
         MBEDTLS_X509_EXT_NS_CERT_TYPE,
     },
     {
-        { ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier",           "Subject Key Identifier" }, //Peter added
+        { ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier",           "Subject Key Identifier" }, 
         MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER,
     },
     {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 2807dd18321b..e1be0426fa32 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -802,16 +802,16 @@ static int x509_get_crt_ext( unsigned char **p,
 
         case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
             if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                MBEDTLS_ASN1_OCTET_STRING ) ) == 0 )
+                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
             {
-                crt->subject_key_id.len = len;
-                crt->subject_key_id.tag =  MBEDTLS_ASN1_OCTET_STRING;
-                crt->subject_key_id.p = *p;
-                *p +=len;
+                return( ret );
             }
             else
             {
-                return( ret );
+                crt->subject_key_id.len = len;
+                crt->subject_key_id.tag = MBEDTLS_ASN1_OCTET_STRING;
+                crt->subject_key_id.p = *p;
+                *p += len;
             }
             break;