Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added parsing of v3 extension subject key identifier #2018

Closed
wants to merge 4 commits into from
Closed

Added parsing of v3 extension subject key identifier #2018

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c3c6e78
Added parsing of v3 extension subject key identifier
PeterFredrikssonAF Aug 14, 2018
0bba76e
Merge remote-tracking branch 'upstream/development' into development
PeterFredrikssonAF Sep 16, 2018
8fa63de
Merge remote-tracking branch 'upstream/development' into development
PeterFredrikssonAF Nov 12, 2018
9b4c0f4
Fixed some minors after review of pull request
PeterFredrikssonAF Nov 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ChangeLog
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ Features
may be up to two bytes shorter. This allows the library to support all
hash and signature sizes that comply with FIPS 186-4, including SHA-512
with a 1024-bit key.
* Added parsing of x509 v3 extension subject key identifier.

Bugfix
* Fix wrong order of freeing in programs/ssl/ssl_server2 example
Expand Down
2 changes: 2 additions & 0 deletions include/mbedtls/x509_crt.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ typedef struct mbedtls_x509_crt
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */

mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */

int ext_types; /**< Bit string containing detected and parsed extensions */
Expand Down
4 changes: 4 additions & 0 deletions library/oid.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,10 @@ static const oid_x509_ext_t oid_x509_ext[] =
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
MBEDTLS_X509_EXT_NS_CERT_TYPE,
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), "id-ce-subjectKeyIdentifier", "Subject Key Identifier" },
MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER,
},
{
{ NULL, 0, NULL, NULL },
0,
Expand Down
15 changes: 15 additions & 0 deletions library/x509_crt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,6 +800,21 @@ static int x509_get_crt_ext( unsigned char **p,
return( ret );
break;

case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
{
return( ret );
}
else
{
crt->subject_key_id.len = len;
crt->subject_key_id.tag = MBEDTLS_ASN1_OCTET_STRING;
crt->subject_key_id.p = *p;
*p += len;
}
break;

case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
/* Parse subject alt name */
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
Expand Down