[PATCH] tls: Fix to handle X.509 v1 certificates correctly

Fri Jun 8 21:05:11 UTC 2018

From 895b58aae3fcae5a86b7650cc71288c5dcf7a3ff Mon Sep 17 00:00:00 2001
From: Ivan Abrea <ivan at algosolutions.com>
Date: Fri, 8 Jun 2018 13:42:22 -0700
Subject: [PATCH] tls: Fix to handle X.509 v1 certificates correctly

---
 networking/tls.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/networking/tls.c b/networking/tls.c
index 99722cf..6f4050e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -1082,6 +1082,8 @@ static void find_key_in_der_cert(tls_state_t *tls, uint8_t *der, int len)
  * We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey
  */
     uint8_t *end = der + len;
+    uint8_t tag_class, pc, tag_number;
+    int version_present;
 
     /* enter "Certificate" item: [der, end) will be only Cert */
     der = enter_der_item(der, &end);
@@ -1089,8 +1091,23 @@ static void find_key_in_der_cert(tls_state_t *tls, uint8_t *der, int len)
     /* enter "tbsCertificate" item: [der, end) will be only tbsCert */
     der = enter_der_item(der, &end);
 
+    /*
+     * Skip version field only if it is present. For a v1 certificate, the
+     * version field won't be present since v1 is the default value for the
+     * version field and fields with default values should be omitted. If
+     * the version field is present it will have a tag class of 2
+     * (context-specific), bit 6 will be 1 (constructed), and a tag number
+     * of 0.
+     */
+    tag_class = der[0] >> 6; /* bits 7-8 */
+    pc = (der[0] & 32) >> 5; /* bit 6 */
+    tag_number = der[0] & 31; /* bits 1-5 */
+    version_present = tag_class == 2 && pc == 1 && tag_number == 0;
+    if (version_present) {
+        der = skip_der_item(der, end); /* version */
+    }
+
     /* skip up to subjectPublicKeyInfo */
-    der = skip_der_item(der, end); /* version */
     der = skip_der_item(der, end); /* serialNumber */
     der = skip_der_item(der, end); /* signatureAlgo */
     der = skip_der_item(der, end); /* issuer */
-- 
2.7.4

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20180608/bc11b37c/attachment.html>
