[PATCH] tls: Fix to handle X.509 v1 certificates correctly

[Denys Vlasenko]

On Fri, Jun 8, 2018 at 11:05 PM, ivan at algosolutions.com
<ivan at algosolutions.com> wrote:
> From 895b58aae3fcae5a86b7650cc71288c5dcf7a3ff Mon Sep 17 00:00:00 2001
> From: Ivan Abrea <ivan at algosolutions.com>
> Date: Fri, 8 Jun 2018 13:42:22 -0700
> Subject: [PATCH] tls: Fix to handle X.509 v1 certificates correctly

Please resend as attachment, the mail got mangled
("quoted-printable" something).

> diff --git a/networking/tls.c b/networking/tls.c
> index 99722cf..6f4050e 100644
> --- a/networking/tls.c
> +++ b/networking/tls.c
> @@ -1082,6 +1082,8 @@ static void find_key_in_der_cert(tls_state_t *tls,
> uint8_t *der, int len)
>   * We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey
>   */
>      uint8_t *end = der + len;
> +    uint8_t tag_class, pc, tag_number;
> +    int version_present;
>
>      /* enter "Certificate" item: [der, end) will be only Cert */
>      der = enter_der_item(der, &end);
> @@ -1089,8 +1091,23 @@ static void find_key_in_der_cert(tls_state_t *tls,
> uint8_t *der, int len)
>      /* enter "tbsCertificate" item: [der, end) will be only tbsCert */
>      der = enter_der_item(der, &end);
>
> +    /*
> +     * Skip version field only if it is present. For a v1 certificate, the
> +     * version field won't be present since v1 is the default value for the
> +     * version field and fields with default values should be omitted. If
> +     * the version field is present it will have a tag class of 2
> +     * (context-specific), bit 6 will be 1 (constructed), and a tag number
> +     * of 0.
> +     */
> +    tag_class = der[0] >> 6; /* bits 7-8 */
> +    pc = (der[0] & 32) >> 5; /* bit 6 */
> +    tag_number = der[0] & 31; /* bits 1-5 */
> +    version_present = tag_class == 2 && pc == 1 && tag_number == 0;
> +    if (version_present) {
> +        der = skip_der_item(der, end); /* version */
> +    }
> +

Can you expand a bit which RFC this is described in, for future readers
of this part of the code?