[PATCH] tls: Fix to handle X.509 v1 certificates correctly
Denys Vlasenko
vda.linux at googlemail.com
Sat Jun 9 18:30:55 UTC 2018
On Fri, Jun 8, 2018 at 11:05 PM, ivan at algosolutions.com
<ivan at algosolutions.com> wrote:
> From 895b58aae3fcae5a86b7650cc71288c5dcf7a3ff Mon Sep 17 00:00:00 2001
> From: Ivan Abrea <ivan at algosolutions.com>
> Date: Fri, 8 Jun 2018 13:42:22 -0700
> Subject: [PATCH] tls: Fix to handle X.509 v1 certificates correctly
Please resend as attachment, the mail got mangled
("quoted-printable" something).
> diff --git a/networking/tls.c b/networking/tls.c
> index 99722cf..6f4050e 100644
> --- a/networking/tls.c
> +++ b/networking/tls.c
> @@ -1082,6 +1082,8 @@ static void find_key_in_der_cert(tls_state_t *tls,
> uint8_t *der, int len)
> * We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey
> */
> uint8_t *end = der + len;
> + uint8_t tag_class, pc, tag_number;
> + int version_present;
>
> /* enter "Certificate" item: [der, end) will be only Cert */
> der = enter_der_item(der, &end);
> @@ -1089,8 +1091,23 @@ static void find_key_in_der_cert(tls_state_t *tls,
> uint8_t *der, int len)
> /* enter "tbsCertificate" item: [der, end) will be only tbsCert */
> der = enter_der_item(der, &end);
>
> + /*
> + * Skip version field only if it is present. For a v1 certificate, the
> + * version field won't be present since v1 is the default value for the
> + * version field and fields with default values should be omitted. If
> + * the version field is present it will have a tag class of 2
> + * (context-specific), bit 6 will be 1 (constructed), and a tag number
> + * of 0.
> + */
> + tag_class = der[0] >> 6; /* bits 7-8 */
> + pc = (der[0] & 32) >> 5; /* bit 6 */
> + tag_number = der[0] & 31; /* bits 1-5 */
> + version_present = tag_class == 2 && pc == 1 && tag_number == 0;
> + if (version_present) {
> + der = skip_der_item(der, end); /* version */
> + }
> +
Can you expand a bit which RFC this is described in, for future readers
of this part of the code?
More information about the busybox
mailing list