Merge branch 'busybox'

author: Ron Yorston <rmy@pobox.com> 2018-07-25 10:41:42 +0100
committer: Ron Yorston <rmy@pobox.com> 2018-07-25 10:41:42 +0100
commit: 59873514f17cefd6ba3997dad5779f75433fd4e6 (patch)
tree: 1c9d0a3450ed95f0b820285b9f9fc217c902e652 /networking/tls.c
parent: 779fd5745ac11bf752f5f4b977a274a39c192f90 (diff)
parent: 81de30de05beebabfa72f2a01ec4f33e9a1923e3 (diff)
download: busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.tar.gz
busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.tar.bz2
busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.zip
1 files changed, 19 insertions, 1 deletions
diff --git a/networking/tls.c b/networking/tls.c
index ec5a56d57..fce1d0ea6 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -1088,6 +1088,8 @@ static void find_key_in_der_cert(tls_state_t *tls, uint8_t *der, int len)
 * We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey
 */
        uint8_t *end = der + len;
+        uint8_t tag_class, pc, tag_number;
+        int version_present;
        /* enter "Certificate" item: [der, end) will be only Cert */
        der = enter_der_item(der, &end);
@@ -1095,8 +1097,24 @@ static void find_key_in_der_cert(tls_state_t *tls, uint8_t *der, int len)
        /* enter "tbsCertificate" item: [der, end) will be only tbsCert */
        der = enter_der_item(der, &end);
+        /*
+         * Skip version field only if it is present. For a v1 certificate, the
+         * version field won't be present since v1 is the default value for the
+         * version field and fields with default values should be omitted (see
+         * RFC 5280 sections 4.1 and 4.1.2.1). If the version field is present
+         * it will have a tag class of 2 (context-specific), bit 6 as 1
+         * (constructed), and a tag number of 0 (see ITU-T X.690 sections 8.1.2
+         * and 8.14).
+         */
+        tag_class = der[0] >> 6; /* bits 8-7 */
+        pc = (der[0] & 32) >> 5; /* bit 6 */
+        tag_number = der[0] & 31; /* bits 5-1 */
+        version_present = tag_class == 2 && pc == 1 && tag_number == 0;
+        if (version_present) {
+                der = skip_der_item(der, end); /* version */
+        }
        /* skip up to subjectPublicKeyInfo */
-        der = skip_der_item(der, end); /* version */
        der = skip_der_item(der, end); /* serialNumber */
        der = skip_der_item(der, end); /* signatureAlgo */
        der = skip_der_item(der, end); /* issuer */
author	Ron Yorston <rmy@pobox.com>	2018-07-25 10:41:42 +0100
committer	Ron Yorston <rmy@pobox.com>	2018-07-25 10:41:42 +0100
commit	59873514f17cefd6ba3997dad5779f75433fd4e6 (patch)
tree	1c9d0a3450ed95f0b820285b9f9fc217c902e652 /networking/tls.c
parent	779fd5745ac11bf752f5f4b977a274a39c192f90 (diff)
parent	81de30de05beebabfa72f2a01ec4f33e9a1923e3 (diff)
download	busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.tar.gz busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.tar.bz2 busybox-w32-59873514f17cefd6ba3997dad5779f75433fd4e6.zip

diff --git a/networking/tls.c b/networking/tls.c index ec5a56d57..fce1d0ea6 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -1088,6 +1088,8 @@ static void find_key_in_der_cert(tls_state_t tls, uint8_t der, int len)
1088	* We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey	1088	* We need Certificate.tbsCertificate.subjectPublicKeyInfo.publicKey
1089	*/	1089	*/
1090	uint8_t *end = der + len;	1090	uint8_t *end = der + len;
		1091	uint8_t tag_class, pc, tag_number;
		1092	int version_present;
1091		1093
1092	/* enter "Certificate" item: [der, end) will be only Cert */	1094	/* enter "Certificate" item: [der, end) will be only Cert */
1093	der = enter_der_item(der, &end);	1095	der = enter_der_item(der, &end);
@@ -1095,8 +1097,24 @@ static void find_key_in_der_cert(tls_state_t tls, uint8_t der, int len)
1095	/* enter "tbsCertificate" item: [der, end) will be only tbsCert */	1097	/* enter "tbsCertificate" item: [der, end) will be only tbsCert */
1096	der = enter_der_item(der, &end);	1098	der = enter_der_item(der, &end);
1097		1099
		1100	/*
		1101	* Skip version field only if it is present. For a v1 certificate, the
		1102	* version field won't be present since v1 is the default value for the
		1103	* version field and fields with default values should be omitted (see
		1104	* RFC 5280 sections 4.1 and 4.1.2.1). If the version field is present
		1105	* it will have a tag class of 2 (context-specific), bit 6 as 1
		1106	* (constructed), and a tag number of 0 (see ITU-T X.690 sections 8.1.2
		1107	* and 8.14).
		1108	*/
		1109	tag_class = der[0] >> 6; /* bits 8-7 */
		1110	pc = (der[0] & 32) >> 5; /* bit 6 */
		1111	tag_number = der[0] & 31; /* bits 5-1 */
		1112	version_present = tag_class == 2 && pc == 1 && tag_number == 0;
		1113	if (version_present) {
		1114	der = skip_der_item(der, end); /* version */
		1115	}
		1116
1098	/* skip up to subjectPublicKeyInfo */	1117	/* skip up to subjectPublicKeyInfo */
1099	der = skip_der_item(der, end); /* version */
1100	der = skip_der_item(der, end); /* serialNumber */	1118	der = skip_der_item(der, end); /* serialNumber */
1101	der = skip_der_item(der, end); /* signatureAlgo */	1119	der = skip_der_item(der, end); /* signatureAlgo */
1102	der = skip_der_item(der, end); /* issuer */	1120	der = skip_der_item(der, end); /* issuer */