commit d96027acd25a2f15f5792f5d5b8bac413fa16b57
author toth92g <toth92g@gmail.com> Tue Apr 27 15:41:25 2021 +0200
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Apr 04 17:48:27 2023 +0200
tree 81a047abce75940abce90cb42c47f5249543fe88
parent 0e2e2d684111e8e9240e438cb4735ab73ea6d7ca

Correcting documentation issues:
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>

ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt

diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
index cf4c9e9..9aa3ff9 100644
--- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
+++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
@@ -1,2 +1,3 @@
-API changes
-   * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields
+Features
+   * When parsing X.509 certificates, support the extensions
+     SignatureKeyIdentifier and AuthorityKeyIdentifier.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index e7a98dd..8cb78e5 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -608,6 +608,11 @@
         *p += len;
     }
 
+    if (*p != end) {
+        return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
     return 0;
 }