commit 7c3c97ac13070a8aba2599262ef6c1f4b4446193
author Hanno Becker <hanno.becker@arm.com> Thu Oct 05 07:49:21 2017 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu Oct 05 07:49:21 2017 +0100
tree e60f0e8bb22d434a45edd384375c78505bc85d83
parent 3c89dca09e4445ef0748be201609cabd9bc4ed03

Don't add extensions for X.509 non-v3 certificates

This commit removes extension-writing code for X.509 non-v3 certificates from
x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.

library/x509write_crt.c

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index b644995..a6b095a 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -327,13 +327,19 @@
     /*
      *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
      */
-    ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
-                                                    ASN1_SEQUENCE ) );
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
-                                                    ASN1_CONSTRUCTED | 3 ) );
+
+    /* Only for v3 */
+    if( ctx->version == X509_CRT_VERSION_3 )
+    {
+        ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf,
+                                                  ctx->extensions ) );
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
+                                           ASN1_SEQUENCE ) );
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
+                                           ASN1_CONSTRUCTED | 3 ) );
+    }
 
     /*
      *  SubjectPublicKeyInfo