Google Git
Sign in
boringssl/boringssl.git/2f3958a4156d95c7e9778979acda4e43c7d15979^!/./ssl/ssl_cert.cc
commit
2f3958a4156d95c7e9778979acda4e43c7d15979
[log]
author
David Benjamin <davidben@google.com>
Fri Apr 16 11:55:23 2021 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Apr 16 16:41:54 2021 +0000
tree
1ec649284332830a17b4822c258d912fd56b9d95
parent
b571e77773ef875f7ba9f1d2bba81f305152703e [diff] [blame]
Fix issuerUID and subjectUID parsing in the key usage checker.

We have a few too many X.509 parsers.

Bug: chromium:1199744
Change-Id: Ib6f6b7bf6059ed542c334a5ca5a2d3928aae3bef
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46904
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index c64303a..68e010a 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc

@@ -548,13 +548,11 @@
       // subjectPublicKeyInfo
       !CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
       // issuerUniqueID
-      !CBS_get_optional_asn1(
-          &tbs_cert, NULL, NULL,
-          CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
+      !CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
+                             CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
       // subjectUniqueID
-      !CBS_get_optional_asn1(
-          &tbs_cert, NULL, NULL,
-          CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
+      !CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
+                             CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
       !CBS_get_optional_asn1(
           &tbs_cert, &outer_extensions, &has_extensions,
           CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {