Skip to content

Commit ca2b22d

Browse files
authored
Enhance checks for OpenSSL (project-chip#40580)
1 parent e90a1bf commit ca2b22d

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

src/crypto/CHIPCryptoPALOpenSSL.cpp

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1678,16 +1678,20 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
16781678
}
16791679
}
16801680
break;
1681-
case NID_subject_key_identifier:
1681+
case NID_subject_key_identifier: {
16821682
VerifyOrExit(!isCritical && !extSKIDPresent, err = CHIP_ERROR_INTERNAL);
1683-
VerifyOrExit(X509_get0_subject_key_id(x509Cert)->length == kSubjectKeyIdentifierLength, err = CHIP_ERROR_INTERNAL);
1683+
const ASN1_OCTET_STRING * pSKID = X509_get0_subject_key_id(x509Cert);
1684+
VerifyOrExit(pSKID != nullptr && pSKID->length == kSubjectKeyIdentifierLength, err = CHIP_ERROR_INTERNAL);
16841685
extSKIDPresent = true;
16851686
break;
1686-
case NID_authority_key_identifier:
1687+
}
1688+
case NID_authority_key_identifier: {
16871689
VerifyOrExit(!isCritical && !extAKIDPresent, err = CHIP_ERROR_INTERNAL);
1688-
VerifyOrExit(X509_get0_authority_key_id(x509Cert)->length == kAuthorityKeyIdentifierLength, err = CHIP_ERROR_INTERNAL);
1690+
const ASN1_OCTET_STRING * pAKID = X509_get0_authority_key_id(x509Cert);
1691+
VerifyOrExit(pAKID != nullptr && pAKID->length == kAuthorityKeyIdentifierLength, err = CHIP_ERROR_INTERNAL);
16891692
extAKIDPresent = true;
16901693
break;
1694+
}
16911695
default:
16921696
break;
16931697
}

0 commit comments

Comments
 (0)