Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 47a80556779a6ba6da2eee4641193bef90d6e872
commit47a80556779a6ba6da2eee4641193bef90d6e872[log] [tgz]
authorDemi Marie Obenour <demiobenour@gmail.com>Thu Dec 08 15:23:58 2022 -0500
committerDemi Marie Obenour <demiobenour@gmail.com>Thu Dec 29 18:41:10 2022 -0500
tree565578d9cdd43e8a702e5473d707599e3f1b54e9
parentfa07d049ee8b7df74899e10877297b928ec365cb [diff]
fix(auth): require at least one extension to be present

X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate.  TF-A already requires the extensions to be present,
but allows them to be empty.  However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension.  Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.

Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
1 file changed
tree: 565578d9cdd43e8a702e5473d707599e3f1b54e9
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .versionrc.js
  26. changelog.yaml
  27. dco.txt
  28. license.rst
  29. Makefile
  30. package-lock.json
  31. package.json
  32. readme.rst