os_stub/cryptlib_mbedtls: x509: Don't copy some NIDs

Avoid copying the basic_constraints NID as we already set it ourselves and also avoid copying the authority_key_identifier as it won't be correct on the CSR. Signed-off-by: Alistair Francis <[email protected]>
DMTF · Nov 29, 2023 · 84989bf · 84989bf
1 parent 495f047
commit 84989bf
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/os_stub/cryptlib_mbedtls/pk/x509.c b/os_stub/cryptlib_mbedtls/pk/x509.c
@@ -2110,6 +2110,17 @@ bool libspdm_gen_x509_csr(size_t hash_nid, size_t asym_nid,
             goto free_all;
         }
 
+        if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_BASIC_CONSTRAINTS, next_oid->buf.p, oid_tag_len) == 0) {
+            next_oid = next_oid->next;
+            continue;
+        }
+
+        if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, next_oid->buf.p,
+                                oid_tag_len) == 0) {
+            next_oid = next_oid->next;
+            continue;
+        }
+
         if (mbedtls_x509write_csr_set_extension(&req, next_oid->buf.p,
                                                 oid_tag_len,
                                                 next_oid->buf.p + oid_tag_len,