os_stub/cryptlib_mbedtls: x509: Don't copy some NIDs

alistair23 · alistair23 · commit bf994c0b47e9 · 2023-11-22T10:36:37.000+10:00
Avoid copying the basic_constraints NID as we already set it ourselves
and also avoid copying the authority_key_identifier as it won't be
correct on the CSR.

Signed-off-by: Alistair Francis &lt;alistair.francis@wdc.com&gt;
diff --git a/os_stub/cryptlib_mbedtls/pk/x509.c b/os_stub/cryptlib_mbedtls/pk/x509.c
@@ -2110,6 +2110,16 @@ bool libspdm_gen_x509_csr(size_t hash_nid, size_t asym_nid,
             goto free_all;
         }
 
+        if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_BASIC_CONSTRAINTS, next_oid->buf.p, oid_tag_len) == 0) {
+            next_oid = next_oid->next;
+            continue;
+        }
+
+        if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, next_oid->buf.p, oid_tag_len) == 0) {
+            next_oid = next_oid->next;
+            continue;
+        }
+
         if (mbedtls_x509write_csr_set_extension(&req, next_oid->buf.p,
                                                 oid_tag_len,
                                                 next_oid->buf.p + oid_tag_len,
