From 6e8f3faedd1e47901ead451696d898cb5d91fda9 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 10 Jan 2020 09:28:45 +1000
Subject: [PATCH] Fix when extAuthKeyIdSet is set.

Was set when extension is seen - extension may not have hash.
But is used to indicate that the hash is set - ie look up by hash.
---
 wolfcrypt/src/asn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 384f66e8a..f5252e571 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7554,6 +7554,7 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
 
     if (tag != (ASN_CONTEXT_SPECIFIC | 0)) {
         WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available\n");
+        cert->extAuthKeyIdSet = 0;
         return 0;
     }
 
@@ -8490,7 +8491,6 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
                 if (ret == 0) {
                     switch (oid) {
                     case AUTH_KEY_OID:
-                        extAuthKeyIdSet = 1;
                         if (GetSequence(cert, &extIdx, &extLen, certSz) < 0)
                             ret = ASN_PARSE_E;
 
@@ -8503,6 +8503,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
                             if (GetLength(cert, &extIdx, &extLen, certSz) <= 0)
                                 ret = ASN_PARSE_E;
                             if (ret == 0) {
+                                extAuthKeyIdSet = 1;
                                 if (extLen == KEYID_SIZE)
                                     XMEMCPY(hash, cert + extIdx, extLen);
                                 else {