An encoding tag problem of mbedtls_x509write_crt_der

[LeNidViolet]

Description

• Type: Bug
• Priority: Major

---

Bug

When the subject_name or issuer_name contains non-ASCII printable characters (such as Chinese, Japanese, Russian, etc.), the certificate content output by mbedtls_x509write_crt_der will have some problems.

This problem can be replay with cert_write program.
Just set subject_name=CN=Cert,O=中文汉字,C=UK

When the program runs successfully, the certificate can be generated, but when you view the contents of the certificate, you can find that the contents of the subject and/or issuer are not correct.

After debugging, I found the problem appeared here.

mbedtls_x509write_crt_der()
-> mbedtls_x509_write_names()
-> x509_write_name()
-> mbedtls_asn1_write_printable_string():
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );

When I replace MBEDTLS_ASN1_PRINTABLE_STRING with MBEDTLS_ASN1_UTF8_STRING, there is no problem.

This seems to be due to the use of the wrong TAG, which causes the system cannot decode the certificate content properly.

[RonEld]

@raprepo Thank you for reporting this issue!
I believe this is a duplicate of #468
Please confirm

[ciarmcom]

ARM Internal Ref: IOTSSL-2521

[hanno-becker]

Fixed through PR #1641.