commit 529f25d1199c9f12531247c2e78706b4bbae3ba0
author Hanno Becker <hanno.becker@arm.com> Thu May 02 14:48:25 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Tue Jun 25 09:10:57 2019 +0100
tree 9dcde200c2e6439c3e500ad4c8fb58c336bd8dac
parent 15b73b4066ddc56b461ca876b91d1b3831a448a8

Don't use mbedtls_asn1_get_sequence_of() in x509_crt.c

This commit modifies the implementation of x509_get_ext_key_usage()
to not rely on mbedtls_asn1_get_sequence_of() but to instead use
mbedtls_asn1_traverse_sequence_of() with the same sequence-building
callback that also x509_get_subject_alt_name() uses, and which agrees
with the callback used by mbedtls_asn1_get_sequence_of().

The reason for this is that with this change, Mbed TLS itself isn't
using mbedtls_asn1_get_sequence_of() anymore, but only the more powerful
mbedtls_asn1_traverse_sequence_of(), so that unless application code
makes use of mbedtls_asn1_get_sequence_of(), its implementation
-- including the underlying sequence building callback -- will be
removed by link time garbage collection.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index e2de120..75ea5e6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -803,23 +803,10 @@
     return( 0 );
 }
 
-/*
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
-{
-    return( mbedtls_asn1_get_sequence_of( p, end, ext_key_usage,
-                                          MBEDTLS_ASN1_OID ) );
-}
-
-static int x509_get_subject_alt_name_cb( void *ctx,
-                                         int tag,
-                                         unsigned char *data,
-                                         size_t data_len )
+static int asn1_build_sequence_cb( void *ctx,
+                                   int tag,
+                                   unsigned char *data,
+                                   size_t data_len )
 {
     mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx;
     mbedtls_asn1_sequence *cur = *cur_ptr;
@@ -842,6 +829,22 @@
 }
 
 /*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_x509_sequence *ext_key_usage)
+{
+    return( mbedtls_asn1_traverse_sequence_of( p, end,
+                                               0xFF, MBEDTLS_ASN1_OID,
+                                               0, 0,
+                                               asn1_build_sequence_cb,
+                                               (void*) &ext_key_usage ) );
+}
+
+/*
  * SubjectAltName ::= GeneralNames
  *
  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
@@ -876,7 +879,7 @@
                                                MBEDTLS_ASN1_CONTEXT_SPECIFIC,
                                                MBEDTLS_ASN1_TAG_VALUE_MASK,
                                                2 /* SubjectAlt DNS */,
-                                               x509_get_subject_alt_name_cb,
+                                               asn1_build_sequence_cb,
                                                (void*) &subject_alt_name ) );
 }