Don't use mbedtls_asn1_get_sequence_of() in x509_crt.c

This commit modifies the implementation of x509_get_ext_key_usage() to not rely on mbedtls_asn1_get_sequence_of() but to instead use mbedtls_asn1_traverse_sequence_of() with the same sequence-building callback that also x509_get_subject_alt_name() uses, and which agrees with the callback used by mbedtls_asn1_get_sequence_of(). The reason for this is that with this change, Mbed TLS itself isn't using mbedtls_asn1_get_sequence_of() anymore, but only the more powerful mbedtls_asn1_traverse_sequence_of(), so that unless application code makes use of mbedtls_asn1_get_sequence_of(), its implementation -- including the underlying sequence building callback -- will be removed by link time garbage collection.
2025-01-11 07:35:40 +00:00 · 2019-05-02 14:48:25 +01:00 · 2019-05-02 14:48:25 +01:00 · 529f25d119
parent 15b73b4066
commit 529f25d119
1 changed files with 21 additions and 18 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -803,23 +803,10 @@ static int x509_get_key_usage( unsigned char **p,
    return( 0 );
 }

-/*
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
-{
-    return( mbedtls_asn1_get_sequence_of( p, end, ext_key_usage,
-                                          MBEDTLS_ASN1_OID ) );
-}
-
-static int x509_get_subject_alt_name_cb( void *ctx,
-                                         int tag,
-                                         unsigned char *data,
-                                         size_t data_len )
+static int asn1_build_sequence_cb( void *ctx,
+                                   int tag,
+                                   unsigned char *data,
+                                   size_t data_len )
 {
    mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx;
    mbedtls_asn1_sequence *cur = *cur_ptr;
@ -841,6 +828,22 @@ static int x509_get_subject_alt_name_cb( void *ctx,
    return( 0 );
 }

+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_x509_sequence *ext_key_usage)
+{
+    return( mbedtls_asn1_traverse_sequence_of( p, end,
+                                               0xFF, MBEDTLS_ASN1_OID,
+                                               0, 0,
+                                               asn1_build_sequence_cb,
+                                               (void*) &ext_key_usage ) );
+}
+
 /*
 * SubjectAltName ::= GeneralNames
 *
@ -876,7 +879,7 @@ static int x509_get_subject_alt_name( unsigned char *p,
                                               MBEDTLS_ASN1_CONTEXT_SPECIFIC,
                                               MBEDTLS_ASN1_TAG_VALUE_MASK,
                                               2 /* SubjectAlt DNS */,
-                                               x509_get_subject_alt_name_cb,
+                                               asn1_build_sequence_cb,
                                               (void*) &subject_alt_name ) );
 }