From 529f25d1199c9f12531247c2e78706b4bbae3ba0 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 2 May 2019 14:48:25 +0100
Subject: [PATCH] Don't use mbedtls_asn1_get_sequence_of() in x509_crt.c

This commit modifies the implementation of x509_get_ext_key_usage()
to not rely on mbedtls_asn1_get_sequence_of() but to instead use
mbedtls_asn1_traverse_sequence_of() with the same sequence-building
callback that also x509_get_subject_alt_name() uses, and which agrees
with the callback used by mbedtls_asn1_get_sequence_of().

The reason for this is that with this change, Mbed TLS itself isn't
using mbedtls_asn1_get_sequence_of() anymore, but only the more powerful
mbedtls_asn1_traverse_sequence_of(), so that unless application code
makes use of mbedtls_asn1_get_sequence_of(), its implementation
-- including the underlying sequence building callback -- will be
removed by link time garbage collection.
---
 library/x509_crt.c | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index e2de120ce..75ea5e604 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -803,23 +803,10 @@ static int x509_get_key_usage( unsigned char **p,
     return( 0 );
 }
 
-/*
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
-{
-    return( mbedtls_asn1_get_sequence_of( p, end, ext_key_usage,
-                                          MBEDTLS_ASN1_OID ) );
-}
-
-static int x509_get_subject_alt_name_cb( void *ctx,
-                                         int tag,
-                                         unsigned char *data,
-                                         size_t data_len )
+static int asn1_build_sequence_cb( void *ctx,
+                                   int tag,
+                                   unsigned char *data,
+                                   size_t data_len )
 {
     mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx;
     mbedtls_asn1_sequence *cur = *cur_ptr;
@@ -841,6 +828,22 @@ static int x509_get_subject_alt_name_cb( void *ctx,
     return( 0 );
 }
 
+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_x509_sequence *ext_key_usage)
+{
+    return( mbedtls_asn1_traverse_sequence_of( p, end,
+                                               0xFF, MBEDTLS_ASN1_OID,
+                                               0, 0,
+                                               asn1_build_sequence_cb,
+                                               (void*) &ext_key_usage ) );
+}
+
 /*
  * SubjectAltName ::= GeneralNames
  *
@@ -876,7 +879,7 @@ static int x509_get_subject_alt_name( unsigned char *p,
                                                MBEDTLS_ASN1_CONTEXT_SPECIFIC,
                                                MBEDTLS_ASN1_TAG_VALUE_MASK,
                                                2 /* SubjectAlt DNS */,
-                                               x509_get_subject_alt_name_cb,
+                                               asn1_build_sequence_cb,
                                                (void*) &subject_alt_name ) );
 }