Don't use mbedtls_asn1_get_sequence_of() in x509_crt.c

This commit modifies the implementation of x509_get_ext_key_usage()
to not rely on mbedtls_asn1_get_sequence_of() but to instead use
mbedtls_asn1_traverse_sequence_of() with the same sequence-building
callback that also x509_get_subject_alt_name() uses, and which agrees
with the callback used by mbedtls_asn1_get_sequence_of().

The reason for this is that with this change, Mbed TLS itself isn't
using mbedtls_asn1_get_sequence_of() anymore, but only the more powerful
mbedtls_asn1_traverse_sequence_of(), so that unless application code
makes use of mbedtls_asn1_get_sequence_of(), its implementation
-- including the underlying sequence building callback -- will be
removed by link time garbage collection.

library/x509_crt.c

@@ -803,23 +803,10 @@ static int x509_get_key_usage( unsigned char **p,
     return( 0 );
 }
 
-/*
+static int asn1_build_sequence_cb( void *ctx,
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+                                   int tag,
- *
+                                   unsigned char *data,
- * KeyPurposeId ::= OBJECT IDENTIFIER
+                                   size_t data_len )
- */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
-{
-    return( mbedtls_asn1_get_sequence_of( p, end, ext_key_usage,
-                                          MBEDTLS_ASN1_OID ) );
-}
-
-static int x509_get_subject_alt_name_cb( void *ctx,
-                                         int tag,
-                                         unsigned char *data,
-                                         size_t data_len )
 {
     mbedtls_asn1_sequence **cur_ptr = (mbedtls_asn1_sequence **) ctx;
     mbedtls_asn1_sequence *cur = *cur_ptr;
@@ -841,6 +828,22 @@ static int x509_get_subject_alt_name_cb( void *ctx,
     return( 0 );
 }
 
+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_x509_sequence *ext_key_usage)
+{
+    return( mbedtls_asn1_traverse_sequence_of( p, end,
+                                               0xFF, MBEDTLS_ASN1_OID,
+                                               0, 0,
+                                               asn1_build_sequence_cb,
+                                               (void*) &ext_key_usage ) );
+}
+
 /*
  * SubjectAltName ::= GeneralNames
  *
@@ -876,7 +879,7 @@ static int x509_get_subject_alt_name( unsigned char *p,
                                                MBEDTLS_ASN1_CONTEXT_SPECIFIC,
                                                MBEDTLS_ASN1_TAG_VALUE_MASK,
                                                2 /* SubjectAlt DNS */,
-                                               x509_get_subject_alt_name_cb,
+                                               asn1_build_sequence_cb,
                                                (void*) &subject_alt_name ) );
 }