Add buffer holding raw ExtKeyUsage extension data to CRT struct

The previous commits replace the use of dynamically allocated linked lists
for X.509 name inspection. This commit is the first in a series which attempts
the same for the `ExtendedKeyUsage` extension. So far, when a CRT is parsed,
the extension is traversed and converted into a dynamically allocated linked
list, which is then search through whenever the usage of a CRT needs to be
checked through `mbedtls_x509_check_extended_key_usage()`.

As a first step, this commit introduces a raw buffer holding the bounds
of the `ExtendedKeyUsage` extension to the `mbedtls_x509_crt` structure.
This commit is contained in:
Hanno Becker 2019-02-21 14:24:05 +00:00
parent 8b543b3ca8
commit 7ec9c368f1
2 changed files with 4 additions and 1 deletions

View file

@ -88,6 +88,7 @@ typedef struct mbedtls_x509_crt
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
mbedtls_x509_buf_raw ext_key_usage_raw; /**< Raw data of ExtendedKeyUsage extensions. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */

View file

@ -697,6 +697,8 @@ static int x509_get_crt_ext( unsigned char **p,
case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
/* Parse extended key usage */ /* Parse extended key usage */
crt->ext_key_usage_raw.p = *p;
crt->ext_key_usage_raw.len = end_ext_octet - *p;
if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
&crt->ext_key_usage ) ) != 0 ) &crt->ext_key_usage ) ) != 0 )
return( ret ); return( ret );