Add buffer holding raw ExtKeyUsage extension data to CRT struct
The previous commits replace the use of dynamically allocated linked lists
for X.509 name inspection. This commit is the first in a series which attempts
the same for the `ExtendedKeyUsage` extension. So far, when a CRT is parsed,
the extension is traversed and converted into a dynamically allocated linked
list, which is then search through whenever the usage of a CRT needs to be
checked through `mbedtls_x509_check_extended_key_usage()`.
As a first step, this commit introduces a raw buffer holding the bounds
of the `ExtendedKeyUsage` extension to the `mbedtls_x509_crt` structure.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6e07ac6..0c71dae 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -87,7 +87,8 @@
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
- mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_buf_raw ext_key_usage_raw; /**< Raw data of ExtendedKeyUsage extensions. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1d5bedc..afc707b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -697,6 +697,8 @@
case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
/* Parse extended key usage */
+ crt->ext_key_usage_raw.p = *p;
+ crt->ext_key_usage_raw.len = end_ext_octet - *p;
if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
&crt->ext_key_usage ) ) != 0 )
return( ret );