Generalized the x509write_csr_set_key_usage() function and key_usage

storage

include/polarssl/asn1.h

@@ -93,7 +93,10 @@
 /** Returns the size of the binary string, without the trailing \\0 */
 #define OID_SIZE(x) (sizeof(x) - 1)
 
-/** Compares two asn1_buf structures for the same OID */
+/** Compares two asn1_buf structures for the same OID. Only works for
+ *  'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
+ *  char *oid' here!
+ */
 #define OID_CMP(oid_str, oid_buf)                                   \
         ( ( OID_SIZE(oid_str) == (oid_buf)->len ) &&                \
           memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0 )
@@ -139,6 +142,17 @@ typedef struct _asn1_sequence
 }
 asn1_sequence;
 
+/**
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct _asn1_named_data
+{
+    asn1_buf oid;                   /**< The object identifier. */
+    asn1_buf val;                   /**< The named value. */
+    struct _asn1_named_data *next;  /**< The next entry in the sequence. */
+}
+asn1_named_data;
+
 /**
  * Get the length of an ASN.1 element.
  * Updates the pointer to immediately behind the length.
@@ -286,6 +300,25 @@ int asn1_get_alg_null( unsigned char **p,
                        const unsigned char *end,
                        asn1_buf *alg );
 
+/**
+ * Find a specific named_data entry in a sequence or list based on the OID.
+ *
+ * \param list  The list to seek through
+ * \param oid   The OID to look for
+ * \param len   Size of the OID
+ *
+ * \return      NULL if not found, or a pointer to the existing entry.
+ */
+asn1_named_data *asn1_find_named_data( asn1_named_data *list,
+                                       const char *oid, size_t len );
+
+/**
+ * Free a asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void asn1_free_named_data( asn1_named_data *entry );
+
 #ifdef __cplusplus
 }
 #endif

include/polarssl/x509.h

@@ -146,7 +146,7 @@
 extern "C" {
 #endif
 
-/** 
+/**
  * \addtogroup x509_module
  * \{ */
 
@@ -154,8 +154,8 @@ extern "C" {
  * \name Structures for parsing X.509 certificates and CRLs
  * \{
  */
- 
-/** 
+
+/**
  * Type-length-value structure that allows for ASN1 using DER.
  */
 typedef asn1_buf x509_buf;
@@ -166,16 +166,10 @@ typedef asn1_buf x509_buf;
 typedef asn1_bitstring x509_bitstring;
 
 /**
- * Container for ASN1 named information objects. 
+ * Container for ASN1 named information objects.
  * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
  */
-typedef struct _x509_name
-{
-    x509_buf oid;               /**< The object identifier. */
-    x509_buf val;               /**< The named value. */
-    struct _x509_name *next;    /**< The next named information object. */
-}
-x509_name;
+typedef asn1_named_data x509_name;
 
 /**
  * Container for a sequence of ASN.1 items
@@ -190,7 +184,7 @@ typedef struct _x509_time
 }
 x509_time;
 
-/** 
+/**
  * Container for an X.509 certificate. The certificate may be chained.
  */
 typedef struct _x509_cert

include/polarssl/x509write.h

@@ -80,7 +80,7 @@ typedef struct _x509_csr
     rsa_context *rsa;
     x509_req_name *subject;
     md_type_t md_alg;
-    unsigned char key_usage;
+    asn1_named_data *extensions;
 }
 x509_csr;
 
@@ -131,8 +131,10 @@ void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg );
  *
  * \param ctx       CSR context to use
  * \param key_usage key usage bitstring to set
+ *
+ * \return          0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
  */
-void x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage );
+int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage );
 
 /**
  * \brief           Free the contents of a CSR context