Add new function mbedtls_asn1_write_named_bitstring()

Add a new function mbedtls_asn1_write_named_bitstring() that removes trailing 0s at the end of DER encoded bitstrings. The function is implemented according to Hanno Becker's suggestions. This commit also changes the functions x509write_crt_set_ns_cert_type and crt_set_key_usage to call the new function as the use named bitstrings instead of the regular bitstrings.
2026-04-20 22:05:15 +00:00 · 2018-09-26 10:48:24 +01:00 · 2018-09-26 10:48:24 +01:00 · ec6329f23d
commit ec6329f23d
parent 62ec2dd68f
4 changed files with 109 additions and 24 deletions
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@ -276,6 +276,26 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
 int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
                                  const unsigned char *buf, size_t bits );

+/**
+ * \brief           Write a named bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ *                  As stated in RFC5280 Appending B, trailing zeroes are
+ *                  omitted when encoding named bitstrings in DER.
+ *
+ * \param p         Reference to current position pointer.
+ * \param start     Start of the buffer (for bounds-checking).
+ * \param buf       The bitstring.
+ * \param bits      The total number of bits in the bitstring.
+ *
+ * \return          The length written or a negative error code.
+ */
+int mbedtls_asn1_write_named_bitstring( unsigned char **p,
+                                        unsigned char *start,
+                                        const unsigned char *buf,
+                                        size_t bits );
+
 /**
 * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
 *                  and value in ASN.1 format.