Parsing v3 extensions from a CSR

A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

include/mbedtls/x509.h

@@ -370,6 +370,15 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
                            const char *oid, size_t oid_len,
                            unsigned char *sig, size_t size);
+int x509_get_ns_cert_type(unsigned char **p,
+                          const unsigned char *end,
+                          unsigned char *ns_cert_type);
+int x509_get_key_usage(unsigned char **p,
+                       const unsigned char *end,
+                       unsigned int *key_usage);
+int x509_get_subject_alt_name(unsigned char **p,
+                              const unsigned char *end,
+                              mbedtls_x509_sequence *subject_alt_name);
 
 #define MBEDTLS_X509_SAFE_SNPRINTF                          \
     do {                                                    \

include/mbedtls/x509_csr.h

@@ -58,6 +58,10 @@ typedef struct mbedtls_x509_csr {
 
     mbedtls_pk_context pk;          /**< Container for the public key context. */
 
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+
     mbedtls_x509_buf sig_oid;
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */