Suppport otherName of type hardware module name

Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.

include/mbedtls/x509_crt.h

@@ -76,7 +76,7 @@ typedef struct mbedtls_x509_crt
     mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
     mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
     mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
-    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName and OtherName supported). */
 
     int ext_types;              /**< Bit string containing detected and parsed extensions */
     int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
@@ -97,6 +97,44 @@ typedef struct mbedtls_x509_crt
 }
 mbedtls_x509_crt;
 
+/*
+ * From RFC 5280 section 4.2.1.6:
+ * OtherName ::= SEQUENCE {
+ *      type-id    OBJECT IDENTIFIER,
+ *      value      [0] EXPLICIT ANY DEFINED BY type-id }
+ */
+typedef struct mbedtls_x509_san_other_name
+{
+    mbedtls_x509_buf type_id;                   /**< The type id. */
+    union
+    {
+        /*
+         * From RFC 4108 section 5:
+         * HardwareModuleName ::= SEQUENCE {
+         *                         hwType OBJECT IDENTIFIER,
+         *                         hwSerialNum OCTET STRING }
+         */
+        mbedtls_x509_name hardware_module_name;
+    }
+    value;
+}
+mbedtls_x509_san_other_name;
+
+/*
+ * A structure for holding the parsed Subject Alternative Name, according to type
+ */
+typedef struct mbedtls_x509_subject_alternative_name
+{
+    int type;                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+    union {
+        mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
+        mbedtls_x509_buf   unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
+    }
+    san; /**< A union of the supported SAN types */
+    struct mbedtls_x509_subject_alternative_name *next; /**< The next SAN in the list. */
+}
+mbedtls_x509_subject_alternative_name;
+
 /**
  * Build flag from an algorithm/curve identifier (pk, md, ecp)
  * Since 0 is always XXX_NONE, ignore it.
@@ -347,7 +385,26 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
  */
 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
 #endif /* MBEDTLS_FS_IO */
-
+/**
+ * \brief          Parses the subject alternative name list of a given certificate;
+ *
+ * \param crt      The X509 certificate to parse.
+ *
+ * \param san      A list holding the parsed certificate.
+ *
+ * \note           Only "dnsName" and "otherName" of type hardware_module_name,
+ *                 as defined in RFC 4180 is supported.
+ *
+ * \note           Any unsupported san type is ignored.
+ *
+ * \note           The function allocates a list of mbedtls_x509_subject_alternative_name
+ *                 and it is the caller's responsibility to free it.
+ *
+ * \return         Zero for success and negative
+ *                 value for any other failure.
+ */
+int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt,
+                                                 mbedtls_x509_subject_alternative_name **san );
 /**
  * \brief          Returns an informational string about the
  *                 certificate.