refactor(auth): use a single function for parsing extensions
Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data. This is error prone and caused TFV-10 (CVE-2022-47630).
A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation. cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.
Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037 Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
projects / arm-tf.git / commit