WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

X.509 

1. Added stubs for the Extended Key Usage and Inhibit anyPolicy
   extensions.
2. Key Usage extension is decoded normally.
3. Certificate Policy extension is noted normally.
pull/1/head
John Safranek 2014-03-14 15:48:33 -07:00
parent 4ac70de055
commit bcd7f03495
2 changed files with 57 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ctaocrypt/src/asn.c
View File

@ -1280,6 +1280,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extSubjKeyIdSet = 0;
XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE);
cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0;
cert->isCA = 0;
#ifdef HAVE_PKCS7
cert->issuerRaw = NULL;
@ -1316,9 +1318,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extSubjAltNameCrit = 0;
cert->extAuthKeyIdCrit = 0;
cert->extSubjKeyIdCrit = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsageCrit = 0;
cert->extKeyUsage = 0;
cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL;
@ -2950,11 +2950,13 @@ static int DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert)
int length = 0;
CYASSL_ENTER("DecodeBasicCaConstraint");
if (GetSequence(input, &idx, &length, sz) < 0)
if (GetSequence(input, &idx, &length, sz) < 0) {
CYASSL_MSG("\tfail: bad SEQUENCE");
return ASN_PARSE_E;
}
if (length == 0)
return ASN_PARSE_E;
return 0;
/* If the basic ca constraint is false, this extension may be named, but
* left empty. So, if the length is 0, just return. */
@ -3205,9 +3207,8 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
}
#ifdef OPENSSL_EXTRA
static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
{
static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
{
word32 idx = 0;
int length;
byte unusedBits;
@ -3234,8 +3235,7 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
cert->extKeyUsage = (word16)(input[idx] << 1);
return 0;
}
#endif /* OPENSSL_EXTRA */
}
#ifdef CYASSL_SEP
@ -3394,25 +3394,34 @@ static int DecodeCertExtensions(DecodedCert* cert)
return ASN_PARSE_E;
break;
#ifdef CYASSL_SEP
case CERT_POLICY_OID:
CYASSL_MSG("Certificate Policy extension not supported yet.");
#ifdef CYASSL_SEP
#ifdef OPENSSL_EXTRA
cert->extCertPolicySet = 1;
cert->extCertPolicyCrit = critical;
#endif
if (DecodeCertPolicy(&input[idx], length, cert) < 0)
return ASN_PARSE_E;
break;
#endif
break;
#ifdef OPENSSL_EXTRA
case KEY_USAGE_OID:
cert->extKeyUsageSet = 1;
#ifdef OPENSSL_EXTRA
cert->extKeyUsageCrit = critical;
#endif
if (DecodeKeyUsage(&input[idx], length, cert) < 0)
return ASN_PARSE_E;
break;
#endif
case EXT_KEY_USAGE_OID:
CYASSL_MSG("Extended Key Usage extension not supported yet.");
break;
case INHIBIT_ANY_OID:
CYASSL_MSG("Inhibit anyPolicy extension not supported yet.");
break;
default:
/* While it is a failure to not support critical extensions,

8
cyassl/ctaocrypt/asn.h
View File

@ -216,7 +216,9 @@ enum Extensions_Sum {
AUTH_KEY_OID = 149,
SUBJ_KEY_OID = 128,
CERT_POLICY_OID = 146,
KEY_USAGE_OID = 129 /* 2.5.29.15 */
KEY_USAGE_OID = 129, /* 2.5.29.15 */
INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
};
enum CertificatePolicy_Sum {
@ -332,6 +334,8 @@ struct DecodedCert {
byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
byte isCA; /* CA basic constraint true */
byte extKeyUsageSet;
word16 extKeyUsage; /* Key usage bitfield */
#ifdef OPENSSL_EXTRA
byte extBasicConstSet;
byte extBasicConstCrit;
@ -341,9 +345,7 @@ struct DecodedCert {
byte extSubjAltNameCrit;
byte extAuthKeyIdCrit;
byte extSubjKeyIdCrit;
byte extKeyUsageSet;
byte extKeyUsageCrit;
word16 extKeyUsage; /* Key usage bitfield */
byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc;