From bd5e50761729ceab0575cd905f821e9bd877ae17 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 29 Jun 2018 17:06:23 -0700
Subject: [PATCH] OID 1. When checking an OID sum against an OID string based
 on context, skip the unknown OIDs instead of treating them as parse errors.
 2. When getting an OID, pass the lower error upstream instead of just PARSE
 error.

---
 wolfcrypt/src/asn.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index ead6cc66a..84121040e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6437,9 +6437,9 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
 static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
 {
     word32 idx = 0, oid;
-    int length;
+    int length, ret;
 
-    WOLFSSL_ENTER("DecodeExtKeyUsage");
+    WOLFSSL_MSG("DecodeExtKeyUsage");
 
     if (GetSequence(input, &idx, &length, sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE");
@@ -6452,8 +6452,11 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
 #endif
 
     while (idx < (word32)sz) {
-        if (GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz) < 0)
-            return ASN_PARSE_E;
+        ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz);
+        if (ret == ASN_UNKNOWN_OID_E)
+            continue;
+        else if (ret < 0)
+            return ret;
 
         switch (oid) {
             case EKU_ANY_OID: