diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 5977fafd3..410fef876 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1321,6 +1321,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->extAuthKeyIdCrit = 0; cert->extSubjKeyIdCrit = 0; cert->extKeyUsageCrit = 0; + cert->extExtKeyUsageCrit = 0; + cert->extExtKeyUsageSrc = NULL; + cert->extExtKeyUsageSz = 0; + cert->extExtKeyUsageCount = 0; cert->extAuthKeyIdSrc = NULL; cert->extAuthKeyIdSz = 0; cert->extSubjKeyIdSrc = NULL; @@ -3261,13 +3265,18 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } + #ifdef OPENSSL_EXTRA + cert->extExtKeyUsageSrc = input + idx; + cert->extExtKeyUsageSz = length; + #endif + while (idx < (word32)sz) { if (GetObjectId(input, &idx, &oid, sz) < 0) return ASN_PARSE_E; switch (oid) { case EKU_ANY_OID: - cert->extExtKeyUsage = EXTKEYUSE_ANY; + cert->extExtKeyUsage |= EXTKEYUSE_ANY; break; case EKU_SERVER_AUTH_OID: cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH; @@ -3279,6 +3288,10 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN; break; } + + #ifdef OPENSSL_EXTRA + cert->extExtKeyUsageCount++; + #endif } return 0; diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 264d4dd91..fe961afdb 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -259,10 +259,10 @@ enum VerifyType { #define KEYUSE_ENCIPHER_ONLY 0x0002 #define KEYUSE_DECIPHER_ONLY 0x0001 +#define EXTKEYUSE_ANY 0x08 #define EXTKEYUSE_OCSP_SIGN 0x04 #define EXTKEYUSE_CLIENT_AUTH 0x02 #define EXTKEYUSE_SERVER_AUTH 0x01 -#define EXTKEYUSE_ANY 0xFF typedef struct DNS_entry DNS_entry; @@ -360,6 +360,9 @@ struct DecodedCert { byte extSubjKeyIdCrit; byte extKeyUsageCrit; byte extExtKeyUsageCrit; + byte* extExtKeyUsageSrc; + word32 extExtKeyUsageSz; + word32 extExtKeyUsageCount; byte* extAuthKeyIdSrc; word32 extAuthKeyIdSz; byte* extSubjKeyIdSrc;