WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Ext Key Usage 

1. Store reference to raw EKU OIDs in the DecodedCert.
2. Fixed usage of the anyEKU.
pull/1/head
John Safranek 2014-03-21 09:37:10 -07:00
parent 08ae775406
commit e19e2a801d
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ctaocrypt/src/asn.c
View File

@ -1321,6 +1321,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthKeyIdCrit = 0; cert->extAuthKeyIdCrit = 0;
cert->extSubjKeyIdCrit = 0; cert->extSubjKeyIdCrit = 0;
cert->extKeyUsageCrit = 0; cert->extKeyUsageCrit = 0;
cert->extExtKeyUsageCrit = 0;
cert->extExtKeyUsageSrc = NULL;
cert->extExtKeyUsageSz = 0;
cert->extExtKeyUsageCount = 0;
cert->extAuthKeyIdSrc = NULL; cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0; cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL; cert->extSubjKeyIdSrc = NULL;
@ -3261,13 +3265,18 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
#ifdef OPENSSL_EXTRA
cert->extExtKeyUsageSrc = input + idx;
cert->extExtKeyUsageSz = length;
#endif
while (idx < (word32)sz) { while (idx < (word32)sz) {
if (GetObjectId(input, &idx, &oid, sz) < 0) if (GetObjectId(input, &idx, &oid, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
switch (oid) { switch (oid) {
case EKU_ANY_OID: case EKU_ANY_OID:
cert->extExtKeyUsage = EXTKEYUSE_ANY; cert->extExtKeyUsage |= EXTKEYUSE_ANY;
break; break;
case EKU_SERVER_AUTH_OID: case EKU_SERVER_AUTH_OID:
cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH; cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
@ -3279,6 +3288,10 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN; cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
break; break;
} }
#ifdef OPENSSL_EXTRA
cert->extExtKeyUsageCount++;
#endif
} }
return 0; return 0;

5
cyassl/ctaocrypt/asn.h
View File

@ -259,10 +259,10 @@ enum VerifyType {
#define KEYUSE_ENCIPHER_ONLY 0x0002 #define KEYUSE_ENCIPHER_ONLY 0x0002
#define KEYUSE_DECIPHER_ONLY 0x0001 #define KEYUSE_DECIPHER_ONLY 0x0001
#define EXTKEYUSE_ANY 0x08
#define EXTKEYUSE_OCSP_SIGN 0x04 #define EXTKEYUSE_OCSP_SIGN 0x04
#define EXTKEYUSE_CLIENT_AUTH 0x02 #define EXTKEYUSE_CLIENT_AUTH 0x02
#define EXTKEYUSE_SERVER_AUTH 0x01 #define EXTKEYUSE_SERVER_AUTH 0x01
#define EXTKEYUSE_ANY 0xFF
typedef struct DNS_entry DNS_entry; typedef struct DNS_entry DNS_entry;
@ -360,6 +360,9 @@ struct DecodedCert {
byte extSubjKeyIdCrit; byte extSubjKeyIdCrit;
byte extKeyUsageCrit; byte extKeyUsageCrit;
byte extExtKeyUsageCrit; byte extExtKeyUsageCrit;
byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount;
byte* extAuthKeyIdSrc; byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz; word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc; byte* extSubjKeyIdSrc;