Ext Key Usage

1. Store reference to raw EKU OIDs in the DecodedCert. 2. Fixed usage of the anyEKU.
2014-03-21 09:37:10 -07:00 · 2014-03-21 09:37:10 -07:00 · e19e2a801d
commit e19e2a801d
parent 08ae775406
2 changed files with 18 additions and 2 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@ -1321,6 +1321,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
    cert->extAuthKeyIdCrit = 0;
    cert->extSubjKeyIdCrit = 0;
    cert->extKeyUsageCrit = 0;
+    cert->extExtKeyUsageCrit = 0;
+    cert->extExtKeyUsageSrc = NULL;
+    cert->extExtKeyUsageSz = 0;
+    cert->extExtKeyUsageCount = 0;
    cert->extAuthKeyIdSrc = NULL;
    cert->extAuthKeyIdSz = 0;
    cert->extSubjKeyIdSrc = NULL;
@ -3261,13 +3265,18 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
        return ASN_PARSE_E;
    }

+    #ifdef OPENSSL_EXTRA
+        cert->extExtKeyUsageSrc = input + idx;
+        cert->extExtKeyUsageSz = length;
+    #endif
+
    while (idx < (word32)sz) {
        if (GetObjectId(input, &idx, &oid, sz) < 0)
            return ASN_PARSE_E;

        switch (oid) {
            case EKU_ANY_OID:
-                cert->extExtKeyUsage = EXTKEYUSE_ANY;
+                cert->extExtKeyUsage |= EXTKEYUSE_ANY;
                break;
            case EKU_SERVER_AUTH_OID:
                cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
@ -3279,6 +3288,10 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
                cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
                break;
        }
+
+        #ifdef OPENSSL_EXTRA
+            cert->extExtKeyUsageCount++;
+        #endif
    }

    return 0;
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@ -259,10 +259,10 @@ enum VerifyType {
 #define KEYUSE_ENCIPHER_ONLY  0x0002
 #define KEYUSE_DECIPHER_ONLY  0x0001

+#define EXTKEYUSE_ANY         0x08
 #define EXTKEYUSE_OCSP_SIGN   0x04
 #define EXTKEYUSE_CLIENT_AUTH 0x02
 #define EXTKEYUSE_SERVER_AUTH 0x01
-#define EXTKEYUSE_ANY         0xFF

 typedef struct DNS_entry   DNS_entry;

@ -360,6 +360,9 @@ struct DecodedCert {
    byte    extSubjKeyIdCrit;
    byte    extKeyUsageCrit;
    byte    extExtKeyUsageCrit;
+    byte*   extExtKeyUsageSrc;
+    word32  extExtKeyUsageSz;
+    word32  extExtKeyUsageCount;
    byte*   extAuthKeyIdSrc;
    word32  extAuthKeyIdSz;
    byte*   extSubjKeyIdSrc;