Merge branch 'master' of github.com:cyassl/cyassl

2014-03-21 14:50:52 -07:00
parent 9fe9276236 e19e2a801d
commit 8889e17489
3 changed files with 75 additions and 2 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@ -1282,6 +1282,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
    cert->extAuthKeyIdSet = 0;
    cert->extKeyUsageSet  = 0;
    cert->extKeyUsage     = 0;
    cert->extExtKeyUsageSet = 0;
    cert->extExtKeyUsage    = 0;
    cert->isCA            = 0;
 #ifdef HAVE_PKCS7
    cert->issuerRaw       = NULL;
@ -1319,6 +1321,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
    cert->extAuthKeyIdCrit = 0;
    cert->extSubjKeyIdCrit = 0;
    cert->extKeyUsageCrit = 0;
    cert->extExtKeyUsageCrit = 0;
    cert->extExtKeyUsageSrc = NULL;
    cert->extExtKeyUsageSz = 0;
    cert->extExtKeyUsageCount = 0;
    cert->extAuthKeyIdSrc = NULL;
    cert->extAuthKeyIdSz = 0;
    cert->extSubjKeyIdSrc = NULL;
@ -3247,6 +3253,51 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
 }
 static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
 {
    word32 idx = 0, oid;
    int length;
    CYASSL_ENTER("DecodeExtKeyUsage");
    if (GetSequence(input, &idx, &length, sz) < 0) {
        CYASSL_MSG("\tfail: should be a SEQUENCE\n");
        return ASN_PARSE_E;
    }
    #ifdef OPENSSL_EXTRA
        cert->extExtKeyUsageSrc = input + idx;
        cert->extExtKeyUsageSz = length;
    #endif
    while (idx < (word32)sz) {
        if (GetObjectId(input, &idx, &oid, sz) < 0)
            return ASN_PARSE_E;
        switch (oid) {
            case EKU_ANY_OID:
                cert->extExtKeyUsage |= EXTKEYUSE_ANY;
                break;
            case EKU_SERVER_AUTH_OID:
                cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
                break;
            case EKU_CLIENT_AUTH_OID:
                cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
                break;
            case EKU_OCSP_SIGN_OID:
                cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
                break;
        }
        #ifdef OPENSSL_EXTRA
            cert->extExtKeyUsageCount++;
        #endif
    }
    return 0;
 }
 #ifdef CYASSL_SEP
    static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert)
    {
@ -3425,7 +3476,12 @@ static int DecodeCertExtensions(DecodedCert* cert)
                break;
            case EXT_KEY_USAGE_OID:
-                CYASSL_MSG("Extended Key Usage extension not supported yet.");
+                cert->extExtKeyUsageSet = 1;
                #ifdef OPENSSL_EXTRA
                    cert->extExtKeyUsageCrit = critical;
                #endif
                if (DecodeExtKeyUsage(&input[idx], length, cert) < 0)
                    return ASN_PARSE_E;
                break;
            case INHIBIT_ANY_OID:
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@ -234,6 +234,13 @@ enum AuthInfo_Sum {
    AIA_CA_ISSUER_OID = 117  /* 1.3.6.1.5.5.7.48.2 */
 };
 enum ExtKeyUsage_Sum { /* From RFC 5280 */
    EKU_ANY_OID         = 151, /* 2.5.29.37.0, anyExtendedKeyUsage         */
    EKU_SERVER_AUTH_OID = 71,  /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth      */
    EKU_CLIENT_AUTH_OID = 72,  /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth      */
    EKU_OCSP_SIGN_OID   = 79,  /* 1.3.6.1.5.5.7.3.9, OCSPSigning           */
 };
 enum VerifyType {
    NO_VERIFY = 0,
@ -252,6 +259,10 @@ enum VerifyType {
 #define KEYUSE_ENCIPHER_ONLY  0x0002
 #define KEYUSE_DECIPHER_ONLY  0x0001
 #define EXTKEYUSE_ANY         0x08
 #define EXTKEYUSE_OCSP_SIGN   0x04
 #define EXTKEYUSE_CLIENT_AUTH 0x02
 #define EXTKEYUSE_SERVER_AUTH 0x01
 typedef struct DNS_entry   DNS_entry;
@ -336,6 +347,8 @@ struct DecodedCert {
    byte    isCA;                    /* CA basic constraint true         */
    byte    extKeyUsageSet;
    word16  extKeyUsage;             /* Key usage bitfield               */
    byte    extExtKeyUsageSet;       /* Extended Key Usage               */
    byte    extExtKeyUsage;          /* Extended Key usage bitfield      */
 #ifdef OPENSSL_EXTRA
    byte    extBasicConstSet;
    byte    extBasicConstCrit;
@ -346,6 +359,10 @@ struct DecodedCert {
    byte    extAuthKeyIdCrit;
    byte    extSubjKeyIdCrit;
    byte    extKeyUsageCrit;
    byte    extExtKeyUsageCrit;
    byte*   extExtKeyUsageSrc;
    word32  extExtKeyUsageSz;
    word32  extExtKeyUsageCount;
    byte*   extAuthKeyIdSrc;
    word32  extAuthKeyIdSz;
    byte*   extSubjKeyIdSrc;
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@ -273,7 +273,7 @@ int main(int argc, char** argv)
        packetNumber++;
        if (packet) {
-            byte data[65535];
+            byte data[65535+16384];  /* may have a partial 16k record cached */
            if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
 				packet        += frame;