feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska
2014-03-21 14:50:52 -07:00
parent 9fe9276236 e19e2a801d
commit 8889e17489
3 changed files with 75 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
ctaocrypt/src/asn.c
View File

@ -1282,6 +1282,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthKeyIdSet = 0;
cert->extKeyUsageSet = 0;
cert->extKeyUsage = 0;
cert->extExtKeyUsageSet = 0;
cert->extExtKeyUsage = 0;
cert->isCA = 0;
#ifdef HAVE_PKCS7
cert->issuerRaw = NULL;
@ -1319,6 +1321,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthKeyIdCrit = 0;
cert->extSubjKeyIdCrit = 0;
cert->extKeyUsageCrit = 0;
cert->extExtKeyUsageCrit = 0;
cert->extExtKeyUsageSrc = NULL;
cert->extExtKeyUsageSz = 0;
cert->extExtKeyUsageCount = 0;
cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL;
@ -3247,6 +3253,51 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
}
static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
{
word32 idx = 0, oid;
int length;
CYASSL_ENTER("DecodeExtKeyUsage");
if (GetSequence(input, &idx, &length, sz) < 0) {
CYASSL_MSG("\tfail: should be a SEQUENCE\n");
return ASN_PARSE_E;
}
#ifdef OPENSSL_EXTRA
cert->extExtKeyUsageSrc = input + idx;
cert->extExtKeyUsageSz = length;
#endif
while (idx < (word32)sz) {
if (GetObjectId(input, &idx, &oid, sz) < 0)
return ASN_PARSE_E;
switch (oid) {
case EKU_ANY_OID:
cert->extExtKeyUsage |= EXTKEYUSE_ANY;
break;
case EKU_SERVER_AUTH_OID:
cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
break;
case EKU_CLIENT_AUTH_OID:
cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
break;
case EKU_OCSP_SIGN_OID:
cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
break;
}
#ifdef OPENSSL_EXTRA
cert->extExtKeyUsageCount++;
#endif
}
return 0;
}
#ifdef CYASSL_SEP
static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert)
{
@ -3425,7 +3476,12 @@ static int DecodeCertExtensions(DecodedCert* cert)
break;
case EXT_KEY_USAGE_OID:
CYASSL_MSG("Extended Key Usage extension not supported yet.");
cert->extExtKeyUsageSet = 1;
#ifdef OPENSSL_EXTRA
cert->extExtKeyUsageCrit = critical;
#endif
if (DecodeExtKeyUsage(&input[idx], length, cert) < 0)
return ASN_PARSE_E;
break;
case INHIBIT_ANY_OID:

17
cyassl/ctaocrypt/asn.h
View File

@ -234,6 +234,13 @@ enum AuthInfo_Sum {
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
};
enum ExtKeyUsage_Sum { /* From RFC 5280 */
EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
};
enum VerifyType {
NO_VERIFY = 0,
@ -252,6 +259,10 @@ enum VerifyType {
#define KEYUSE_ENCIPHER_ONLY 0x0002
#define KEYUSE_DECIPHER_ONLY 0x0001
#define EXTKEYUSE_ANY 0x08
#define EXTKEYUSE_OCSP_SIGN 0x04
#define EXTKEYUSE_CLIENT_AUTH 0x02
#define EXTKEYUSE_SERVER_AUTH 0x01
typedef struct DNS_entry DNS_entry;
@ -336,6 +347,8 @@ struct DecodedCert {
byte isCA; /* CA basic constraint true */
byte extKeyUsageSet;
word16 extKeyUsage; /* Key usage bitfield */
byte extExtKeyUsageSet; /* Extended Key Usage */
byte extExtKeyUsage; /* Extended Key usage bitfield */
#ifdef OPENSSL_EXTRA
byte extBasicConstSet;
byte extBasicConstCrit;
@ -346,6 +359,10 @@ struct DecodedCert {
byte extAuthKeyIdCrit;
byte extSubjKeyIdCrit;
byte extKeyUsageCrit;
byte extExtKeyUsageCrit;
byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount;
byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc;

2
sslSniffer/sslSnifferTest/snifftest.c
View File

@ -273,7 +273,7 @@ int main(int argc, char** argv)
packetNumber++;
if (packet) {
byte data[65535];
byte data[65535+16384]; /* may have a partial 16k record cached */
if (header.caplen > 40) { /* min ip(20) + min tcp(20) */
packet += frame;