Commit Graph

110 Commits

Author SHA1 Message Date
Paul Bakker
e5eae76bf0 Generalized the x509write_csr_set_key_usage() function and key_usage
storage
2013-08-26 17:37:18 +02:00
Manuel Pégourié-Gonnard
5151b45aa1 Minor comment fixes 2013-08-26 14:31:20 +02:00
Paul Bakker
ef0ba55a78 Removed old X509 write data from x509.h 2013-08-25 11:48:10 +02:00
Manuel Pégourié-Gonnard
ab2d9836b4 Fix some ifdef's in x509parse
While at it:
- move _rsa variants systematically after generic functions
- unsplit x509parse_key_pkcs8_encrypted_der() (reverts a5d9974)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
991d0f5aca Remove rsa member from x509_cert structure 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
674b2243eb Prepare transition from x509_cert.rsa to pk 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
788db112a5 Get rid of x509_cert.pkoid
Unused, comment did not match reality, and will soon be superseeded by the
'type' field of the pk_context which will replace rsa_context.
2013-07-17 15:59:39 +02:00
Manuel Pégourié-Gonnard
8838099330 Add x509parse_{,public}_key{,file}()
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
f838eeda09 Add x509_get_ecparams() 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234 Make oid_get_pk_alg handle EC algorithms 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
26833c2fc6 Add stubs for x509parse_key_ec and co. 2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker
407a0da160 Moved __cplusplus extern statement to include struct definitions as well. 2013-06-27 14:29:21 +02:00
Paul Bakker
28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
89ecb2d074 ssl_parse_certificate() now calls x509parse_crt_der() directly
(cherry picked from commit 1922a4e6aa)
2013-06-24 19:09:25 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
d5c2b542cc Indication of x509_get_numeric_string() deprecation 2013-04-07 22:34:26 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
9a73632fd9 - Merged changesets 1399 up to and including 1415 into 1.2 branch 2012-11-14 12:39:52 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker
bdb912db69 - Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker
314052fbfc - Removed extraneous "polarssl/" in front on include directives in header files 2011-08-15 09:07:52 +00:00
Paul Bakker
ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker
9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
917e754e9b - Added declaration of x509parse_public_key() and x509parse_public_keyfile() to
the x509 header file
2011-03-25 14:23:36 +00:00
Paul Bakker
400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
cdf07e9979 - Information about missing or non-verified client certificate is not provided as well. 2011-01-30 17:05:13 +00:00
Paul Bakker
f3b86c1e62 - Updated Doxygen documentation generation and documentation on small parts 2011-01-27 15:24:17 +00:00
Paul Bakker
0f5f72e949 - Fixed doxygen syntax to standard '\' instead of '@' 2011-01-18 14:58:55 +00:00
Paul Bakker
dd47699ba5 - Moved storing of a printable serial into a separate function 2011-01-16 21:34:59 +00:00
Paul Bakker
74111d30b7 - Improved X509 certificate parsing to include extended certificate fields, such as Key Usage 2011-01-15 16:57:55 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
1b57b06751 - Added reading of DHM context from memory and file 2011-01-06 15:48:19 +00:00
Paul Bakker
37ca75d6f2 - Added Doxygen source code documentation parts (donated by Fox-IT) 2011-01-06 12:28:03 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
27d661657b - Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion 2010-03-17 06:56:01 +00:00
Paul Bakker
ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d - Added support for GeneralizedTime in X509 certificates 2010-02-18 21:26:15 +00:00
Paul Bakker
3391b12ce3 - Fixed error codes. Negative when needed (SSL error codes). Non-negative if error-codes are OR'ed to other error codes (ASN1, Base64, MPI, DHM). The rest is negative by default. 2009-07-28 20:11:54 +00:00
Paul Bakker
77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker
13e2dfecaa - Cleaned up header documentation 2009-07-28 07:18:38 +00:00
Paul Bakker
b5bf176f4c - Major change: Errors are now positive numbers instead of negative.
Reason: You cannot OR negative values correctly
2009-07-19 20:28:35 +00:00
Paul Bakker
40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker
d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker
592457c0ad - Fixed documentation typos.. 2009-04-01 19:01:43 +00:00
Paul Bakker
785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker
e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker
40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker
8e831edc24 2009-01-03 21:24:11 +00:00
Paul Bakker
5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00