Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c70b982056 
							
						 
					 
					
						
						
							
							OID functionality moved to a separate module.  
						
						... 
						
						
						
						A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly 
						
						
					 
					
						2013-04-07 22:00:46 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2ca8ad10a1 
							
						 
					 
					
						
						
							
							Made x509parse.c also work with missing hash header files  
						
						
						
						
					 
					
						2013-02-19 13:17:38 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3497d8c7bf 
							
						 
					 
					
						
						
							
							Do not check sig on trust-ca (might not be top)  
						
						
						
						
					 
					
						2012-11-24 11:53:17 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9a73632fd9 
							
						 
					 
					
						
						
							
							- Merged changesets 1399 up to and including 1415 into 1.2 branch  
						
						
						
						
					 
					
						2012-11-14 12:39:52 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							97872aceb6 
							
						 
					 
					
						
						
							
							- Merged 1397 in branch for 1.2  
						
						
						
						
					 
					
						2012-11-02 12:53:26 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							4a2bd0da0f 
							
						 
					 
					
						
						
							
							- Merged fixes 1394 and 1395 from trunk to PolarSSL 1.2 branch  
						
						
						
						
					 
					
						2012-11-02 11:06:08 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3338b792da 
							
						 
					 
					
						
						
							
							- Fixed WIN32 version of x509parse_crtpath()  
						
						
						
						
					 
					
						2012-10-01 21:13:10 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5c2364c2ba 
							
						 
					 
					
						
						
							
							- Moved from unsigned long to uint32_t throughout code  
						
						
						
						
					 
					
						2012-10-01 14:41:15 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							915275ba78 
							
						 
					 
					
						
						
							
							- Revamped x509_verify() and the SSL f_vrfy callback implementations  
						
						
						
						
					 
					
						2012-09-28 07:10:55 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b00ca42f2a 
							
						 
					 
					
						
						
							
							- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob  
						
						
						
						
					 
					
						2012-09-25 12:10:00 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							94a6796179 
							
						 
					 
					
						
						
							
							- Correctly handle MS certificate's key usage bits  
						
						
						
						
					 
					
						2012-08-23 13:03:52 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							535e97dbab 
							
						 
					 
					
						
						
							
							- Better checking for reading over buffer boundaries  
						
						... 
						
						
						
						- Zeroize altSubjectName chain memory before use 
						
						
					 
					
						2012-08-23 10:49:55 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							cefb396a77 
							
						 
					 
					
						
						
							
							- Handle empty certificate subject names  
						
						
						
						
					 
					
						2012-06-27 11:51:09 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							e4791f3936 
							
						 
					 
					
						
						
							
							- Bugfix for Windows in cert path handling  
						
						
						
						
					 
					
						2012-06-04 21:29:15 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							8d914583f3 
							
						 
					 
					
						
						
							
							- Added X509 CA Path support  
						
						
						
						
					 
					
						2012-06-04 12:46:42 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							4d2c1243b1 
							
						 
					 
					
						
						
							
							- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.  
						
						
						
						
					 
					
						2012-05-10 14:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							430ffbe564 
							
						 
					 
					
						
						
							
							-  Fixed potential heap corruption in x509_name allocation  
						
						
						
						
					 
					
						2012-05-01 08:14:20 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ad8d354a1a 
							
						 
					 
					
						
						
							
							- Updated RFC ref  
						
						
						
						
					 
					
						2012-02-16 15:28:14 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							8afa70dcd5 
							
						 
					 
					
						
						
							
							- Clean Subject Alternative Name data  
						
						
						
						
					 
					
						2012-02-11 18:42:45 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							57b12982b3 
							
						 
					 
					
						
						
							
							- Multi-domain certificates support wildcards as well  
						
						
						
						
					 
					
						2012-02-11 17:38:38 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a8cd239d6b 
							
						 
					 
					
						
						
							
							- Added support for wildcard certificates  
						
						... 
						
						
						
						- Added support for multi-domain certificates through the X509 Subject Alternative Name extension 
						
						
					 
					
						2012-02-11 16:09:32 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b15b851d6d 
							
						 
					 
					
						
						
							
							- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket  #47 , found by Hugo Leisink)  
						
						
						
						
					 
					
						2012-01-13 13:44:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							69e095cc15 
							
						 
					 
					
						
						
							
							- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.  
						
						... 
						
						
						
						- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly 
						
						
					 
					
						2011-12-10 21:55:01 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9304880e8a 
							
						 
					 
					
						
						
							
							- Fixed correct printing of serial number '00'  
						
						
						
						
					 
					
						2011-12-05 14:38:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c8ffbe7706 
							
						 
					 
					
						
						
							
							- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs  
						
						
						
						
					 
					
						2011-12-05 14:22:49 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							4f229e5d83 
							
						 
					 
					
						
						
							
							- Fixed define for Windows time functions  
						
						
						
						
					 
					
						2011-12-04 22:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6c0ceb3f9a 
							
						 
					 
					
						
						
							
							-  Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error  
						
						
						
						
					 
					
						2011-12-04 12:24:18 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							03c7c25243 
							
						 
					 
					
						
						
							
							- * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets  
						
						
						
						
					 
					
						2011-11-25 12:37:37 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							cce9d77745 
							
						 
					 
					
						
						
							
							- Lots of minimal changes to better support WINCE as a build target  
						
						
						
						
					 
					
						2011-11-18 14:26:47 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							cebdf17159 
							
						 
					 
					
						
						
							
							- Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket  #38 )  
						
						
						
						
					 
					
						2011-11-11 15:01:31 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							efc302964c 
							
						 
					 
					
						
						
							
							- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.  
						
						
						
						
					 
					
						2011-11-10 14:43:23 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2a1c5f5382 
							
						 
					 
					
						
						
							
							- Minor code cleanup  
						
						
						
						
					 
					
						2011-10-19 14:15:17 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fae618fa8b 
							
						 
					 
					
						
						
							
							- Updated tests to reflect recent changes  
						
						
						
						
					 
					
						2011-10-12 11:53:52 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b5a11ab80b 
							
						 
					 
					
						
						
							
							- Added a separate CRL entry extension parsing function  
						
						
						
						
					 
					
						2011-10-12 09:58:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fbc09f3cb6 
							
						 
					 
					
						
						
							
							- Added an EXPLICIT tag number parameter to x509_get_ext()  
						
						
						
						
					 
					
						2011-10-12 09:56:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3329d1f805 
							
						 
					 
					
						
						
							
							- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers  
						
						
						
						
					 
					
						2011-10-12 09:55:01 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							c4909d95f1 
							
						 
					 
					
						
						
							
							- Inceased maximum size of ASN1 length reads to 32-bits  
						
						
						
						
					 
					
						2011-10-12 09:52:22 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5c721f98fd 
							
						 
					 
					
						
						
							
							- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL  
						
						... 
						
						
						
						- Minor Fix in ASN.1 comments of PrivateKeyInfo 
						
						
					 
					
						2011-07-27 16:51:09 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							ed56b224de 
							
						 
					 
					
						
						
							
							- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket  #20 )  
						
						
						
						
					 
					
						2011-07-13 11:26:43 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							684ddce18c 
							
						 
					 
					
						
						
							
							- Minor fixer to remove compiler warnings for ARMCC  
						
						
						
						
					 
					
						2011-07-01 09:25:54 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							27fdf46d16 
							
						 
					 
					
						
						
							
							- Removed deprecated casts to int for now unsigned values  
						
						
						
						
					 
					
						2011-06-09 13:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							5690efccc4 
							
						 
					 
					
						
						
							
							- Fixed a whole bunch of dependencies on defines between files, examples and tests  
						
						
						
						
					 
					
						2011-05-26 13:16:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9d781407bc 
							
						 
					 
					
						
						
							
							- A error_strerror function() has been added to translate between error codes and their description.  
						
						... 
						
						
						
						- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers. 
						
						
					 
					
						2011-05-09 16:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							335db3f121 
							
						 
					 
					
						
						
							
							- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO  
						
						
						
						
					 
					
						2011-04-25 15:28:35 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							f4f6968a86 
							
						 
					 
					
						
						
							
							- Improved compile-time compatibility with mingw32 64-bit versions  
						
						
						
						
					 
					
						2011-04-24 16:08:12 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							23986e5d5d 
							
						 
					 
					
						
						
							
							- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops  
						
						
						
						
					 
					
						2011-04-24 08:57:21 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							eaa89f8366 
							
						 
					 
					
						
						
							
							- Do not depend on dhm code if POLARSSL_DHM_C not defined  
						
						
						
						
					 
					
						2011-04-04 21:36:15 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							66b78b2d16 
							
						 
					 
					
						
						
							
							- Added missing rsa_init() call in x509parse_self_test()  
						
						
						
						
					 
					
						2011-03-25 14:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							53019ae6f7 
							
						 
					 
					
						
						
							
							- RSASSA-PSS verification now properly handles salt lengths other than hlen  
						
						
						
						
					 
					
						2011-03-25 13:58:48 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							400ff6f0fd 
							
						 
					 
					
						
						
							
							- Corrected parsing of UTCTime dates before 1990 and after 1950  
						
						... 
						
						
						
						- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates 
						
						
					 
					
						2011-02-20 10:40:16 +00:00