OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index db9283a..02e93d3 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -204,7 +204,7 @@
sha1( buf, (int)( p - 2 - buf ), hash );
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
0, hash, p ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 8babef2..1c917c1 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -196,7 +196,7 @@
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
0, hash, buf + n + 2 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index e77dc92..fadcfce 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -120,7 +120,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index ffc5de0..e5fce57 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -121,7 +121,7 @@
}
if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg,
- RSA_PRIVATE, SIG_RSA_SHA1,
+ RSA_PRIVATE, POLARSSL_MD_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 2edd70a..126ea4d 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -131,7 +131,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index ccac58d..b44daa0 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -124,7 +124,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index ec64e2c..20418ab 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -38,6 +38,7 @@
#include "polarssl/x509.h"
#include "polarssl/base64.h"
#include "polarssl/x509write.h"
+#include "polarssl/oid.h"
#define DFL_FILENAME "keyfile.key"
#define DFL_DEBUG_LEVEL 0
@@ -75,7 +76,7 @@
size_t len = 0, olen = 4096;
memset(output_buf, 0, 4096);
- ret = x509_write_cert_req( output_buf, 4096, rsa, req_name, SIG_RSA_SHA1 );
+ ret = x509_write_cert_req( output_buf, 4096, rsa, req_name, POLARSSL_MD_SHA1 );
if( ret < 0 )
return;
@@ -201,19 +202,19 @@
if( in_tag && *c == '=' )
{
if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
- oid = OID_CN;
+ oid = OID_AT_CN;
else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
- oid = OID_COUNTRY;
+ oid = OID_AT_COUNTRY;
else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
- oid = OID_ORGANIZATION;
+ oid = OID_AT_ORGANIZATION;
else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
- oid = OID_LOCALITY;
+ oid = OID_AT_LOCALITY;
else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
oid = OID_PKCS9_EMAIL;
else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
- oid = OID_ORG_UNIT;
+ oid = OID_AT_ORG_UNIT;
else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
- oid = OID_STATE;
+ oid = OID_AT_STATE;
else
{
printf("Failed to parse subject name.\n");