Remove redundant sig_oid2 in x509 structures
diff --git a/ChangeLog b/ChangeLog
index 948e4aa..1d7b95a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,11 +10,8 @@
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
* Test certificates in certs.c are no longer guaranteed to be nul-terminated
strings; use the new *_len variables instead of strlen().
- * md_init_ctx() is deprecated in favour of md_setup(), that adds a third
- argument (allowing memory savings if HMAC is not used)
* Removed individual mdX_hmac and shaX_hmac functions (use generic
md_hmac functions from md.h)
- * Change md_info_t into an opaque structure (use md_get_xxx() accessors).
* Some constness fixes
* Signature of mpi_mul_mpi() changed to make the last argument unsigned
* Remove the PBKDF2 module (use PKCS5).
@@ -27,8 +24,16 @@
* net_connect() and net_bind() have a new 'proto' argument to choose
between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
* ssl_set_bio() now requires that p_send == p_recv.
+
+New deprecations
+ * md_init_ctx() is deprecated in favour of md_setup(), that adds a third
+ argument (allowing memory savings if HMAC is not used)
* ssl_set_bio() is deprecated in favor of ssl_set_bio_timeout().
+Semi-API changes (technically public, morally private)
+ * Change md_info_t into an opaque structure (use md_get_xxx() accessors).
+ * Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
+
Changes
* Support for receiving SSLv2 ClientHello is now disabled by default at
compile time.
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 6f4b65d..28507a5 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -73,7 +73,7 @@
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< CRL version (1=v1, 2=v2) */
- x509_buf sig_oid1;
+ x509_buf sig_oid; /**< CRL signature type identifier */
x509_buf issuer_raw; /**< The raw issuer data (DER). */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index fe1d97f..4da8f84 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -57,7 +57,7 @@
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
+ x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
@@ -85,7 +85,6 @@
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
- x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
diff --git a/library/x509_crl.c b/library/x509_crl.c
index afba7b2..7d1693b 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -260,7 +260,7 @@
int ret;
size_t len;
unsigned char *p, *end;
- x509_buf sig_params1, sig_params2;
+ x509_buf sig_params1, sig_params2, sig_oid2;
x509_crl *crl = chain;
/*
@@ -271,6 +271,7 @@
memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
+ memset( &sig_oid2, 0, sizeof( x509_buf ) );
/*
* Add new CRL on the end of the chain if needed.
@@ -347,7 +348,7 @@
* signature AlgorithmIdentifier
*/
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
+ ( ret = x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
@@ -361,7 +362,7 @@
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
- if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
+ if( ( ret = x509_get_sig_alg( &crl->sig_oid, &sig_params1,
&crl->sig_md, &crl->sig_pk,
&crl->sig_opts ) ) != 0 )
{
@@ -453,14 +454,14 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
+ if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
}
- if( crl->sig_oid1.len != crl->sig_oid2.len ||
- memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
+ if( crl->sig_oid.len != sig_oid2.len ||
+ memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
{
@@ -683,7 +684,7 @@
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
- ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
+ ret = x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
crl->sig_opts );
SAFE_SNPRINTF();
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 013f070..03e6488 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -541,10 +541,11 @@
int ret;
size_t len;
unsigned char *p, *end, *crt_end;
- x509_buf sig_params1, sig_params2;
+ x509_buf sig_params1, sig_params2, sig_oid2;
memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
+ memset( &sig_oid2, 0, sizeof( x509_buf ) );
/*
* Check for valid input
@@ -553,7 +554,6 @@
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
p = polarssl_malloc( len = buflen );
-
if( p == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
@@ -608,7 +608,7 @@
*/
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crt->sig_oid1,
+ ( ret = x509_get_alg( &p, end, &crt->sig_oid,
&sig_params1 ) ) != 0 )
{
x509_crt_free( crt );
@@ -623,7 +623,7 @@
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
- if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1,
+ if( ( ret = x509_get_sig_alg( &crt->sig_oid, &sig_params1,
&crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 )
{
@@ -749,14 +749,14 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params2 ) ) != 0 )
+ if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
}
- if( crt->sig_oid1.len != crt->sig_oid2.len ||
- memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
+ if( crt->sig_oid.len != sig_oid2.len ||
+ memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
{
@@ -1304,7 +1304,7 @@
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
- ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk,
+ ret = x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
crt->sig_md, crt->sig_opts );
SAFE_SNPRINTF();