commit 4593aeadaf1d861fbea4d21619e72e0321521da7
author Paul Bakker <p.j.bakker@polarssl.org> Mon Feb 09 22:32:35 2009 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Feb 09 22:32:35 2009 +0000
tree edc17f133c6fa9e597f5797a319d64a789b64bbc
parent b29e23c5868ad5174f5301275d510182bb87a839

 - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
   use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 83e5247..dcb8ea9 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -795,7 +795,8 @@
     }
 
     if( crt->sig_oid1.p[8] < 2 ||
-        crt->sig_oid1.p[8] > 5 )
+        ( crt->sig_oid1.p[8] > 5 && crt->sig_oid1.p[8] < 11 ) ||
+	crt->sig_oid1.p[8] > 14 )
     {
           x509_free( crt );
         return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
@@ -1441,10 +1442,14 @@
 
     switch( crt->sig_oid1.p[8] )
     {
-        case RSA_MD2 : p += snprintf( p, end - p, "MD2"  ); break;
-        case RSA_MD4 : p += snprintf( p, end - p, "MD4"  ); break;
-        case RSA_MD5 : p += snprintf( p, end - p, "MD5"  ); break;
-        case RSA_SHA1: p += snprintf( p, end - p, "SHA1" ); break;
+        case SIG_RSA_MD2    : p += snprintf( p, end - p, "MD2"    ); break;
+        case SIG_RSA_MD4    : p += snprintf( p, end - p, "MD4"    ); break;
+        case SIG_RSA_MD5    : p += snprintf( p, end - p, "MD5"    ); break;
+        case SIG_RSA_SHA1   : p += snprintf( p, end - p, "SHA1"   ); break;
+        case SIG_RSA_SHA224 : p += snprintf( p, end - p, "SHA224" ); break;
+        case SIG_RSA_SHA256 : p += snprintf( p, end - p, "SHA256" ); break;
+        case SIG_RSA_SHA384 : p += snprintf( p, end - p, "SHA384" ); break;
+        case SIG_RSA_SHA512 : p += snprintf( p, end - p, "SHA512" ); break;
         default: p += snprintf( p, end - p, "???"  ); break;
     }
 
@@ -1486,13 +1491,21 @@
     switch( alg )
     {
 #if defined(POLARSSL_MD2_C)
-        case RSA_MD2  :  md2( in, len, out ); break;
+        case SIG_RSA_MD2    :  md2( in, len, out ); break;
 #endif
 #if defined(POLARSSL_MD4_C)
-        case RSA_MD4  :  md4( in, len, out ); break;
+        case SIG_RSA_MD4    :  md4( in, len, out ); break;
 #endif
-        case RSA_MD5  :  md5( in, len, out ); break;
-        case RSA_SHA1 : sha1( in, len, out ); break;
+        case SIG_RSA_MD5    :  md5( in, len, out ); break;
+        case SIG_RSA_SHA1   : sha1( in, len, out ); break;
+#if defined(POLARSSL_SHA2_C)
+        case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
+        case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
+#endif
+#if defined(POLARSSL_SHA2_C)
+        case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
+        case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
+#endif
         default:
             memset( out, '\xFF', len );
             break;
@@ -1511,7 +1524,7 @@
     int pathlen;
     x509_cert *cur;
     x509_name *name;
-    unsigned char hash[20];
+    unsigned char hash[64];
 
     *flags = x509parse_expired( crt );