OID functionality moved to a separate module.

A new OID module has been created that contains the main OID searching functionality based on type-dependent arrays. A base type is used to contain the basic values (oid_descriptor_t) and that type is extended to contain type specific information (like a pk_alg_t). As a result the rsa sign and verify function prototypes have changed. They now expect a md_type_t identifier instead of the removed RSA_SIG_XXX defines. All OID definitions have been moved to oid.h All OID matching code is in the OID module. The RSA PKCS#1 functions cleaned up as a result and adapted to use the MD layer. The SSL layer cleanup up as a result and adapted to use the MD layer. The X509 parser cleaned up and matches OIDs in certificates with new module and adapted to use the MD layer. The X509 writer cleaned up and adapted to use the MD layer. Apps and tests modified accordingly
2025-07-28 00:21:48 +03:00 · 2013-04-07 22:00:46 +02:00
parent 37de6bec16
commit c70b982056
34 changed files with 1521 additions and 1328 deletions
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@ -204,7 +204,7 @@ int main( int argc, char *argv[] )

    sha1( buf, (int)( p - 2 - buf ), hash );

-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
                                  0, hash, p ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@ -196,7 +196,7 @@ int main( int argc, char *argv[] )
    buf[n    ] = (unsigned char)( rsa.len >> 8 );
    buf[n + 1] = (unsigned char)( rsa.len      );

-    if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
                                0, hash, buf + n + 2 ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_sign returned %d\n\n", ret );
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@ -120,7 +120,7 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1,
                                20, hash, buf ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@ -121,7 +121,7 @@ int main( int argc, char *argv[] )
    }

    if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg,
-                                RSA_PRIVATE, SIG_RSA_SHA1,
+                                RSA_PRIVATE, POLARSSL_MD_SHA1,
                                20, hash, buf ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_sign returned %d\n\n", ret );
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@ -131,7 +131,7 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
                                  20, hash, buf ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
                                  20, hash, buf ) ) != 0 )
    {
        printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@ -38,6 +38,7 @@
 #include "polarssl/x509.h"
 #include "polarssl/base64.h"
 #include "polarssl/x509write.h"
+#include "polarssl/oid.h"

 #define DFL_FILENAME            "keyfile.key"
 #define DFL_DEBUG_LEVEL         0
@ -75,7 +76,7 @@ void write_certificate_request( rsa_context *rsa, x509_req_name *req_name,
    size_t len = 0, olen = 4096;

    memset(output_buf, 0, 4096);
-    ret = x509_write_cert_req( output_buf, 4096, rsa, req_name, SIG_RSA_SHA1 );
+    ret = x509_write_cert_req( output_buf, 4096, rsa, req_name, POLARSSL_MD_SHA1 );

    if( ret < 0 )
        return;
@ -201,19 +202,19 @@ int main( int argc, char *argv[] )
        if( in_tag && *c == '=' )
        {
            if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
-                oid = OID_CN;
+                oid = OID_AT_CN;
            else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
-                oid = OID_COUNTRY;
+                oid = OID_AT_COUNTRY;
            else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
-                oid = OID_ORGANIZATION;
+                oid = OID_AT_ORGANIZATION;
            else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
-                oid = OID_LOCALITY;
+                oid = OID_AT_LOCALITY;
            else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
                oid = OID_PKCS9_EMAIL;
            else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
-                oid = OID_ORG_UNIT;
+                oid = OID_AT_ORG_UNIT;
            else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
-                oid = OID_STATE;
+                oid = OID_AT_STATE;
            else
            {
                printf("Failed to parse subject name.\n");