Chris Conlon
7e5287e578
update NTRU support, with help from thesourcerer8
2014-06-05 14:42:15 -06:00
Moisés Guimarães
263d3439d9
DecodedCert:
...
* add structure fields to persist encoding format of subject parts;
* set default encoding formats at InitDecodedCert;
* retrieve encoding format from buffer at GetName;
* copy encoding format from DecodedCert to CertName at SetNameFromCert.
2014-05-23 15:48:50 -03:00
John Safranek
70dee7e190
Added the directoryName comparison to the name constraint checks.
2014-04-28 13:29:44 -07:00
John Safranek
618d282d94
Decodes the Name Constraints certificate extension on the CA cert
...
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Chris Conlon
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
John Safranek
e79ce42ef4
Added checking of the key usage and extended key usage extensions in the
...
certificates.
2014-04-10 16:50:14 -07:00
John Safranek
e19e2a801d
Ext Key Usage
...
1. Store reference to raw EKU OIDs in the DecodedCert.
2. Fixed usage of the anyEKU.
2014-03-21 09:37:10 -07:00
John Safranek
1e041abf04
decode Extended Key Usage extension
2014-03-20 10:07:47 -07:00
John Safranek
bcd7f03495
X.509
...
1. Added stubs for the Extended Key Usage and Inhibit anyPolicy
extensions.
2. Key Usage extension is decoded normally.
3. Certificate Policy extension is noted normally.
2014-03-14 15:48:33 -07:00
John Safranek
f669e73c8d
Merge branch 'master' of github.com:cyassl/cyassl
2014-02-03 14:49:38 -08:00
John Safranek
2758f40a09
For OCSP, when decoding X.509 Auth Info Access record, find the first
...
OCSP responder, rather than only looking at the first item.
2014-02-03 14:39:41 -08:00
toddouska
c14bc1a45c
fix ecc w/o openssl extra
2014-02-01 11:37:08 -08:00
John Safranek
264ce75041
1. Split SetTagged into SetExplicit and SetImplicit.
...
2. Updated code using SetTagged to use new functions.
2014-01-16 16:17:17 -08:00
John Safranek
85c5c29e7a
Merge branch 'master' of github.com:cyassl/cyassl
...
Conflicts:
ctaocrypt/test/test.c
cyassl/ctaocrypt/pkcs7.h
2014-01-15 13:23:26 -08:00
John Safranek
c33a8a890e
Added encoding PKCS#7 signed data messages.
2014-01-15 12:31:51 -08:00
Chris Conlon
d63c58864f
expose more ASN.1 helper functions with CYASSL_LOCAL
2014-01-14 22:48:55 -07:00
Chris Conlon
71e13a3c3a
expose ASN.1 helper fns, add blkType
2014-01-10 16:13:56 -07:00
John Safranek
f9e73a8aeb
Added setting the cert req challenge password.
2014-01-09 14:17:55 -08:00
John Safranek
f545a33e77
Cert Req
...
1. Added support for the cert req attributes.
2. Added setting the Basic Constraints extenstion request.
3. Added error checking for the cert req attribs.
2014-01-08 16:26:42 -08:00
John Safranek
4377996d87
Saved original SKID and AKID from certificate for later use with X.509 functions.
2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6
Save more decoded data from certificate for later use with X.509 functions.
2013-11-19 14:44:55 -08:00
toddouska
d91e8ab38e
add cert gen for ecc certs
2013-11-14 20:34:39 -08:00
toddouska
a7bcca84c3
add ecdsa cert signing
2013-11-14 15:00:22 -08:00
John Safranek
913e200cd0
X.509 Additions:
...
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
John Safranek
e564b614bf
Decode the serialNumber field in the X.509 names
2013-09-15 22:10:58 -07:00
toddouska
e98f5f95c2
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
John Safranek
43f320d5e2
SEP Extensions
...
1. Added configure option to enable SEP extensions.
2. Enabled KEEP_PEER_CERT for the SEP configuration.
3. Copy the Certificate Policy extension into the cert as the
device type.
4. Copy an other type Alt Name extension into the cert as the
hwType and hwSerialNumber, if the alt name has a
hardwareModuleName OID.
2013-07-09 13:23:56 -07:00
toddouska
a0c630b4ee
add cert cache persistence
2013-05-02 11:34:26 -07:00
John Safranek
d2d25b9b83
refine the SKID/AKID support
2013-04-29 17:09:15 -07:00
John Safranek
87048698e5
use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes.
2013-04-29 12:08:16 -07:00
toddouska
05dd84598b
turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11
2013-04-25 15:36:33 -07:00
toddouska
9dbf6a5e10
fix Signer hash size w/o SHA, fix GetCA caList b4 lock
2013-04-25 14:47:09 -07:00
John Safranek
c27ebe546d
find the subject id and authority subject id extentions when decoding a certificate
2013-04-24 10:37:11 -07:00
toddouska
85b3346bbf
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
toddouska
44e0d7543c
change copyright name with name change
2013-02-05 12:44:17 -08:00
toddouska
f4f13371f9
update copyright date
2013-02-04 14:51:41 -08:00
John Safranek
4e657debfc
added the ability to disable OCSP nonces
2012-12-19 10:18:11 -08:00
John Safranek
f8f7f69f48
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
John Safranek
9aa8b71525
Merge branch 'nocerts'
2012-11-01 15:47:02 -07:00
John Safranek
134c6b8b1b
cleaning warnings in OCSP build
2012-11-01 15:03:29 -07:00
toddouska
ae905d70c4
crl warning fixes
2012-11-01 14:14:40 -07:00
toddouska
01138a5c53
fix stack-check warnings for newer versions but fastmath still has some so take away warning for now
2012-10-30 17:35:12 -07:00
John Safranek
174618ebfb
added build option for leanPSK
2012-10-29 15:39:42 -07:00
toddouska
a5af2e3d51
add altname retrieval from peer cert
2012-07-31 17:45:48 -07:00
toddouska
e0328ef78a
allow zero legnth asn names, remove weird subjectcn len as zero means we own, use stored flag instead
2012-07-27 16:51:46 -07:00
John Safranek
6120f03173
ocsp response date checking
2012-06-01 11:57:03 -07:00
John Safranek
6d76b2f247
dynamic allocation of OCSP responses, response signature check
2012-05-31 17:29:32 -07:00
John Safranek
4b8bb6cdfe
fixed merge conflicts
2012-05-29 09:19:53 -07:00
John Safranek
9818fe4f55
changed DN hashing to cover the whole DER encoding per OCSP-RFC, OCSP changes towards dynamic storage of responses
2012-05-29 09:11:37 -07:00
toddouska
3f35c86520
crl signature check, be sure to load CAs first
2012-05-24 15:49:38 -07:00