Commit Graph

80 Commits

Author SHA1 Message Date
Vikram Adiga
5146f3dd94 Initial commit of CyaSSL port for TI-RTOS 2014-05-08 15:50:55 -07:00
John Safranek
70dee7e190 Added the directoryName comparison to the name constraint checks. 2014-04-28 13:29:44 -07:00
John Safranek
618d282d94 Decodes the Name Constraints certificate extension on the CA cert
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Chris Conlon
be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
John Safranek
e79ce42ef4 Added checking of the key usage and extended key usage extensions in the
certificates.
2014-04-10 16:50:14 -07:00
John Safranek
e19e2a801d Ext Key Usage
1. Store reference to raw EKU OIDs in the DecodedCert.
2. Fixed usage of the anyEKU.
2014-03-21 09:37:10 -07:00
John Safranek
1e041abf04 decode Extended Key Usage extension 2014-03-20 10:07:47 -07:00
John Safranek
bcd7f03495 X.509
1. Added stubs for the Extended Key Usage and Inhibit anyPolicy
   extensions.
2. Key Usage extension is decoded normally.
3. Certificate Policy extension is noted normally.
2014-03-14 15:48:33 -07:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
John Safranek
2758f40a09 For OCSP, when decoding X.509 Auth Info Access record, find the first
OCSP responder, rather than only looking at the first item.
2014-02-03 14:39:41 -08:00
toddouska
c14bc1a45c fix ecc w/o openssl extra 2014-02-01 11:37:08 -08:00
John Safranek
264ce75041 1. Split SetTagged into SetExplicit and SetImplicit.
2. Updated code using SetTagged to use new functions.
2014-01-16 16:17:17 -08:00
John Safranek
85c5c29e7a Merge branch 'master' of github.com:cyassl/cyassl
Conflicts:
	ctaocrypt/test/test.c
	cyassl/ctaocrypt/pkcs7.h
2014-01-15 13:23:26 -08:00
John Safranek
c33a8a890e Added encoding PKCS#7 signed data messages. 2014-01-15 12:31:51 -08:00
Chris Conlon
d63c58864f expose more ASN.1 helper functions with CYASSL_LOCAL 2014-01-14 22:48:55 -07:00
Chris Conlon
71e13a3c3a expose ASN.1 helper fns, add blkType 2014-01-10 16:13:56 -07:00
John Safranek
f9e73a8aeb Added setting the cert req challenge password. 2014-01-09 14:17:55 -08:00
John Safranek
f545a33e77 Cert Req
1. Added support for the cert req attributes.
2. Added setting the Basic Constraints extenstion request.
3. Added error checking for the cert req attribs.
2014-01-08 16:26:42 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
d91e8ab38e add cert gen for ecc certs 2013-11-14 20:34:39 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
John Safranek
913e200cd0 X.509 Additions:
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
John Safranek
e564b614bf Decode the serialNumber field in the X.509 names 2013-09-15 22:10:58 -07:00
toddouska
e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
John Safranek
43f320d5e2 SEP Extensions
1. Added configure option to enable SEP extensions.
2. Enabled KEEP_PEER_CERT for the SEP configuration.
3. Copy the Certificate Policy extension into the cert as the
   device type.
4. Copy an other type Alt Name extension into the cert as the
   hwType and hwSerialNumber, if the alt name has a
   hardwareModuleName OID.
2013-07-09 13:23:56 -07:00
toddouska
a0c630b4ee add cert cache persistence 2013-05-02 11:34:26 -07:00
John Safranek
d2d25b9b83 refine the SKID/AKID support 2013-04-29 17:09:15 -07:00
John Safranek
87048698e5 use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes. 2013-04-29 12:08:16 -07:00
toddouska
05dd84598b turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11 2013-04-25 15:36:33 -07:00
toddouska
9dbf6a5e10 fix Signer hash size w/o SHA, fix GetCA caList b4 lock 2013-04-25 14:47:09 -07:00
John Safranek
c27ebe546d find the subject id and authority subject id extentions when decoding a certificate 2013-04-24 10:37:11 -07:00
toddouska
85b3346bbf NO_RSA build, cipher suite tests need work for this build optoin, ssn2 2013-03-07 17:44:40 -08:00
toddouska
44e0d7543c change copyright name with name change 2013-02-05 12:44:17 -08:00
toddouska
f4f13371f9 update copyright date 2013-02-04 14:51:41 -08:00
John Safranek
4e657debfc added the ability to disable OCSP nonces 2012-12-19 10:18:11 -08:00
John Safranek
f8f7f69f48 compile option to leave out MD5 and SSL code 2012-11-26 18:40:43 -08:00
John Safranek
9aa8b71525 Merge branch 'nocerts' 2012-11-01 15:47:02 -07:00
John Safranek
134c6b8b1b cleaning warnings in OCSP build 2012-11-01 15:03:29 -07:00
toddouska
ae905d70c4 crl warning fixes 2012-11-01 14:14:40 -07:00
toddouska
01138a5c53 fix stack-check warnings for newer versions but fastmath still has some so take away warning for now 2012-10-30 17:35:12 -07:00
John Safranek
174618ebfb added build option for leanPSK 2012-10-29 15:39:42 -07:00
toddouska
a5af2e3d51 add altname retrieval from peer cert 2012-07-31 17:45:48 -07:00
toddouska
e0328ef78a allow zero legnth asn names, remove weird subjectcn len as zero means we own, use stored flag instead 2012-07-27 16:51:46 -07:00
John Safranek
6120f03173 ocsp response date checking 2012-06-01 11:57:03 -07:00
John Safranek
6d76b2f247 dynamic allocation of OCSP responses, response signature check 2012-05-31 17:29:32 -07:00
John Safranek
4b8bb6cdfe fixed merge conflicts 2012-05-29 09:19:53 -07:00
John Safranek
9818fe4f55 changed DN hashing to cover the whole DER encoding per OCSP-RFC, OCSP changes towards dynamic storage of responses 2012-05-29 09:11:37 -07:00
toddouska
3f35c86520 crl signature check, be sure to load CAs first 2012-05-24 15:49:38 -07:00
John Safranek
0a31dc3a37 renumbered new error codes and dynamic data types 2012-05-24 14:36:40 -07:00