Commit 7c6b2c32 authored by Paul Bakker's avatar Paul Bakker

Split up X509 files into smaller modules

parent ace02867
......@@ -287,7 +287,7 @@
*
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS
* (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
* Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -307,7 +307,7 @@
*
* Enable the RSA-only based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_RSA_C, POLARSSL_X509_PARSE_C, POLARSSL_PKCS1_V15
* Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -332,7 +332,7 @@
*
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
......@@ -354,7 +354,7 @@
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_PARSE_C,
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_PKCS1_V15
*
* This enables the following ciphersuites (if other requisites are
......@@ -377,7 +377,7 @@
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
*
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
......@@ -1413,34 +1413,104 @@
#define POLARSSL_VERSION_C
/**
* \def POLARSSL_X509_PARSE_C
* \def POLARSSL_X509_USE_C
*
* Enable X.509 core for using certificates
*
* Module: library/x509.c
* Caller: library/x509_crl.c
* library/x509_crt.c
* library/x509_csr.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
* POLARSSL_PK_PARSE_C
*
* This module is required for the X.509 parsing modules.
*/
#define POLARSSL_X509_USE_C
/**
* \def POLARSSL_X509_CRT_PARSE_C
*
* Enable X.509 certificate parsing.
*
* Module: library/x509parse.c
* Module: library/x509_crt.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
* library/ssl_tls.c
*
* Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
* POLARSSL_PK_PARSE_C
* Requires: POLARSSL_X509_USE_C
*
* This module is required for X.509 certificate parsing.
*/
#define POLARSSL_X509_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C
/**
* \def POLARSSL_X509_CRL_PARSE_C
*
* Enable X.509 CRL parsing.
*
* Module: library/x509_crl.c
* Caller: library/x509_crt.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is required for X.509 CRL parsing.
*/
#define POLARSSL_X509_CRL_PARSE_C
/**
* \def POLARSSL_X509_CSR_PARSE_C
*
* Enable X.509 Certificate Signing Request (CSR) parsing.
*
* Module: library/x509_csr.c
* Caller: library/x509_crt_write.c
*
* Requires: POLARSSL_X509_USE_C
*
* This module is used for reading X.509 certificate request.
*/
#define POLARSSL_X509_CSR_PARSE_C
/**
* \def POLARSSL_X509_WRITE_C
* \def POLARSSL_X509_CREATE_C
*
* Enable X.509 buffer writing.
* Enable X.509 core for creating certificates
*
* Module: library/x509write.c
* Module: library/x509_create.c
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
#define POLARSSL_X509_CREATE_C
/**
* \def POLARSSL_X509_CRT_WRITE_C
*
* Enable creating X.509 certificates.
*
* Module: library/x509_crt_write.c
*
* Requires: POLARSSL_CREATE_C
*
* This module is required for X.509 certificate creation.
*/
#define POLARSSL_X509_CRT_WRITE_C
/**
* \def POLARSSL_X509_CSR_WRITE_C
*
* Enable creating X.509 Certificate Signing Requests (CSR)
*
* Module: library/x509_csr_write.c
*
* Requires: POLARSSL_CREATE_C
*
* This module is required for X.509 certificate request writing.
*/
#define POLARSSL_X509_WRITE_C
#define POLARSSL_X509_CSR_WRITE_C
/**
* \def POLARSSL_XTEA_C
......@@ -1566,30 +1636,30 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_PARSE_C) )
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) || \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) || \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
......@@ -1668,16 +1738,36 @@
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_PARSE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
#error "POLARSSL_X509_PARSE_C defined, but not all prerequisites"
#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_WRITE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_WRITE_C defined, but not all prerequisites"
#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#endif /* config.h */
......@@ -54,7 +54,7 @@
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
......@@ -99,7 +99,7 @@ void debug_print_ecp( const ssl_context *ssl, int level,
const char *text, const ecp_point *X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt );
......
......@@ -39,7 +39,7 @@
#include "md.h"
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
#include "x509.h"
#endif
......@@ -337,7 +337,7 @@ typedef struct {
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
/**
* \brief Translate an X.509 extension OID into local values
*
......
......@@ -54,8 +54,12 @@
#include "aes.h"
#endif
#if defined(POLARSSL_X509_PARSE_C)
#include "x509.h"
#if defined(POLARSSL_X509_CRT_PARSE_C)
#include "x509_crt.h"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h"
#endif
#if defined(POLARSSL_DHM_C)
......@@ -406,9 +410,9 @@ struct _ssl_session
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_cert *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
int verify_result; /*!< verification result */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
......@@ -579,7 +583,7 @@ struct _ssl_context
void *p_sni; /*!< context for SNI extension */
#endif
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
int (*f_vrfy)(void *, x509_cert *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
......@@ -642,12 +646,14 @@ struct _ssl_context
pk_context *pk_key; /*!< own private key */
int pk_key_own_alloc; /*!< did we allocate pk_key? */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl *ca_crl; /*!< trusted CA CRLs */
#endif /* POLARSSL_X509_CRL_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/*
......@@ -806,7 +812,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
*/
void ssl_set_authmode( ssl_context *ssl, int authmode );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Set the verification callback (Optional).
*
......@@ -821,7 +827,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode );
void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
/**
* \brief Set the random number generator callback
......@@ -941,7 +947,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites,
int major, int minor );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
......@@ -1011,7 +1017,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/**
......@@ -1272,7 +1278,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
*/
const char *ssl_get_version( const ssl_context *ssl );
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
*
......@@ -1288,7 +1294,7 @@ const char *ssl_get_version( const ssl_context *ssl );
* \return the current peer certificate
*/
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_PARSE_C */
#endif /* POLARSSL_X509_CRT_PARSE_C */
/**
* \brief Save session in order to resume it later (client-side only)
......
......@@ -50,7 +50,7 @@ struct _ssl_cache_entry
time_t timestamp; /*!< entry timestamp */
#endif
ssl_session session; /*!< entry session */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */
#endif
ssl_cache_entry *next; /*!< chain pointer */
......
This diff is collapsed.
/**
* \file x509_crl.h
*
* \brief X.509 certificate revocation list parsing
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_X509_CRL_H
#define POLARSSL_X509_CRL_H
#include "config.h"
#include "x509.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \addtogroup x509_module
* \{ */
/**
* \name Structures and functions for parsing CRLs
* \{
*/
/**
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct _x509_crl_entry
{
x509_buf raw;
x509_buf serial;
x509_time revocation_date;
x509_buf entry_ext;
struct _x509_crl_entry *next;
}
x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct _x509_crl
{
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version;
x509_buf sig_oid1;
x509_buf issuer_raw; /**< The raw issuer data (DER). */
x509_name issuer; /**< The parsed issuer data (named information object). */
x509_time this_update;
x509_time next_update;
x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
x509_buf crl_ext;
x509_buf sig_oid2;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
struct _x509_crl *next;
}
x509_crl;
/**
* \brief Parse one or more CRLs and add them
* to the chained list
*
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
#if defined(POLARSSL_FS_IO)
/**
* \brief Load one or more CRLs and add them
* to the chained list
*
* \param chain points to the start of the chain
* \param path filename to read the CRLs from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_crlfile( x509_crl *chain, const char *path );
#endif /* POLARSSL_FS_IO */
/**
* \brief Returns an informational string about the
* CRL.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param prefix A line prefix
* \param crl The X509 CRL to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509parse_crl_info( char *buf, size_t size, const char *prefix,
const x509_crl *crl );
/**
* \brief Unallocate all CRL data
*
* \param crl CRL chain to free
*/
void x509_crl_free( x509_crl *crl );
/* \} name */
/* \} addtogroup x509_module */
#ifdef __cplusplus
}
#endif
#endif /* x509_crl.h */
/**
* \file x509_csr.h
*
* \brief X.509 certificate signing request parsing and writing
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_X509_CSR_H
#define POLARSSL_X509_CSR_H
#include "config.h"
#include "x509.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \addtogroup x509_module
* \{ */
/**
* \name Structures and functions for X.509 Certificate Signing Requests (CSR)
* \{
*/
/**
* Certificate Signing Request (CSR) structure.
*/
typedef struct _x509_csr
{
x509_buf raw; /**< The raw CSR data (DER). */
x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
int version;
x509_buf subject_raw; /**< The raw subject data (DER). */
x509_name subject; /**< The parsed subject data (named information object). */
pk_context pk; /**< Container for the public key context. */
x509_buf sig_oid;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
}
x509_csr;
/**
* Container for writing a CSR
*/
typedef struct _x509write_csr
{
pk_context *key;
asn1_named_data *subject;
md_type_t md_alg;
asn1_named_data *extensions;
}
x509write_csr;
#if defined(POLARSSL_X509_CSR_PARSE_C)
/**
* \brief Load a Certificate Signing Request (CSR)
*
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen );
#if defined(POLARSSL_FS_IO)
/**
* \brief Load a Certificate Signing Request (CSR)
*
* \param csr CSR context to fill
* \param path filename to read the CSR from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_csrfile( x509_csr *csr, const char *path );
#endif /* POLARSSL_FS_IO */
/**
* \brief Returns an informational string about the
* CSR.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param prefix A line prefix
* \param csr The X509 CSR to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509parse_csr_info( char *buf, size_t size, const char *prefix,
const x509_csr *csr );
/**
* \brief Unallocate all CSR data
*
* \param csr CSR to free
*/
void x509_csr_free( x509_csr *csr );
#endif /* POLARSSL_X509_CSR_PARSE_C */
/* \} name */
/* \} addtogroup x509_module */
#if defined(POLARSSL_X509_CSR_WRITE_C)
/**
* \brief Initialize a CSR context
*
* \param ctx CSR context to initialize
*/
void x509write_csr_init( x509write_csr *ctx );
/**
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
* e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
*
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name );
/**
* \brief Set the key for a CSR (public key will be included,
* private key used to sign the CSR when writing it)
*
* \param ctx CSR context to use
* \param key Asymetric key to include
*/
void x509write_csr_set_key( x509write_csr *ctx, pk_context *key );
/**
* \brief Set the MD algorithm to use for the signature
* (e.g. POLARSSL_MD_SHA1)
*
* \param ctx CSR context to use
* \param md_alg MD algorithm to use
*/
void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg );
/**
* \brief Set the Key Usage Extension flags
* (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
*
* \param ctx CSR context to use
* \param key_usage key usage flags to set
*
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage );
/**
* \brief Set the Netscape Cert Type flags
* (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
*
* \param ctx CSR context to use
* \param ns_cert_type Netscape Cert Type flags to set
*
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
unsigned char ns_cert_type );
/**
* \brief Generic function to add to or replace an extension in the CSR
*
* \param ctx CSR context to use
* \param oid OID of the extension
* \param oid_len length of the OID
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_extension( x509write_csr *ctx,
const char *oid, size_t oid_len,
const unsigned char *val, size_t val_len );
/**
* \brief Free the contents of a CSR context
*
* \param ctx CSR context to free
*/
void x509write_csr_free( x509write_csr *ctx );
/**
* \brief Write a CSR (Certificate Signing Request) to a
* DER structure