mbedTLS: Update to version 2.18.5
(cherry picked from commit 5333365593
)
This commit is contained in:
parent
21e1148cc5
commit
fbc4ed8d94
|
@ -36,16 +36,20 @@
|
|||
#define MBEDTLS_AESNI_AES 0x02000000u
|
||||
#define MBEDTLS_AESNI_CLMUL 0x00000002u
|
||||
|
||||
/* Can we do AESNI with inline assembly?
|
||||
* (Only implemented with gas syntax, only for 64-bit.)
|
||||
*/
|
||||
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
|
||||
(defined(__amd64__) || defined(__x86_64__)) && \
|
||||
!defined(MBEDTLS_HAVE_X86_64)
|
||||
#if !defined(MBEDTLS_HAVE_X86_64) && \
|
||||
(defined(__amd64__) || defined(__x86_64__) || \
|
||||
defined(_M_X64) || defined(_M_AMD64)) && \
|
||||
!defined(_M_ARM64EC)
|
||||
#define MBEDTLS_HAVE_X86_64
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C)
|
||||
#if !defined(MBEDTLS_HAVE_X86) && \
|
||||
(defined(__i386__) || defined(_M_IX86))
|
||||
#define MBEDTLS_HAVE_X86
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_AESNI_C) && \
|
||||
(defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))
|
||||
|
||||
/* Can we do AESNI with intrinsics?
|
||||
* (Only implemented with certain compilers, only for certain targets.)
|
||||
|
@ -54,10 +58,9 @@
|
|||
* macros that may change in future releases.
|
||||
*/
|
||||
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
#if defined(_MSC_VER) && (defined(_M_AMD64) || defined(_M_IX86))
|
||||
#if defined(_MSC_VER)
|
||||
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
|
||||
* VS 2013 and up for other reasons anyway, so no need to check the version.
|
||||
* Only supported on x64 and x86. */
|
||||
* VS 2013 and up for other reasons anyway, so no need to check the version. */
|
||||
#define MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
#endif
|
||||
/* GCC-like compilers: currently, we only support intrinsics if the requisite
|
||||
|
@ -73,7 +76,11 @@
|
|||
* favor the assembly-based implementation if it's available. We intend to
|
||||
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
|
||||
* likely remove the assembly implementation. */
|
||||
#if defined(MBEDTLS_HAVE_X86_64)
|
||||
#if defined(MBEDTLS_HAVE_ASM) && \
|
||||
defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
|
||||
/* Can we do AESNI with inline assembly?
|
||||
* (Only implemented with gas syntax, only for 64-bit.)
|
||||
*/
|
||||
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
|
||||
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
|
||||
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
|
||||
|
@ -169,6 +176,6 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
|
|||
#endif
|
||||
|
||||
#endif /* MBEDTLS_AESNI_HAVE_CODE */
|
||||
#endif /* MBEDTLS_AESNI_C */
|
||||
#endif /* MBEDTLS_AESNI_C && (MBEDTLS_HAVE_X86_64 || MBEDTLS_HAVE_X86) */
|
||||
|
||||
#endif /* MBEDTLS_AESNI_H */
|
||||
|
|
|
@ -158,6 +158,27 @@ int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
|
|||
const char *oid, size_t oid_len,
|
||||
size_t par_len);
|
||||
|
||||
/**
|
||||
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param oid The OID of the algorithm to write.
|
||||
* \param oid_len The length of the algorithm's OID.
|
||||
* \param par_len The length of the parameters, which must be already written.
|
||||
* \param has_par If there are any parameters. If 0, par_len must be 0. If 1
|
||||
* and \p par_len is 0, NULL parameters are added.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
|
||||
unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
size_t par_len, int has_par);
|
||||
|
||||
/**
|
||||
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
|
||||
* in ASN.1 format.
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
#include <limits.h>
|
||||
#if CHAR_BIT != 8
|
||||
#error "mbed TLS requires a platform with 8-bit chars"
|
||||
#error "Mbed TLS requires a platform with 8-bit chars"
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
@ -446,10 +446,29 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
|
|||
|
||||
|
||||
/**
|
||||
* \brief This function initializes a cipher context for
|
||||
* \brief This function prepares a cipher context for
|
||||
* use with the given cipher primitive.
|
||||
*
|
||||
* \param ctx The context to initialize. This must be initialized.
|
||||
* \warning In CBC mode, if mbedtls_cipher_set_padding_mode() is not called:
|
||||
* - If MBEDTLS_CIPHER_PADDING_PKCS7 is enabled, the
|
||||
* context will use PKCS7 padding.
|
||||
* - Otherwise the context uses no padding and the input
|
||||
* must be a whole number of blocks.
|
||||
*
|
||||
* \note After calling this function, you should call
|
||||
* mbedtls_cipher_setkey() and, if the mode uses padding,
|
||||
* mbedtls_cipher_set_padding_mode(), then for each
|
||||
* message to encrypt or decrypt with this key, either:
|
||||
* - mbedtls_cipher_crypt() for one-shot processing with
|
||||
* non-AEAD modes;
|
||||
* - mbedtls_cipher_auth_encrypt_ext() or
|
||||
* mbedtls_cipher_auth_decrypt_ext() for one-shot
|
||||
* processing with AEAD modes or NIST_KW;
|
||||
* - for multi-part processing, see the documentation of
|
||||
* mbedtls_cipher_reset().
|
||||
*
|
||||
* \param ctx The context to prepare. This must be initialized by
|
||||
* a call to mbedtls_cipher_init() first.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
@ -663,8 +682,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
|||
* \brief This function sets the padding mode, for cipher modes
|
||||
* that use padding.
|
||||
*
|
||||
* The default passing mode is PKCS7 padding.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param mode The padding mode.
|
||||
|
@ -704,7 +721,29 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief This function resets the cipher state.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized.
|
||||
* \note With non-AEAD ciphers, the order of calls for each message
|
||||
* is as follows:
|
||||
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
|
||||
* 2. mbedtls_cipher_reset()
|
||||
* 3. mbedtls_cipher_update() one or more times
|
||||
* 4. mbedtls_cipher_finish()
|
||||
* .
|
||||
* This sequence can be repeated to encrypt or decrypt multiple
|
||||
* messages with the same key.
|
||||
*
|
||||
* \note With AEAD ciphers, the order of calls for each message
|
||||
* is as follows:
|
||||
* 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
|
||||
* 2. mbedtls_cipher_reset()
|
||||
* 3. mbedtls_cipher_update_ad()
|
||||
* 4. mbedtls_cipher_update() one or more times
|
||||
* 5. mbedtls_cipher_check_tag() (for decryption) or
|
||||
* mbedtls_cipher_write_tag() (for encryption).
|
||||
* .
|
||||
* This sequence can be repeated to encrypt or decrypt multiple
|
||||
* messages with the same key.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be bound to a key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
|
|
|
@ -45,7 +45,11 @@ extern "C" {
|
|||
#define MBEDTLS_AES_BLOCK_SIZE 16
|
||||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
|
||||
/* Although the CMAC module does not support ARIA or CAMELLIA, we adjust the value of
|
||||
* MBEDTLS_CIPHER_BLKSIZE_MAX to reflect these ciphers.
|
||||
* This is done to avoid confusion, given the general-purpose name of the macro. */
|
||||
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file compat-1.3.h
|
||||
*
|
||||
* \brief Compatibility definitions for using mbed TLS with client code written
|
||||
* \brief Compatibility definitions for using Mbed TLS with client code written
|
||||
* for the PolarSSL naming conventions.
|
||||
*
|
||||
* \deprecated Use the new names directly instead
|
||||
|
|
|
@ -163,19 +163,51 @@
|
|||
*
|
||||
* Enable the memory allocation layer.
|
||||
*
|
||||
* By default mbed TLS uses the system-provided calloc() and free().
|
||||
* By default Mbed TLS uses the system-provided calloc() and free().
|
||||
* This allows different allocators (self-implemented or provided) to be
|
||||
* provided to the platform abstraction layer.
|
||||
*
|
||||
* Enabling MBEDTLS_PLATFORM_MEMORY without the
|
||||
* Enabling #MBEDTLS_PLATFORM_MEMORY without the
|
||||
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
|
||||
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
|
||||
* free() function pointer at runtime.
|
||||
*
|
||||
* Enabling MBEDTLS_PLATFORM_MEMORY and specifying
|
||||
* Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
|
||||
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
|
||||
* alternate function at compile time.
|
||||
*
|
||||
* An overview of how the value of mbedtls_calloc is determined:
|
||||
*
|
||||
* - if !MBEDTLS_PLATFORM_MEMORY
|
||||
* - mbedtls_calloc = calloc
|
||||
* - if MBEDTLS_PLATFORM_MEMORY
|
||||
* - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
|
||||
* - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
|
||||
* - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
|
||||
* - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
|
||||
* - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
|
||||
* - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
|
||||
* - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
|
||||
* - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
|
||||
* - if MBEDTLS_PLATFORM_STD_CALLOC is present:
|
||||
* - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
|
||||
* - if !MBEDTLS_PLATFORM_STD_CALLOC:
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC = calloc
|
||||
*
|
||||
* - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
|
||||
* - if !MBEDTLS_PLATFORM_STD_CALLOC
|
||||
* - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
|
||||
*
|
||||
* - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
|
||||
*
|
||||
* Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
|
||||
* MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
|
||||
* #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
|
||||
* dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
|
||||
*
|
||||
* Requires: MBEDTLS_PLATFORM_C
|
||||
*
|
||||
* Enable this layer to allow use of alternative memory allocators.
|
||||
|
@ -204,10 +236,10 @@
|
|||
/**
|
||||
* \def MBEDTLS_PLATFORM_EXIT_ALT
|
||||
*
|
||||
* MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
|
||||
* MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
|
||||
* function in the platform abstraction layer.
|
||||
*
|
||||
* Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
|
||||
* Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
|
||||
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
|
||||
* alternative printf function pointer.
|
||||
*
|
||||
|
@ -233,6 +265,45 @@
|
|||
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let Mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_gmtime_r(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* gmtime() is not a thread-safe function as defined in the C standard. The
|
||||
* library will try to use safer implementations of this function, such as
|
||||
* gmtime_r() when available. However, if Mbed TLS cannot identify the target
|
||||
* system, the implementation of mbedtls_platform_gmtime_r() will default to
|
||||
* using the standard gmtime(). In this case, calls from the library to
|
||||
* gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
|
||||
* if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
|
||||
* library are also guarded with this mutex to avoid race conditions. However,
|
||||
* if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
|
||||
* unconditionally use the implementation for mbedtls_platform_gmtime_r()
|
||||
* supplied at compile time.
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let Mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* mbedtls_platform_zeroize() is a widely used function across the library to
|
||||
* zero a block of memory. The implementation is expected to be secure in the
|
||||
* sense that it has been written to prevent the compiler from removing calls
|
||||
* to mbedtls_platform_zeroize() as part of redundant code elimination
|
||||
* optimizations. However, it is difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
|
||||
* versions of the C language standards do not provide a secure implementation
|
||||
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
|
||||
* configure their own implementation of mbedtls_platform_zeroize(), for
|
||||
* example by using directives specific to their compiler, features from newer
|
||||
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
|
||||
* their system (e.g explicit_bzero() in BSD).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_DEPRECATED_WARNING
|
||||
*
|
||||
|
@ -329,7 +400,7 @@
|
|||
/** \} name SECTION: System support */
|
||||
|
||||
/**
|
||||
* \name SECTION: mbed TLS feature support
|
||||
* \name SECTION: Mbed TLS feature support
|
||||
*
|
||||
* This section sets support for features that are or are not needed
|
||||
* within the modules that are enabled.
|
||||
|
@ -352,7 +423,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_AES_ALT
|
||||
*
|
||||
* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
|
||||
* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
|
||||
* alternate core implementation of a symmetric crypto, an arithmetic or hash
|
||||
* module (e.g. platform specific assembly optimized implementations). Keep
|
||||
* in mind that the function prototypes should remain the same.
|
||||
|
@ -360,7 +431,7 @@
|
|||
* This replaces the whole module. If you only want to replace one of the
|
||||
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
|
||||
*
|
||||
* Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
|
||||
* Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
|
||||
* provide the "struct mbedtls_aes_context" definition and omit the base
|
||||
* function declarations and implementations. "aes_alt.h" will be included from
|
||||
* "aes.h" to include the new function definitions.
|
||||
|
@ -413,14 +484,14 @@
|
|||
/**
|
||||
* \def MBEDTLS_MD2_PROCESS_ALT
|
||||
*
|
||||
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
|
||||
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
|
||||
* alternate core implementation of symmetric crypto or hash function. Keep in
|
||||
* mind that function prototypes should remain the same.
|
||||
*
|
||||
* This replaces only one function. The header file from mbed TLS is still
|
||||
* This replaces only one function. The header file from Mbed TLS is still
|
||||
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
|
||||
*
|
||||
* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
|
||||
* Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
|
||||
* no longer provide the mbedtls_sha1_process() function, but it will still provide
|
||||
* the other function (using your mbedtls_sha1_process() function) and the definition
|
||||
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
|
||||
|
@ -480,11 +551,11 @@
|
|||
*
|
||||
* Expose a part of the internal interface of the Elliptic Curve Point module.
|
||||
*
|
||||
* MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
|
||||
* MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
|
||||
* alternative core implementation of elliptic curve arithmetic. Keep in mind
|
||||
* that function prototypes should remain the same.
|
||||
*
|
||||
* This partially replaces one function. The header file from mbed TLS is still
|
||||
* This partially replaces one function. The header file from Mbed TLS is still
|
||||
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
|
||||
* is still present and it is used for group structures not supported by the
|
||||
* alternative.
|
||||
|
@ -508,11 +579,11 @@
|
|||
* implement optimized set up and tear down instructions.
|
||||
*
|
||||
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
|
||||
* MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
|
||||
* MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
|
||||
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
|
||||
* for the operation is supported by your implementation (i.e. your
|
||||
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
|
||||
* group is not supported by your implementation, then the original mbed TLS
|
||||
* group is not supported by your implementation, then the original Mbed TLS
|
||||
* implementation of ecp_double_jac() is used instead, unless this fallback
|
||||
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
|
||||
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
|
||||
|
@ -543,7 +614,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_TEST_NULL_ENTROPY
|
||||
*
|
||||
* Enables testing and use of mbed TLS without any configured entropy sources.
|
||||
* Enables testing and use of Mbed TLS without any configured entropy sources.
|
||||
* This permits use of the library on platforms before an entropy source has
|
||||
* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
|
||||
* MBEDTLS_ENTROPY_NV_SEED switches).
|
||||
|
@ -560,7 +631,7 @@
|
|||
/**
|
||||
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
*
|
||||
* Uncomment this macro to let mbed TLS use your own implementation of a
|
||||
* Uncomment this macro to let Mbed TLS use your own implementation of a
|
||||
* hardware entropy collector.
|
||||
*
|
||||
* Your function must be called \c mbedtls_hardware_poll(), have the same
|
||||
|
@ -786,6 +857,15 @@
|
|||
*/
|
||||
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
|
||||
/**
|
||||
* Enable the verified implementations of ECDH primitives from Project Everest
|
||||
* (currently only Curve25519). This feature changes the layout of ECDH
|
||||
* contexts and therefore is a compatibility break for applications that access
|
||||
* fields of a mbedtls_ecdh_context structure directly. See also
|
||||
* MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
|
||||
*/
|
||||
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
*
|
||||
|
@ -1559,7 +1639,7 @@
|
|||
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
* Enable sending of alert messages in case of encountered errors as per RFC.
|
||||
* If you choose not to send the alert messages, mbed TLS can still communicate
|
||||
* If you choose not to send the alert messages, Mbed TLS can still communicate
|
||||
* with other servers, only debugging of failures is harder.
|
||||
*
|
||||
* The advantage of not sending alert messages, is that no information is given
|
||||
|
@ -2085,6 +2165,23 @@
|
|||
*/
|
||||
//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
|
||||
/**
|
||||
* Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
|
||||
* signature and ciphersuite selection. Without this build-time option, SHA-1
|
||||
* support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
|
||||
* The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
|
||||
* default. At the time of writing, there is no practical attack on the use
|
||||
* of SHA-1 in handshake signatures, hence this option is turned on by default
|
||||
* to preserve compatibility with existing peers, but the general
|
||||
* warning applies nonetheless:
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
|
||||
*
|
||||
|
@ -2332,12 +2429,12 @@
|
|||
* Uncomment to enable use of ZLIB
|
||||
*/
|
||||
//#define MBEDTLS_ZLIB_SUPPORT
|
||||
/** \} name SECTION: mbed TLS feature support */
|
||||
/** \} name SECTION: Mbed TLS feature support */
|
||||
|
||||
/**
|
||||
* \name SECTION: mbed TLS modules
|
||||
* \name SECTION: Mbed TLS modules
|
||||
*
|
||||
* This section enables or disables entire modules in mbed TLS
|
||||
* This section enables or disables entire modules in Mbed TLS
|
||||
* \{
|
||||
*/
|
||||
|
||||
|
@ -3058,7 +3155,7 @@
|
|||
* Module: library/memory_buffer_alloc.c
|
||||
*
|
||||
* Requires: MBEDTLS_PLATFORM_C
|
||||
* MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
|
||||
* MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
|
||||
*
|
||||
* Enable this module to enable the buffer memory allocator.
|
||||
*/
|
||||
|
@ -3498,7 +3595,7 @@
|
|||
* \def MBEDTLS_THREADING_C
|
||||
*
|
||||
* Enable the threading abstraction layer.
|
||||
* By default mbed TLS assumes it is used in a non-threaded environment or that
|
||||
* By default Mbed TLS assumes it is used in a non-threaded environment or that
|
||||
* contexts are not shared between threads. If you do intend to use contexts
|
||||
* between threads, you will need to enable this layer to prevent race
|
||||
* conditions. See also our Knowledge Base article about threading:
|
||||
|
@ -3512,7 +3609,7 @@
|
|||
* You will have to enable either MBEDTLS_THREADING_ALT or
|
||||
* MBEDTLS_THREADING_PTHREAD.
|
||||
*
|
||||
* Enable this layer to allow use of mutexes within mbed TLS
|
||||
* Enable this layer to allow use of mutexes within Mbed TLS
|
||||
*/
|
||||
//#define MBEDTLS_THREADING_C
|
||||
|
||||
|
@ -3664,7 +3761,7 @@
|
|||
*/
|
||||
#define MBEDTLS_XTEA_C
|
||||
|
||||
/** \} name SECTION: mbed TLS modules */
|
||||
/** \} name SECTION: Mbed TLS modules */
|
||||
|
||||
/**
|
||||
* \name SECTION: General configuration options
|
||||
|
@ -3798,8 +3895,29 @@
|
|||
|
||||
/* Platform options */
|
||||
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
|
||||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
|
||||
|
||||
/** \def MBEDTLS_PLATFORM_STD_CALLOC
|
||||
*
|
||||
* Default allocator to use, can be undefined.
|
||||
* It must initialize the allocated buffer memory to zeroes.
|
||||
* The size of the buffer is the product of the two parameters.
|
||||
* The calloc function returns either a null pointer or a pointer to the allocated space.
|
||||
* If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
|
||||
* See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
|
||||
* The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
|
||||
|
||||
/** \def MBEDTLS_PLATFORM_STD_FREE
|
||||
*
|
||||
* Default free to use, can be undefined.
|
||||
* NULL is a valid parameter, and the function must do nothing.
|
||||
* A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
|
||||
* An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
|
||||
* See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
|
||||
|
@ -3812,10 +3930,10 @@
|
|||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
|
||||
|
||||
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
|
||||
/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
|
||||
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
|
||||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
|
||||
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
|
@ -4088,71 +4206,6 @@
|
|||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
||||
|
||||
/**
|
||||
* Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
|
||||
* signature and ciphersuite selection. Without this build-time option, SHA-1
|
||||
* support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
|
||||
* The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
|
||||
* default. At the time of writing, there is no practical attack on the use
|
||||
* of SHA-1 in handshake signatures, hence this option is turned on by default
|
||||
* to preserve compatibility with existing peers, but the general
|
||||
* warning applies nonetheless:
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
* on it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_zeroize(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* mbedtls_platform_zeroize() is a widely used function across the library to
|
||||
* zero a block of memory. The implementation is expected to be secure in the
|
||||
* sense that it has been written to prevent the compiler from removing calls
|
||||
* to mbedtls_platform_zeroize() as part of redundant code elimination
|
||||
* optimizations. However, it is difficult to guarantee that calls to
|
||||
* mbedtls_platform_zeroize() will not be optimized by the compiler as older
|
||||
* versions of the C language standards do not provide a secure implementation
|
||||
* of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
|
||||
* configure their own implementation of mbedtls_platform_zeroize(), for
|
||||
* example by using directives specific to their compiler, features from newer
|
||||
* C standards (e.g using memset_s() in C11) or calling a secure memset() from
|
||||
* their system (e.g explicit_bzero() in BSD).
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
|
||||
|
||||
/**
|
||||
* Uncomment the macro to let Mbed TLS use your alternate implementation of
|
||||
* mbedtls_platform_gmtime_r(). This replaces the default implementation in
|
||||
* platform_util.c.
|
||||
*
|
||||
* gmtime() is not a thread-safe function as defined in the C standard. The
|
||||
* library will try to use safer implementations of this function, such as
|
||||
* gmtime_r() when available. However, if Mbed TLS cannot identify the target
|
||||
* system, the implementation of mbedtls_platform_gmtime_r() will default to
|
||||
* using the standard gmtime(). In this case, calls from the library to
|
||||
* gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
|
||||
* if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
|
||||
* library are also guarded with this mutex to avoid race conditions. However,
|
||||
* if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
|
||||
* unconditionally use the implementation for mbedtls_platform_gmtime_r()
|
||||
* supplied at compile time.
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
|
||||
|
||||
/**
|
||||
* Enable the verified implementations of ECDH primitives from Project Everest
|
||||
* (currently only Curve25519). This feature changes the layout of ECDH
|
||||
* contexts and therefore is a compatibility break for applications that access
|
||||
* fields of a mbedtls_ecdh_context structure directly. See also
|
||||
* MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
|
||||
*/
|
||||
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
|
||||
/** \} name SECTION: Module configuration options */
|
||||
|
||||
/* Target and application specific configurations
|
||||
|
|
|
@ -42,6 +42,11 @@
|
|||
|
||||
#include "mbedtls/bignum.h"
|
||||
|
||||
#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ECP error codes
|
||||
*/
|
||||
|
@ -214,7 +219,7 @@ mbedtls_ecp_point;
|
|||
|
||||
#if !defined(MBEDTLS_ECP_ALT)
|
||||
/*
|
||||
* default mbed TLS elliptic curve arithmetic implementation
|
||||
* default Mbed TLS elliptic curve arithmetic implementation
|
||||
*
|
||||
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
|
||||
* alternative implementation for the whole module and it will replace this
|
||||
|
@ -236,6 +241,27 @@ mbedtls_ecp_point;
|
|||
* odd prime as mbedtls_ecp_mul() requires an odd number, and
|
||||
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
|
||||
*
|
||||
* The default implementation only initializes \p A without setting it to the
|
||||
* authentic value for curves with <code>A = -3</code>(SECP256R1, etc), in which
|
||||
* case you need to load \p A by yourself when using domain parameters directly,
|
||||
* for example:
|
||||
* \code
|
||||
* mbedtls_mpi_init(&A);
|
||||
* mbedtls_ecp_group_init(&grp);
|
||||
* CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
|
||||
* if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
|
||||
* CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
|
||||
* } else {
|
||||
* CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
|
||||
* }
|
||||
*
|
||||
* do_something_with_a(&A);
|
||||
*
|
||||
* cleanup:
|
||||
* mbedtls_mpi_free(&A);
|
||||
* mbedtls_ecp_group_free(&grp);
|
||||
* \endcode
|
||||
*
|
||||
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
|
||||
* which is the quantity used in the formulas. Additionally, \p nbits is
|
||||
* not the size of \p N but the required size for private keys.
|
||||
|
@ -256,8 +282,11 @@ mbedtls_ecp_point;
|
|||
typedef struct mbedtls_ecp_group {
|
||||
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
|
||||
mbedtls_mpi P; /*!< The prime modulus of the base field. */
|
||||
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
|
||||
Montgomery curves: <code>(A + 2) / 4</code>. */
|
||||
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that
|
||||
\p A is not set to the authentic value in some cases.
|
||||
Refer to detailed description of ::mbedtls_ecp_group if
|
||||
using domain parameters in the structure.
|
||||
For Montgomery curves: <code>(A + 2) / 4</code>. */
|
||||
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
|
||||
For Montgomery curves: unused. */
|
||||
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
|
||||
|
@ -989,6 +1018,26 @@ int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
mbedtls_ecp_restart_ctx *rs_ctx);
|
||||
|
||||
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
|
||||
/**
|
||||
* \brief This function checks if domain parameter A of the curve is
|
||||
* \c -3.
|
||||
*
|
||||
* \note This function is only defined for short Weierstrass curves.
|
||||
* It may not be included in builds without any short
|
||||
* Weierstrass curve.
|
||||
*
|
||||
* \param grp The ECP group to use.
|
||||
* This must be initialized and have group parameters
|
||||
* set, for example through mbedtls_ecp_group_load().
|
||||
*
|
||||
* \return \c 1 if <code>A = -3</code>.
|
||||
* \return \c 0 Otherwise.
|
||||
*/
|
||||
static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
|
||||
{
|
||||
return grp->A.p == NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function performs multiplication and addition of two
|
||||
* points by integers: \p R = \p m * \p P + \p n * \p Q
|
||||
|
|
|
@ -82,7 +82,7 @@ int mbedtls_hardclock_poll(void *data,
|
|||
/**
|
||||
* \brief Entropy poll callback for a hardware source
|
||||
*
|
||||
* \warning This is not provided by mbed TLS!
|
||||
* \warning This is not provided by Mbed TLS!
|
||||
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
|
||||
*
|
||||
* \note This must accept NULL as its first argument.
|
||||
|
|
|
@ -171,9 +171,9 @@ static inline int mbedtls_error_add(int high, int low,
|
|||
}
|
||||
|
||||
/**
|
||||
* \brief Translate a mbed TLS error code into a string representation,
|
||||
* Result is truncated if necessary and always includes a terminating
|
||||
* null byte.
|
||||
* \brief Translate an Mbed TLS error code into a string representation.
|
||||
* The result is truncated if necessary and always includes a
|
||||
* terminating null byte.
|
||||
*
|
||||
* \param errnum error code
|
||||
* \param buffer buffer to place representation in
|
||||
|
|
|
@ -283,6 +283,10 @@ int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len,
|
|||
* \brief Closes down the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to close
|
||||
*
|
||||
* \note This function frees and clears data associated with the
|
||||
* context but does not free the memory pointed to by \p ctx.
|
||||
* This memory is the responsibility of the caller.
|
||||
*/
|
||||
void mbedtls_net_close(mbedtls_net_context *ctx);
|
||||
|
||||
|
@ -290,6 +294,10 @@ void mbedtls_net_close(mbedtls_net_context *ctx);
|
|||
* \brief Gracefully shutdown the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to free
|
||||
*
|
||||
* \note This function frees and clears data associated with the
|
||||
* context but does not free the memory pointed to by \p ctx.
|
||||
* This memory is the responsibility of the caller.
|
||||
*/
|
||||
void mbedtls_net_free(mbedtls_net_context *ctx);
|
||||
|
||||
|
|
|
@ -44,9 +44,12 @@
|
|||
#endif
|
||||
|
||||
/* Some versions of ASan result in errors about not enough registers */
|
||||
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_ASM) && \
|
||||
defined(__GNUC__) && defined(__i386__) && \
|
||||
!defined(MBEDTLS_HAVE_ASAN)
|
||||
|
||||
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
|
||||
|
||||
#ifndef MBEDTLS_HAVE_X86
|
||||
#define MBEDTLS_HAVE_X86
|
||||
#endif
|
||||
|
@ -120,6 +123,7 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_X86 */
|
||||
#endif /* MBEDTLS_PADLOCK_C && MBEDTLS_HAVE_ASM &&
|
||||
__GNUC__ && __i386__ && !MBEDTLS_HAVE_ASAN */
|
||||
|
||||
#endif /* padlock.h */
|
||||
|
|
|
@ -71,7 +71,7 @@ typedef struct mbedtls_pkcs11_context {
|
|||
MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx);
|
||||
|
||||
/**
|
||||
* Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
|
||||
* Fill in a Mbed TLS certificate, based on the given PKCS11 helper certificate.
|
||||
*
|
||||
* \deprecated This function is deprecated and will be removed in a
|
||||
* future version of the library.
|
||||
|
|
|
@ -79,6 +79,21 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||
* for cipher-based and mbedtls_md-based PBE's
|
||||
*
|
||||
* \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
|
||||
* be enabled at compile time.
|
||||
*
|
||||
* \warning When decrypting:
|
||||
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
|
||||
* time, this function validates the CBC padding and returns
|
||||
* #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
|
||||
* invalid. Note that this can help active adversaries
|
||||
* attempting to brute-forcing the password. Note also that
|
||||
* there is no guarantee that an invalid password will be
|
||||
* detected (the chances of a valid padding with a random
|
||||
* password are about 1/255).
|
||||
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
|
||||
* time, this function does not validate the CBC padding.
|
||||
*
|
||||
* \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
|
||||
* \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
|
||||
* #MBEDTLS_PKCS12_PBE_DECRYPT
|
||||
|
@ -87,18 +102,77 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
* \param pwd Latin1-encoded password used. This may only be \c NULL when
|
||||
* \p pwdlen is 0. No null terminator should be used.
|
||||
* \param pwdlen length of the password (may be 0)
|
||||
* \param input the input data
|
||||
* \param data the input data
|
||||
* \param len data length
|
||||
* \param output the output buffer
|
||||
* \param output Output buffer.
|
||||
* On success, it contains the encrypted or decrypted data,
|
||||
* possibly followed by the CBC padding.
|
||||
* On failure, the content is indeterminate.
|
||||
* For decryption, there must be enough room for \p len
|
||||
* bytes.
|
||||
* For encryption, there must be enough room for
|
||||
* \p len + 1 bytes, rounded up to the block size of
|
||||
* the block cipher identified by \p pbe_params.
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
||||
*/
|
||||
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *input, size_t len,
|
||||
const unsigned char *data, size_t len,
|
||||
unsigned char *output);
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
|
||||
/**
|
||||
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||
* for cipher-based and mbedtls_md-based PBE's
|
||||
*
|
||||
*
|
||||
* \warning When decrypting:
|
||||
* - This function validates the CBC padding and returns
|
||||
* #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is
|
||||
* invalid. Note that this can help active adversaries
|
||||
* attempting to brute-forcing the password. Note also that
|
||||
* there is no guarantee that an invalid password will be
|
||||
* detected (the chances of a valid padding with a random
|
||||
* password are about 1/255).
|
||||
*
|
||||
* \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
|
||||
* \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or
|
||||
* #MBEDTLS_PKCS12_PBE_DECRYPT
|
||||
* \param cipher_type the cipher used
|
||||
* \param md_type the mbedtls_md used
|
||||
* \param pwd Latin1-encoded password used. This may only be \c NULL when
|
||||
* \p pwdlen is 0. No null terminator should be used.
|
||||
* \param pwdlen length of the password (may be 0)
|
||||
* \param data the input data
|
||||
* \param len data length
|
||||
* \param output Output buffer.
|
||||
* On success, it contains the encrypted or decrypted data,
|
||||
* possibly followed by the CBC padding.
|
||||
* On failure, the content is indeterminate.
|
||||
* For decryption, there must be enough room for \p len
|
||||
* bytes.
|
||||
* For encryption, there must be enough room for
|
||||
* \p len + 1 bytes, rounded up to the block size of
|
||||
* the block cipher identified by \p pbe_params.
|
||||
* \param output_size size of output buffer.
|
||||
* This must be big enough to accommodate for output plus
|
||||
* padding data.
|
||||
* \param output_len On success, length of actual data written to the output buffer.
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
||||
*/
|
||||
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t len,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len);
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
|
|
|
@ -57,13 +57,36 @@ extern "C" {
|
|||
/**
|
||||
* \brief PKCS#5 PBES2 function
|
||||
*
|
||||
* \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
|
||||
* be enabled at compile time.
|
||||
*
|
||||
* \warning When decrypting:
|
||||
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
|
||||
* time, this function validates the CBC padding and returns
|
||||
* #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
|
||||
* invalid. Note that this can help active adversaries
|
||||
* attempting to brute-forcing the password. Note also that
|
||||
* there is no guarantee that an invalid password will be
|
||||
* detected (the chances of a valid padding with a random
|
||||
* password are about 1/255).
|
||||
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile
|
||||
* time, this function does not validate the CBC padding.
|
||||
*
|
||||
* \param pbe_params the ASN.1 algorithm parameters
|
||||
* \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
|
||||
* \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
|
||||
* \param pwd password to use when generating key
|
||||
* \param pwdlen length of password
|
||||
* \param data data to process
|
||||
* \param datalen length of data
|
||||
* \param output output buffer
|
||||
* \param output Output buffer.
|
||||
* On success, it contains the encrypted or decrypted data,
|
||||
* possibly followed by the CBC padding.
|
||||
* On failure, the content is indeterminate.
|
||||
* For decryption, there must be enough room for \p datalen
|
||||
* bytes.
|
||||
* For encryption, there must be enough room for
|
||||
* \p datalen + 1 bytes, rounded up to the block size of
|
||||
* the block cipher identified by \p pbe_params.
|
||||
*
|
||||
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
|
||||
*/
|
||||
|
@ -72,6 +95,49 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output);
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
|
||||
/**
|
||||
* \brief PKCS#5 PBES2 function
|
||||
*
|
||||
* \warning When decrypting:
|
||||
* - This function validates the CBC padding and returns
|
||||
* #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is
|
||||
* invalid. Note that this can help active adversaries
|
||||
* attempting to brute-forcing the password. Note also that
|
||||
* there is no guarantee that an invalid password will be
|
||||
* detected (the chances of a valid padding with a random
|
||||
* password are about 1/255).
|
||||
*
|
||||
* \param pbe_params the ASN.1 algorithm parameters
|
||||
* \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT
|
||||
* \param pwd password to use when generating key
|
||||
* \param pwdlen length of password
|
||||
* \param data data to process
|
||||
* \param datalen length of data
|
||||
* \param output Output buffer.
|
||||
* On success, it contains the decrypted data.
|
||||
* On failure, the content is indetermidate.
|
||||
* For decryption, there must be enough room for \p datalen
|
||||
* bytes.
|
||||
* For encryption, there must be enough room for
|
||||
* \p datalen + 1 bytes, rounded up to the block size of
|
||||
* the block cipher identified by \p pbe_params.
|
||||
* \param output_size size of output buffer.
|
||||
* This must be big enough to accommodate for output plus
|
||||
* padding data.
|
||||
* \param output_len On success, length of actual data written to the output buffer.
|
||||
*
|
||||
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.
|
||||
*/
|
||||
int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len);
|
||||
|
||||
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
/**
|
||||
|
|
|
@ -135,11 +135,22 @@ extern "C" {
|
|||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
/* Enable certain documented defines only when generating doxygen to avoid
|
||||
* an "unrecognized define" error. */
|
||||
#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_CALLOC)
|
||||
#define MBEDTLS_PLATFORM_STD_CALLOC
|
||||
#endif
|
||||
|
||||
#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_FREE)
|
||||
#define MBEDTLS_PLATFORM_STD_FREE
|
||||
#endif
|
||||
|
||||
/** \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
* The function pointers for calloc and free.
|
||||
* Please see MBEDTLS_PLATFORM_STD_CALLOC and MBEDTLS_PLATFORM_STD_FREE
|
||||
* in mbedtls_config.h for more information about behaviour and requirements.
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_MEMORY)
|
||||
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file platform_time.h
|
||||
*
|
||||
* \brief mbed TLS Platform time abstraction
|
||||
* \brief Mbed TLS Platform time abstraction
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
|
|
|
@ -221,6 +221,11 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
|||
#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
|
||||
#endif
|
||||
|
||||
/* If the following macro is defined, the library is being built by the test
|
||||
* framework, and the framework is going to provide a replacement
|
||||
* mbedtls_platform_zeroize() using a preprocessor macro, so the function
|
||||
* declaration should be omitted. */
|
||||
#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
|
@ -244,6 +249,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
|||
*
|
||||
*/
|
||||
void mbedtls_platform_zeroize(void *buf, size_t len);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE)
|
||||
/**
|
||||
|
|
|
@ -193,6 +193,8 @@
|
|||
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
|
||||
/** Invalid value in SSL config */
|
||||
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
|
||||
/** Cache entry not found */
|
||||
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x5E00
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
|
|
|
@ -99,6 +99,11 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
|
|||
*
|
||||
* \param data SSL cache context
|
||||
* \param session session to retrieve entry for
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND if there is
|
||||
* no cache entry with specified session ID found, or
|
||||
* any other negative error code for other failures.
|
||||
*/
|
||||
int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session);
|
||||
|
||||
|
@ -108,6 +113,9 @@ int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session);
|
|||
*
|
||||
* \param data SSL cache context
|
||||
* \param session session to store entry for
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session);
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file ssl_ciphersuites.h
|
||||
*
|
||||
* \brief SSL Ciphersuites for mbed TLS
|
||||
* \brief SSL Ciphersuites for Mbed TLS
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
|
|
|
@ -63,9 +63,9 @@ typedef struct mbedtls_threading_mutex_t {
|
|||
* \brief Set your alternate threading implementation function
|
||||
* pointers and initialize global mutexes. If used, this
|
||||
* function must be called once in the main thread before any
|
||||
* other mbed TLS function is called, and
|
||||
* other Mbed TLS function is called, and
|
||||
* mbedtls_threading_free_alt() must be called once in the main
|
||||
* thread after all other mbed TLS functions.
|
||||
* thread after all other Mbed TLS functions.
|
||||
*
|
||||
* \note mutex_init() and mutex_free() don't return a status code.
|
||||
* If mutex_init() fails, it should leave its argument (the
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
*/
|
||||
/*
|
||||
* This set of compile-time defines and run-time variables can be used to
|
||||
* determine the version number of the mbed TLS library used.
|
||||
* determine the version number of the Mbed TLS library used.
|
||||
*/
|
||||
#ifndef MBEDTLS_VERSION_H
|
||||
#define MBEDTLS_VERSION_H
|
||||
|
@ -38,16 +38,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 28
|
||||
#define MBEDTLS_VERSION_PATCH 4
|
||||
#define MBEDTLS_VERSION_PATCH 5
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0400
|
||||
#define MBEDTLS_VERSION_STRING "2.28.4"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.4"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x021C0500
|
||||
#define MBEDTLS_VERSION_STRING "2.28.5"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.5"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
@ -72,9 +72,9 @@ unsigned int mbedtls_version_get_number(void);
|
|||
void mbedtls_version_get_string(char *string);
|
||||
|
||||
/**
|
||||
* Get the full version string ("mbed TLS x.y.z").
|
||||
* Get the full version string ("Mbed TLS x.y.z").
|
||||
*
|
||||
* \param string The string that will receive the value. The mbed TLS version
|
||||
* \param string The string that will receive the value. The Mbed TLS version
|
||||
* string will use 18 bytes AT MOST including a terminating
|
||||
* null byte.
|
||||
* (So the buffer should be at least 18 bytes to receive this
|
||||
|
@ -84,12 +84,12 @@ void mbedtls_version_get_string_full(char *string);
|
|||
|
||||
/**
|
||||
* \brief Check if support for a feature was compiled into this
|
||||
* mbed TLS binary. This allows you to see at runtime if the
|
||||
* Mbed TLS binary. This allows you to see at runtime if the
|
||||
* library was for instance compiled with or without
|
||||
* Multi-threading support.
|
||||
*
|
||||
* \note only checks against defines in the sections "System
|
||||
* support", "mbed TLS modules" and "mbed TLS feature
|
||||
* support", "Mbed TLS modules" and "Mbed TLS feature
|
||||
* support" in config.h
|
||||
*
|
||||
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
|
||||
|
|
|
@ -361,7 +361,8 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
|
|||
mbedtls_asn1_named_data *first);
|
||||
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
unsigned char *sig, size_t size);
|
||||
unsigned char *sig, size_t size,
|
||||
mbedtls_pk_type_t pk_alg);
|
||||
|
||||
#define MBEDTLS_X509_SAFE_SNPRINTF \
|
||||
do { \
|
||||
|
|
|
@ -914,7 +914,7 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *
|
|||
* \brief Set the issuer name for a Certificate
|
||||
* Issuer names should contain a comma-separated list
|
||||
* of OID types and values:
|
||||
* e.g. "C=UK,O=ARM,CN=mbed TLS CA"
|
||||
* e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
|
||||
*
|
||||
* \param ctx CRT context to use
|
||||
* \param issuer_name issuer name to set
|
||||
|
@ -929,7 +929,7 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
|
|||
* \brief Set the subject name for a Certificate
|
||||
* Subject names should contain a comma-separated list
|
||||
* of OID types and values:
|
||||
* e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
|
||||
* e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
|
||||
*
|
||||
* \param ctx CRT context to use
|
||||
* \param subject_name subject name to set
|
||||
|
|
|
@ -171,7 +171,7 @@ void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx);
|
|||
* \brief Set the subject name for a CSR
|
||||
* Subject names should contain a comma-separated list
|
||||
* of OID types and values:
|
||||
* e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
|
||||
* e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
|
||||
*
|
||||
* \param ctx CSR context to use
|
||||
* \param subject_name subject name to set
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
/*
|
||||
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
|
||||
*
|
||||
* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
|
||||
* https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf
|
||||
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
||||
*/
|
||||
|
||||
|
@ -50,7 +50,7 @@
|
|||
#define AES_VALIDATE(cond) \
|
||||
MBEDTLS_INTERNAL_VALIDATE(cond)
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
static int aes_padlock_ace = -1;
|
||||
#endif
|
||||
|
||||
|
@ -548,7 +548,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
|
|||
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
|
||||
* i.e. an offset of 1 means 4 bytes and so on.
|
||||
*/
|
||||
#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) || \
|
||||
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
|
||||
#define MAY_NEED_TO_ALIGN
|
||||
#endif
|
||||
|
@ -560,7 +560,7 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
|
|||
#if defined(MAY_NEED_TO_ALIGN)
|
||||
int align_16_bytes = 0;
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace == -1) {
|
||||
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
|
||||
}
|
||||
|
@ -1076,7 +1076,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace) {
|
||||
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
|
||||
}
|
||||
|
@ -1115,7 +1115,7 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
|
|||
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (aes_padlock_ace) {
|
||||
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
|
||||
return 0;
|
||||
|
@ -1875,7 +1875,7 @@ int mbedtls_aes_self_test(int verbose)
|
|||
#if defined(MBEDTLS_AES_ALT)
|
||||
mbedtls_printf(" AES note: alternative implementation.\n");
|
||||
#else /* MBEDTLS_AES_ALT */
|
||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
|
||||
mbedtls_printf(" AES note: using VIA Padlock.\n");
|
||||
} else
|
||||
|
|
|
@ -194,15 +194,24 @@ int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start,
|
|||
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
size_t par_len)
|
||||
{
|
||||
return mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, par_len, 1);
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
size_t par_len, int has_par)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len = 0;
|
||||
|
||||
if (has_par) {
|
||||
if (par_len == 0) {
|
||||
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
|
||||
} else {
|
||||
len += par_len;
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
|
||||
|
||||
|
|
|
@ -2121,8 +2121,9 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
* and squarings. Firstly, when multiplying by an element of the window
|
||||
* W[i], we do a constant-trace table lookup to obfuscate i. This leaves
|
||||
* squarings as having a different memory access patterns from other
|
||||
* multiplications. So secondly, we put the accumulator X in the table as
|
||||
* well, and also do a constant-trace table lookup to multiply by X.
|
||||
* multiplications. So secondly, we put the accumulator in the table as
|
||||
* well, and also do a constant-trace table lookup to multiply by the
|
||||
* accumulator which is W[x_index].
|
||||
*
|
||||
* This way, all multiplications take the form of a lookup-and-multiply.
|
||||
* The number of lookup-and-multiply operations inside each iteration of
|
||||
|
@ -2135,19 +2136,16 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
* observe both memory accesses and branches. However, branch prediction
|
||||
* exploitation typically requires many traces of execution over the same
|
||||
* data, which is defeated by randomized blinding.
|
||||
*
|
||||
* To achieve this, we make a copy of X and we use the table entry in each
|
||||
* calculation from this point on.
|
||||
*/
|
||||
const size_t x_index = 0;
|
||||
mbedtls_mpi_init(&W[x_index]);
|
||||
mbedtls_mpi_copy(&W[x_index], X);
|
||||
|
||||
j = N->n + 1;
|
||||
/* All W[i] and X must have at least N->n limbs for the mpi_montmul()
|
||||
* and mpi_montred() calls later. Here we ensure that W[1] and X are
|
||||
* large enough, and later we'll grow other W[i] to the same length.
|
||||
* They must not be shrunk midway through this function!
|
||||
/* All W[i] including the accumulator must have at least N->n limbs for
|
||||
* the mpi_montmul() and mpi_montred() calls later. Here we ensure that
|
||||
* W[1] and the accumulator W[x_index] are large enough. later we'll grow
|
||||
* other W[i] to the same length. They must not be shrunk midway through
|
||||
* this function!
|
||||
*/
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j));
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j));
|
||||
|
@ -2328,7 +2326,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
/*
|
||||
* Load the result in the output variable.
|
||||
*/
|
||||
mbedtls_mpi_copy(X, &W[x_index]);
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index]));
|
||||
|
||||
cleanup:
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -362,7 +363,6 @@ int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char check_tag[16];
|
||||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
CCM_VALIDATE_RET(ctx != NULL);
|
||||
|
@ -379,9 +379,7 @@ int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
|
|||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for (diff = 0, i = 0; i < tag_len; i++) {
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
}
|
||||
diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
|
||||
|
||||
if (diff != 0) {
|
||||
mbedtls_platform_zeroize(output, length);
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#include "mbedtls/chachapoly.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -337,7 +338,6 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char check_tag[16];
|
||||
size_t i;
|
||||
int diff;
|
||||
CHACHAPOLY_VALIDATE_RET(ctx != NULL);
|
||||
CHACHAPOLY_VALIDATE_RET(nonce != NULL);
|
||||
|
@ -353,9 +353,7 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
|
|||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
}
|
||||
diff = mbedtls_ct_memcmp(tag, check_tag, sizeof(check_tag));
|
||||
|
||||
if (diff != 0) {
|
||||
mbedtls_platform_zeroize(output, length);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file cipher.c
|
||||
*
|
||||
* \brief Generic cipher wrapper for mbed TLS
|
||||
* \brief Generic cipher wrapper for Mbed TLS
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
|
@ -30,6 +30,7 @@
|
|||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
#include "constant_time_internal.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -748,17 +749,17 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len,
|
|||
*data_len = input_len - padding_len;
|
||||
|
||||
/* Avoid logical || since it results in a branch */
|
||||
bad |= padding_len > input_len;
|
||||
bad |= padding_len == 0;
|
||||
bad |= ~mbedtls_ct_size_mask_ge(input_len, padding_len);
|
||||
bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
|
||||
|
||||
/* The number of bytes checked must be independent of padding_len,
|
||||
* so pick input_len, which is usually 8 or 16 (one block) */
|
||||
pad_idx = input_len - padding_len;
|
||||
for (i = 0; i < input_len; i++) {
|
||||
bad |= (input[i] ^ padding_len) * (i >= pad_idx);
|
||||
size_t mask = mbedtls_ct_size_mask_ge(i, pad_idx);
|
||||
bad |= (input[i] ^ padding_len) & mask;
|
||||
}
|
||||
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
|
||||
return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
|
||||
|
||||
|
@ -781,24 +782,29 @@ static void add_one_and_zeros_padding(unsigned char *output,
|
|||
static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
|
||||
size_t *data_len)
|
||||
{
|
||||
size_t i;
|
||||
unsigned char done = 0, prev_done, bad;
|
||||
unsigned int bad = 1;
|
||||
|
||||
if (NULL == input || NULL == data_len) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
bad = 0x80;
|
||||
*data_len = 0;
|
||||
for (i = input_len; i > 0; i--) {
|
||||
prev_done = done;
|
||||
done |= (input[i - 1] != 0);
|
||||
*data_len |= (i - 1) * (done != prev_done);
|
||||
bad ^= input[i - 1] * (done != prev_done);
|
||||
size_t in_padding = ~0;
|
||||
|
||||
for (ptrdiff_t i = (ptrdiff_t) (input_len) - 1; i >= 0; i--) {
|
||||
size_t is_nonzero = mbedtls_ct_uint_mask(input[i]);
|
||||
|
||||
size_t hit_first_nonzero = is_nonzero & in_padding;
|
||||
|
||||
*data_len = (*data_len & ~hit_first_nonzero) | ((size_t) i & hit_first_nonzero);
|
||||
|
||||
bad = mbedtls_ct_uint_if((unsigned int) hit_first_nonzero,
|
||||
!mbedtls_ct_size_bool_eq(input[i], 0x80), bad);
|
||||
|
||||
in_padding = in_padding & ~is_nonzero;
|
||||
}
|
||||
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
|
||||
|
||||
return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
|
||||
|
||||
|
@ -832,16 +838,17 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
|
|||
*data_len = input_len - padding_len;
|
||||
|
||||
/* Avoid logical || since it results in a branch */
|
||||
bad |= padding_len > input_len;
|
||||
bad |= padding_len == 0;
|
||||
bad |= mbedtls_ct_size_mask_ge(padding_len, input_len + 1);
|
||||
bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
|
||||
|
||||
/* The number of bytes checked must be independent of padding_len */
|
||||
pad_idx = input_len - padding_len;
|
||||
for (i = 0; i < input_len - 1; i++) {
|
||||
bad |= input[i] * (i >= pad_idx);
|
||||
size_t mask = mbedtls_ct_size_mask_ge(i, pad_idx);
|
||||
bad |= input[i] & mask;
|
||||
}
|
||||
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
|
||||
return -(int) mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
|
||||
|
||||
|
@ -872,8 +879,9 @@ static int get_zeros_padding(unsigned char *input, size_t input_len,
|
|||
*data_len = 0;
|
||||
for (i = input_len; i > 0; i--) {
|
||||
prev_done = done;
|
||||
done |= (input[i-1] != 0);
|
||||
*data_len |= i * (done != prev_done);
|
||||
done |= !mbedtls_ct_size_bool_eq(input[i-1], 0);
|
||||
size_t mask = mbedtls_ct_size_mask(done ^ prev_done);
|
||||
*data_len |= i & mask;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file cipher_wrap.c
|
||||
*
|
||||
* \brief Generic cipher wrapper for mbed TLS
|
||||
* \brief Generic cipher wrapper for Mbed TLS
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
|
|
|
@ -80,7 +80,8 @@ unsigned mbedtls_ct_uint_mask(unsigned value)
|
|||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || \
|
||||
defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
||||
size_t mbedtls_ct_size_mask(size_t value)
|
||||
{
|
||||
|
@ -96,7 +97,8 @@ size_t mbedtls_ct_size_mask(size_t value)
|
|||
#endif
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
|
||||
#endif /* defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) || defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) ||
|
||||
defined(MBEDTLS_NIST_KW_C) || defined(MBEDTLS_CIPHER_MODE_CBC) */
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
|
||||
|
@ -116,7 +118,8 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value)
|
|||
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) || \
|
||||
defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
||||
/** Constant-flow mask generation for "less than" comparison:
|
||||
* - if \p x < \p y, return all-bits 1, that is (size_t) -1
|
||||
|
@ -151,7 +154,8 @@ size_t mbedtls_ct_size_mask_ge(size_t x,
|
|||
return ~mbedtls_ct_size_mask_lt(x, y);
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
|
||||
#endif /* defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) || defined(MBEDTLS_NIST_KW_C) ||
|
||||
defined(MBEDTLS_CIPHER_MODE_CBC) */
|
||||
|
||||
#if defined(MBEDTLS_BASE64_C)
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
/*
|
||||
* The NIST SP 800-90 DRBGs are described in the following publication.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
|
||||
* https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90r.pdf
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
|
|
|
@ -240,6 +240,19 @@ cleanup:
|
|||
}
|
||||
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
|
||||
|
||||
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
|
||||
{
|
||||
switch (gid) {
|
||||
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
case MBEDTLS_ECP_DP_CURVE25519: return 0;
|
||||
#endif
|
||||
#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
case MBEDTLS_ECP_DP_CURVE448: return 0;
|
||||
#endif
|
||||
default: return 1;
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
|
||||
/*
|
||||
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
|
||||
|
@ -366,7 +379,7 @@ modn:
|
|||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
|
||||
mbedtls_mpi_copy(r, pr);
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -379,19 +392,6 @@ cleanup:
|
|||
return ret;
|
||||
}
|
||||
|
||||
int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
|
||||
{
|
||||
switch (gid) {
|
||||
#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
case MBEDTLS_ECP_DP_CURVE25519: return 0;
|
||||
#endif
|
||||
#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
case MBEDTLS_ECP_DP_CURVE448: return 0;
|
||||
#endif
|
||||
default: return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute ECDSA signature of a hashed message
|
||||
*/
|
||||
|
@ -457,7 +457,7 @@ static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
|
|||
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len));
|
||||
MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len));
|
||||
mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
|
||||
MBEDTLS_MPI_CHK(mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len));
|
||||
|
||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
if (rs_ctx != NULL && rs_ctx->det != NULL) {
|
||||
|
|
|
@ -1060,7 +1060,7 @@ int mbedtls_ecjpake_self_test(int verbose)
|
|||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||
/* 'reference handshake' tests can only be run against implementations
|
||||
* for which we have 100% control over how the random ephemeral keys
|
||||
* are generated. This is only the case for the internal mbed TLS
|
||||
* are generated. This is only the case for the internal Mbed TLS
|
||||
* implementation, so these tests are skipped in case the internal
|
||||
* implementation is swapped out for an alternative one. */
|
||||
if (verbose != 0) {
|
||||
|
|
|
@ -166,7 +166,7 @@ static int ecp_drbg_seed(ecp_drbg_context *ctx,
|
|||
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
|
||||
/* The list starts with strong hashes */
|
||||
const mbedtls_md_type_t md_type =
|
||||
(const mbedtls_md_type_t) (mbedtls_md_list()[0]);
|
||||
(mbedtls_md_type_t) (mbedtls_md_list()[0]);
|
||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
|
||||
|
||||
if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
|
||||
|
|
|
@ -518,6 +518,8 @@ const char *mbedtls_high_level_strerr(int error_code)
|
|||
return( "SSL - A cryptographic operation is in progress. Try again later" );
|
||||
case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
|
||||
return( "SSL - Invalid value in SSL config" );
|
||||
case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND):
|
||||
return( "SSL - Cache entry not found" );
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -478,7 +479,6 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char check_tag[16];
|
||||
size_t i;
|
||||
int diff;
|
||||
|
||||
GCM_VALIDATE_RET(ctx != NULL);
|
||||
|
@ -495,9 +495,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
|
|||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for (diff = 0, i = 0; i < tag_len; i++) {
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
}
|
||||
diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
|
||||
|
||||
if (diff != 0) {
|
||||
mbedtls_platform_zeroize(output, length);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file md.c
|
||||
*
|
||||
* \brief Generic message digest wrapper for mbed TLS
|
||||
* \brief Generic message digest wrapper for Mbed TLS
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
#include "constant_time_internal.h"
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
@ -335,7 +336,7 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
|
|||
int ret = 0;
|
||||
size_t i, olen;
|
||||
unsigned char A[KW_SEMIBLOCK_LENGTH];
|
||||
unsigned char diff, bad_padding = 0;
|
||||
unsigned char diff;
|
||||
|
||||
*out_len = 0;
|
||||
if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
|
||||
|
@ -420,18 +421,13 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
|
|||
* larger than 8, because of the type wrap around.
|
||||
*/
|
||||
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
|
||||
if (padlen > 7) {
|
||||
ret = -(int) mbedtls_ct_uint_if(padlen & ~7, -MBEDTLS_ERR_CIPHER_AUTH_FAILED, -ret);
|
||||
padlen &= 7;
|
||||
ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
|
||||
}
|
||||
|
||||
/* Check padding in "constant-time" */
|
||||
for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
|
||||
if (i >= KW_SEMIBLOCK_LENGTH - padlen) {
|
||||
diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
|
||||
} else {
|
||||
bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
|
||||
}
|
||||
size_t mask = mbedtls_ct_size_mask_ge(i, KW_SEMIBLOCK_LENGTH - padlen);
|
||||
diff |= (unsigned char) (mask & output[*out_len - KW_SEMIBLOCK_LENGTH + i]);
|
||||
}
|
||||
|
||||
if (diff != 0) {
|
||||
|
@ -454,7 +450,6 @@ cleanup:
|
|||
*out_len = 0;
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding));
|
||||
mbedtls_platform_zeroize(&diff, sizeof(diff));
|
||||
mbedtls_platform_zeroize(A, sizeof(A));
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
#endif
|
||||
/* *INDENT-ON* */
|
||||
|
||||
#if defined(MBEDTLS_HAVE_X86)
|
||||
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
|
||||
|
||||
/*
|
||||
* PadLock detection routine
|
||||
|
@ -161,6 +161,6 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_HAVE_X86 */
|
||||
#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
|
||||
|
||||
#endif /* MBEDTLS_PADLOCK_C */
|
||||
|
|
|
@ -172,18 +172,46 @@ exit:
|
|||
#endif /* MBEDTLS_ARC4_C */
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t len,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len);
|
||||
#endif
|
||||
|
||||
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t len,
|
||||
unsigned char *output)
|
||||
{
|
||||
size_t output_len = 0;
|
||||
|
||||
/* We assume caller of the function is providing a big enough output buffer
|
||||
* so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
|
||||
* for the output size actually being correct.
|
||||
*/
|
||||
return mbedtls_pkcs12_pbe_ext(pbe_params, mode, cipher_type, md_type,
|
||||
pwd, pwdlen, data, len, output, SIZE_MAX,
|
||||
&output_len);
|
||||
}
|
||||
|
||||
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t len,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len)
|
||||
{
|
||||
int ret, keylen = 0;
|
||||
unsigned char key[32];
|
||||
unsigned char iv[16];
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
mbedtls_cipher_context_t cipher_ctx;
|
||||
size_t olen = 0;
|
||||
size_t finish_olen = 0;
|
||||
unsigned int padlen = 0;
|
||||
|
||||
if (pwd == NULL && pwdlen != 0) {
|
||||
return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
|
||||
|
@ -196,6 +224,19 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
|
||||
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
||||
if (output_size < len) {
|
||||
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
|
||||
}
|
||||
}
|
||||
|
||||
if (mode == MBEDTLS_PKCS12_PBE_ENCRYPT) {
|
||||
padlen = cipher_info->block_size - (len % cipher_info->block_size);
|
||||
if (output_size < (len + padlen)) {
|
||||
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
|
||||
}
|
||||
}
|
||||
|
||||
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
|
||||
key, keylen,
|
||||
iv, cipher_info->iv_size)) != 0) {
|
||||
|
@ -214,6 +255,25 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/* PKCS12 uses CBC with PKCS7 padding */
|
||||
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
#endif
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
@ -223,14 +283,16 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
|
||||
output, &olen)) != 0) {
|
||||
output, output_len)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) {
|
||||
if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + (*output_len), &finish_olen)) != 0) {
|
||||
ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
|
||||
}
|
||||
|
||||
*output_len += finish_olen;
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize(key, sizeof(key));
|
||||
mbedtls_platform_zeroize(iv, sizeof(iv));
|
||||
|
|
|
@ -44,6 +44,7 @@
|
|||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
|
||||
mbedtls_asn1_buf *salt, int *iterations,
|
||||
|
@ -109,10 +110,34 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len);
|
||||
#endif
|
||||
|
||||
int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output)
|
||||
{
|
||||
size_t output_len = 0;
|
||||
|
||||
/* We assume caller of the function is providing a big enough output buffer
|
||||
* so we pass output_size as SIZE_MAX to pass checks, However, no guarantees
|
||||
* for the output size actually being correct.
|
||||
*/
|
||||
return mbedtls_pkcs5_pbes2_ext(pbe_params, mode, pwd, pwdlen, data,
|
||||
datalen, output, SIZE_MAX, &output_len);
|
||||
}
|
||||
|
||||
int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_len)
|
||||
{
|
||||
int ret, iterations = 0, keylen = 0;
|
||||
unsigned char *p, *end;
|
||||
|
@ -120,12 +145,12 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
mbedtls_asn1_buf salt;
|
||||
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
|
||||
unsigned char key[32], iv[32];
|
||||
size_t olen = 0;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
mbedtls_cipher_type_t cipher_alg;
|
||||
mbedtls_cipher_context_t cipher_ctx;
|
||||
unsigned int padlen = 0;
|
||||
|
||||
p = pbe_params->p;
|
||||
end = p + pbe_params->len;
|
||||
|
@ -188,7 +213,21 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
|
||||
}
|
||||
|
||||
if (mode == MBEDTLS_PKCS5_DECRYPT) {
|
||||
if (output_size < datalen) {
|
||||
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
|
||||
}
|
||||
}
|
||||
|
||||
if (mode == MBEDTLS_PKCS5_ENCRYPT) {
|
||||
padlen = cipher_info->block_size - (datalen % cipher_info->block_size);
|
||||
if (output_size < (datalen + padlen)) {
|
||||
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_md_init(&md_ctx);
|
||||
|
||||
mbedtls_cipher_init(&cipher_ctx);
|
||||
|
||||
memcpy(iv, enc_scheme_params.p, enc_scheme_params.len);
|
||||
|
@ -211,8 +250,28 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
||||
* "PKCS5 padding" except that it's typically only called PKCS5
|
||||
* with 64-bit-block ciphers).
|
||||
*/
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
#endif
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
|
||||
data, datalen, output, &olen)) != 0) {
|
||||
data, datalen, output, output_len)) != 0) {
|
||||
ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
|
||||
}
|
||||
|
||||
|
|
|
@ -1351,7 +1351,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t ilen, i, pad_len;
|
||||
unsigned char *p, bad, pad_done;
|
||||
unsigned char *p, pad_done;
|
||||
int bad;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned int hlen;
|
||||
|
@ -1439,9 +1440,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
|
|||
p += hlen; /* Skip seed */
|
||||
|
||||
/* Check lHash */
|
||||
for (i = 0; i < hlen; i++) {
|
||||
bad |= lhash[i] ^ *p++;
|
||||
}
|
||||
bad |= mbedtls_ct_memcmp(lhash, p, hlen);
|
||||
p += hlen;
|
||||
|
||||
/* Get zero-padding len, but always read till end of buffer
|
||||
* (minus one, for the 01 byte) */
|
||||
|
|
|
@ -126,7 +126,7 @@ int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N,
|
|||
}
|
||||
|
||||
for (; attempt < num_primes; ++attempt) {
|
||||
mbedtls_mpi_lset(&K, primes[attempt]);
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt]));
|
||||
|
||||
/* Check if gcd(K,N) = 1 */
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
#include "mbedtls/ssl_cache.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
@ -46,7 +47,7 @@ void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
|
|||
|
||||
int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
|
||||
{
|
||||
int ret = 1;
|
||||
int ret = MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
mbedtls_time_t t = mbedtls_time(NULL);
|
||||
#endif
|
||||
|
@ -54,8 +55,8 @@ int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
|
|||
mbedtls_ssl_cache_entry *cur, *entry;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if (mbedtls_mutex_lock(&cache->mutex) != 0) {
|
||||
return 1;
|
||||
if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -81,7 +82,6 @@ int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
|
|||
|
||||
ret = mbedtls_ssl_session_copy(session, &entry->session);
|
||||
if (ret != 0) {
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -97,16 +97,15 @@ int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
|
|||
|
||||
if ((session->peer_cert = mbedtls_calloc(1,
|
||||
sizeof(mbedtls_x509_crt))) == NULL) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_x509_crt_init(session->peer_cert);
|
||||
if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
|
||||
entry->peer_cert.len) != 0) {
|
||||
if ((ret = mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p,
|
||||
entry->peer_cert.len)) != 0) {
|
||||
mbedtls_free(session->peer_cert);
|
||||
session->peer_cert = NULL;
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -119,7 +118,7 @@ int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session)
|
|||
exit:
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -128,7 +127,7 @@ exit:
|
|||
|
||||
int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
||||
{
|
||||
int ret = 1;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
|
||||
mbedtls_ssl_cache_entry *old = NULL;
|
||||
|
@ -179,7 +178,9 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
*/
|
||||
if (count >= cache->max_entries) {
|
||||
if (old == NULL) {
|
||||
ret = 1;
|
||||
/* This should only happen on an ill-configured cache
|
||||
* with max_entries == 0. */
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -192,7 +193,7 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
*/
|
||||
if (count >= cache->max_entries) {
|
||||
if (cache->chain == NULL) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -208,7 +209,7 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
*/
|
||||
cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
|
||||
if (cur == NULL) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -242,7 +243,6 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
* field anymore in the first place, and we're done after this call. */
|
||||
ret = mbedtls_ssl_session_copy(&cur->session, session);
|
||||
if (ret != 0) {
|
||||
ret = 1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -253,7 +253,7 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
cur->peer_cert.p =
|
||||
mbedtls_calloc(1, cur->session.peer_cert->raw.len);
|
||||
if (cur->peer_cert.p == NULL) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -273,7 +273,7 @@ int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session)
|
|||
exit:
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
|
||||
ret = 1;
|
||||
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file ssl_ciphersuites.c
|
||||
*
|
||||
* \brief SSL ciphersuites for mbed TLS
|
||||
* \brief SSL ciphersuites for Mbed TLS
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
|
|
@ -1149,6 +1149,14 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
if (mode == MBEDTLS_MODE_STREAM) {
|
||||
if (rec->data_len < transform->maclen) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1,
|
||||
("Record too short for MAC:"
|
||||
" %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET,
|
||||
rec->data_len, transform->maclen));
|
||||
return MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||
}
|
||||
|
||||
padlen = 0;
|
||||
if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
|
||||
transform->iv_dec,
|
||||
|
@ -1561,7 +1569,7 @@ hmac_failed_etm_enabled:
|
|||
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
|
||||
|
||||
/* If the initial value of padlen was such that
|
||||
/* For CBC+MAC, If the initial value of padlen was such that
|
||||
* data_len < maclen + padlen + 1, then padlen
|
||||
* got reset to 1, and the initial check
|
||||
* data_len >= minlen + maclen + 1
|
||||
|
@ -1573,6 +1581,9 @@ hmac_failed_etm_enabled:
|
|||
* subtracted either padlen + 1 (if the padding was correct)
|
||||
* or 0 (if the padding was incorrect) since then,
|
||||
* hence data_len >= maclen in any case.
|
||||
*
|
||||
* For stream ciphers, we checked above that
|
||||
* data_len >= maclen.
|
||||
*/
|
||||
rec->data_len -= transform->maclen;
|
||||
ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
|
||||
|
|
|
@ -75,6 +75,12 @@ static const char * const features[] = {
|
|||
#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
|
||||
"MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
|
||||
"MBEDTLS_PLATFORM_GMTIME_R_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
|
||||
"MBEDTLS_PLATFORM_ZEROIZE_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
"MBEDTLS_DEPRECATED_WARNING",
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
|
@ -312,6 +318,9 @@ static const char * const features[] = {
|
|||
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
|
||||
"MBEDTLS_REMOVE_3DES_CIPHERSUITES",
|
||||
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
"MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED",
|
||||
#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
|
@ -576,6 +585,9 @@ static const char * const features[] = {
|
|||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
"MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH",
|
||||
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
|
||||
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
|
||||
"MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE",
|
||||
#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
|
||||
"MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
|
||||
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
|
||||
|
|
|
@ -285,9 +285,11 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
|
|||
|
||||
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
|
||||
const char *oid, size_t oid_len,
|
||||
unsigned char *sig, size_t size)
|
||||
unsigned char *sig, size_t size,
|
||||
mbedtls_pk_type_t pk_alg)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int write_null_par;
|
||||
size_t len = 0;
|
||||
|
||||
if (*p < start || (size_t) (*p - start) < size) {
|
||||
|
@ -310,8 +312,19 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
|
|||
|
||||
// Write OID
|
||||
//
|
||||
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid,
|
||||
oid_len, 0));
|
||||
if (pk_alg == MBEDTLS_PK_ECDSA) {
|
||||
/*
|
||||
* The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
|
||||
* algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
|
||||
* https://www.rfc-editor.org/rfc/rfc5758#section-3.
|
||||
*/
|
||||
write_null_par = 0;
|
||||
} else {
|
||||
write_null_par = 1;
|
||||
}
|
||||
MBEDTLS_ASN1_CHK_ADD(len,
|
||||
mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len,
|
||||
0, write_null_par));
|
||||
|
||||
return (int) len;
|
||||
}
|
||||
|
|
|
@ -1741,6 +1741,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
|
|||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
|
||||
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
other_name->type_id = cur_oid;
|
||||
|
||||
p += len;
|
||||
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
|
||||
|
@ -1829,7 +1830,7 @@ static int x509_info_subject_alt_name(char **buf, size_t *size,
|
|||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
|
||||
&other_name->value.hardware_module_name.oid) != 0) {
|
||||
&other_name->type_id) == 0) {
|
||||
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
ret =
|
||||
|
|
|
@ -342,6 +342,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
|||
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
|
||||
size_t len = 0;
|
||||
mbedtls_pk_type_t pk_alg;
|
||||
int write_sig_null_par;
|
||||
|
||||
/*
|
||||
* Prepare data to be signed at the end of the target buffer
|
||||
|
@ -433,9 +434,20 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
|||
/*
|
||||
* Signature ::= AlgorithmIdentifier
|
||||
*/
|
||||
if (pk_alg == MBEDTLS_PK_ECDSA) {
|
||||
/*
|
||||
* The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
|
||||
* algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
|
||||
* https://www.rfc-editor.org/rfc/rfc5758#section-3.
|
||||
*/
|
||||
write_sig_null_par = 0;
|
||||
} else {
|
||||
write_sig_null_par = 1;
|
||||
}
|
||||
MBEDTLS_ASN1_CHK_ADD(len,
|
||||
mbedtls_asn1_write_algorithm_identifier(&c, buf,
|
||||
sig_oid, strlen(sig_oid), 0));
|
||||
mbedtls_asn1_write_algorithm_identifier_ext(&c, buf,
|
||||
sig_oid, strlen(sig_oid),
|
||||
0, write_sig_null_par));
|
||||
|
||||
/*
|
||||
* Serial ::= INTEGER
|
||||
|
@ -492,8 +504,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
|
|||
* into the CRT buffer. */
|
||||
c2 = buf + size;
|
||||
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
|
||||
sig_oid, sig_oid_len, sig,
|
||||
sig_len));
|
||||
sig_oid, sig_oid_len,
|
||||
sig, sig_len, pk_alg));
|
||||
|
||||
/*
|
||||
* Memory layout after this step:
|
||||
|
|
|
@ -265,7 +265,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
|
|||
c2 = buf + size;
|
||||
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
|
||||
mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
|
||||
sig, sig_len));
|
||||
sig, sig_len, pk_alg));
|
||||
|
||||
/*
|
||||
* Compact the space between the CSR data and signature by moving the
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
diff --git a/thirdparty/mbedtls/include/mbedtls/aesni.h b/thirdparty/mbedtls/include/mbedtls/aesni.h
|
||||
index 6741dead05..6c545bd4a3 100644
|
||||
--- a/thirdparty/mbedtls/include/mbedtls/aesni.h
|
||||
+++ b/thirdparty/mbedtls/include/mbedtls/aesni.h
|
||||
@@ -54,9 +54,10 @@
|
||||
* macros that may change in future releases.
|
||||
*/
|
||||
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
-#if defined(_MSC_VER)
|
||||
+#if defined(_MSC_VER) && (defined(_M_AMD64) || defined(_M_IX86))
|
||||
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
|
||||
- * VS 2013 and up for other reasons anyway, so no need to check the version. */
|
||||
+ * VS 2013 and up for other reasons anyway, so no need to check the version.
|
||||
+ * Only supported on x64 and x86. */
|
||||
#define MBEDTLS_AESNI_HAVE_INTRINSICS
|
||||
#endif
|
||||
/* GCC-like compilers: currently, we only support intrinsics if the requisite
|
Loading…
Reference in New Issue