Update mbedTLS to version 2.8.0
This commit is contained in:
parent
629783f3aa
commit
febec68763
|
@ -254,12 +254,12 @@ Godot build configurations, check them out when updating.
|
|||
## mbedTLS
|
||||
|
||||
- Upstream: https://tls.mbed.org/
|
||||
- Version: 2.7.0
|
||||
- Version: 2.8.0
|
||||
- License: Apache 2.0
|
||||
|
||||
File extracted from upstream release tarball `mbedtls-2.7.0-apache.tgz`:
|
||||
- All `*.h` from `include/mbedtls/` to `thirdparty/include/mbedtls/`
|
||||
- All `*.c` from `library/` to `thirdparty/library/`
|
||||
File extracted from upstream release tarball `mbedtls-2.8.0-apache.tgz`:
|
||||
- All `*.h` from `include/mbedtls/` to `thirdparty/mbedtls/include/mbedtls/`
|
||||
- All `*.c` from `library/` to `thirdparty/mbedtls/library/`
|
||||
|
||||
## minizip
|
||||
|
||||
|
|
|
@ -88,6 +88,21 @@
|
|||
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
||||
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
||||
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||
|
||||
/*
|
||||
* Bit masks for each of the components of an ASN.1 tag as specified in
|
||||
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
|
||||
* paragraph 8.1.2.2:
|
||||
*
|
||||
* Bit 8 7 6 5 1
|
||||
* +-------+-----+------------+
|
||||
* | Class | P/C | Tag number |
|
||||
* +-------+-----+------------+
|
||||
*/
|
||||
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
||||
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup asn1_module */
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to generate in Bytes:
|
||||
* 4, 6, 8, 10, 14 or 16.
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
|
@ -131,10 +131,13 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \param iv_len The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
|
||||
* \param add The additional data field.
|
||||
* \param add_len The length of additional data in Bytes.
|
||||
* Must be less than 2^16 - 2^8.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be at least \p length Bytes wide.
|
||||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag in Bytes.
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
|
|
|
@ -78,6 +78,10 @@
|
|||
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C) && \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
|
||||
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
|
||||
|
|
|
@ -1049,7 +1049,8 @@
|
|||
/**
|
||||
* \def MBEDTLS_RSA_NO_CRT
|
||||
*
|
||||
* Do not use the Chinese Remainder Theorem for the RSA private operation.
|
||||
* Do not use the Chinese Remainder Theorem
|
||||
* for the RSA private operation.
|
||||
*
|
||||
* Uncomment this macro to disable the use of CRT in RSA.
|
||||
*
|
||||
|
@ -1411,6 +1412,30 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
*
|
||||
* Fallback to old (pre-2.7), non-conforming implementation of the truncated
|
||||
* HMAC extension which also truncates the HMAC key. Note that this option is
|
||||
* only meant for a transitory upgrade period and is likely to be removed in
|
||||
* a future version of the library.
|
||||
*
|
||||
* \warning The old implementation is non-compliant and has a security weakness
|
||||
* (2^80 brute force attack on the HMAC key used for a single,
|
||||
* uninterrupted connection). This should only be enabled temporarily
|
||||
* when (1) the use of truncated HMAC is essential in order to save
|
||||
* bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
|
||||
* the fixed implementation yet (pre-2.7).
|
||||
*
|
||||
* \deprecated This option is deprecated and will likely be removed in a
|
||||
* future version of Mbed TLS.
|
||||
*
|
||||
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_TRUNCATED_HMAC
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_THREADING_ALT
|
||||
*
|
||||
|
@ -1517,6 +1542,9 @@
|
|||
*
|
||||
* \note Currently compression can't be used with DTLS.
|
||||
*
|
||||
* \deprecated This feature is deprecated and will be removed
|
||||
* in the next major revision of the library.
|
||||
*
|
||||
* Used in: library/ssl_tls.c
|
||||
* library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
|
|
|
@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
|
|||
* in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
|
||||
* IETF Standards</em>.
|
||||
*/
|
||||
#define MBEDTLS_DHM_RFC5114_MODP_P \
|
||||
#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
|
||||
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
|
||||
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
|
||||
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
|
||||
|
|
|
@ -39,11 +39,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -187,11 +182,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts(
|
||||
mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_md2_starts_ret( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD2 process buffer
|
||||
|
@ -207,13 +198,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_update(
|
||||
mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md2_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD2 final digest
|
||||
|
@ -228,12 +215,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish(
|
||||
mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD2 process data block (internal use only)
|
||||
|
@ -247,11 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2_process(
|
||||
mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_internal_md2_process( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -304,12 +283,9 @@ int mbedtls_md2_ret( const unsigned char *input,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_ret( input, ilen, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -40,11 +40,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -188,11 +183,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts(
|
||||
mbedtls_md4_context *ctx )
|
||||
{
|
||||
mbedtls_md4_starts_ret( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD4 process buffer
|
||||
|
@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_update(
|
||||
mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md4_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD4 final digest
|
||||
|
@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish(
|
||||
mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD4 process data block (internal use only)
|
||||
|
@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4_process(
|
||||
mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md4_process( ctx, data );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -309,12 +288,9 @@ int mbedtls_md4_ret( const unsigned char *input,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_ret( input, ilen, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -43,11 +43,6 @@
|
|||
// Regular implementation
|
||||
//
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -188,11 +183,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts(
|
||||
mbedtls_md5_context *ctx )
|
||||
{
|
||||
mbedtls_md5_starts_ret( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief MD5 process buffer
|
||||
|
@ -208,13 +199,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_update(
|
||||
mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md5_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief MD5 final digest
|
||||
|
@ -229,12 +216,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish(
|
||||
mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] );
|
||||
|
||||
/**
|
||||
* \brief MD5 process data block (internal use only)
|
||||
|
@ -249,12 +232,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5_process(
|
||||
mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md5_process( ctx, data );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -309,12 +288,9 @@ int mbedtls_md5_ret( const unsigned char *input,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_ret( input, ilen, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -228,6 +228,14 @@
|
|||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
*/
|
||||
|
@ -514,6 +522,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
|
|||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate hmac algorithm OID into md_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_hmac place to store message hmac algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/**
|
||||
|
|
|
@ -35,11 +35,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -139,11 +134,8 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
|||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts(
|
||||
mbedtls_ripemd160_context *ctx )
|
||||
{
|
||||
mbedtls_ripemd160_starts_ret( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
|
||||
mbedtls_ripemd160_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process buffer
|
||||
|
@ -154,13 +146,10 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts(
|
|||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update(
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_ripemd160_update_ret( ctx, input, ilen );
|
||||
}
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 final digest
|
||||
|
@ -170,12 +159,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update(
|
|||
* \param ctx RIPEMD-160 context
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish(
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_finish_ret( ctx, output );
|
||||
}
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief RIPEMD-160 process data block (internal use only)
|
||||
|
@ -185,12 +171,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish(
|
|||
* \param ctx RIPEMD-160 context
|
||||
* \param data buffer holding one block of data
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process(
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
|
||||
mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_ripemd160_process( ctx, data );
|
||||
}
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -235,13 +218,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input,
|
|||
* \param ilen length of the input data
|
||||
* \param output RIPEMD-160 checksum result
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_ret( input, ilen, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -518,6 +518,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
*
|
||||
* \note The input and output buffers must be large
|
||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note Blinding is used if and only if a PRNG is provided.
|
||||
*
|
||||
* \note If blinding is used, both the base of exponentation
|
||||
* and the exponent are blinded, providing protection
|
||||
* against some side-channel attacks.
|
||||
*
|
||||
* \warning It is deprecated and a security risk to not provide
|
||||
* a PRNG here and thereby prevent the use of blinding.
|
||||
* Future versions of the library may enforce the presence
|
||||
* of a PRNG.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
|
|
@ -39,11 +39,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -190,11 +185,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
|
||||
mbedtls_sha1_context *ctx )
|
||||
{
|
||||
mbedtls_sha1_starts_ret( ctx );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process buffer
|
||||
|
@ -210,13 +201,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
|
||||
mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha1_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 final digest
|
||||
|
@ -231,12 +218,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
|
||||
mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] );
|
||||
|
||||
/**
|
||||
* \brief SHA-1 process data block (internal use only)
|
||||
|
@ -251,12 +234,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish(
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process(
|
||||
mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha1_process( ctx, data );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -317,12 +296,9 @@ int mbedtls_sha1_ret( const unsigned char *input,
|
|||
* stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_ret( input, ilen, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -35,10 +35,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -156,12 +152,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
|
||||
mbedtls_sha256_context *ctx,
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_starts_ret( ctx, is224 );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
|
@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
|
|||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
|
||||
mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha256_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
|
@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
|
|||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224or SHA-256 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
|
||||
mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] )
|
||||
{
|
||||
mbedtls_sha256_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
|
@ -207,12 +191,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
|
|||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process(
|
||||
mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha256_process( ctx, data );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -276,14 +256,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||
* <ul><li>0: Use SHA-256.</li>
|
||||
* <li>1: Use SHA-224.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha256(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_ret( input, ilen, output, is224 );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -35,10 +35,6 @@
|
|||
|
||||
#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
#if !defined(MBEDTLS_SHA512_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
@ -156,12 +152,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts(
|
||||
mbedtls_sha512_context *ctx,
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_starts_ret( ctx, is384 );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
|
@ -173,13 +165,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts(
|
|||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha512_update_ret( ctx, input, ilen );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the SHA-512 operation, and writes
|
||||
|
@ -190,12 +178,8 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update(
|
|||
* \param ctx The SHA-512 context.
|
||||
* \param output The SHA-384 or SHA-512 checksum result.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish(
|
||||
mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] )
|
||||
{
|
||||
mbedtls_sha512_finish_ret( ctx, output );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief This function processes a single data block within
|
||||
|
@ -207,12 +191,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish(
|
|||
* \param ctx The SHA-512 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process(
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512_process(
|
||||
mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] )
|
||||
{
|
||||
mbedtls_internal_sha512_process( ctx, data );
|
||||
}
|
||||
const unsigned char data[128] );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
@ -278,14 +259,10 @@ int mbedtls_sha512_ret( const unsigned char *input,
|
|||
* <ul><li>0: Use SHA-512.</li>
|
||||
* <li>1: Use SHA-384.</li></ul>
|
||||
*/
|
||||
MBEDTLS_DEPRECATED static inline void mbedtls_sha512(
|
||||
const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_ret( input, ilen, output, is384 );
|
||||
}
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 );
|
||||
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -49,6 +49,15 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
|
||||
#endif
|
||||
|
||||
#include "zlib.h"
|
||||
#endif
|
||||
|
||||
|
@ -971,8 +980,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
|
|||
* \note No copy of the configuration context is made, it can be
|
||||
* shared by many mbedtls_ssl_context structures.
|
||||
*
|
||||
* \warning Modifying the conf structure after it has been used in this
|
||||
* function is unsupported!
|
||||
* \warning The conf structure will be accessed during the session.
|
||||
* It must not be modified or freed as long as the session
|
||||
* is active.
|
||||
*
|
||||
* \warning This function must be called exactly once per context.
|
||||
* Calling mbedtls_ssl_setup again is not supported, even
|
||||
* if no session is active.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration to use
|
||||
|
|
|
@ -71,6 +71,9 @@
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
/* Determine maximum supported version */
|
||||
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 7
|
||||
#define MBEDTLS_VERSION_MINOR 8
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
|
@ -47,9 +47,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02070000
|
||||
#define MBEDTLS_VERSION_STRING "2.7.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02080000
|
||||
#define MBEDTLS_VERSION_STRING "2.8.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -765,12 +765,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_encrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block decryption
|
||||
|
@ -831,12 +833,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block encryption/decryption
|
||||
|
|
|
@ -1623,7 +1623,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
|
||||
int neg;
|
||||
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* The NIST SP 800-90 DRBGs are described in the following publucation.
|
||||
* The NIST SP 800-90 DRBGs are described in the following publication.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
|
||||
*/
|
||||
|
|
|
@ -91,7 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||
|
||||
va_start( argp, format );
|
||||
#if defined(_WIN32)
|
||||
#if defined(_TRUNCATE)
|
||||
#if defined(_TRUNCATE) && !defined(__MINGW32__)
|
||||
ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
|
||||
#else
|
||||
ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
|
||||
|
|
|
@ -54,41 +54,28 @@
|
|||
#define _WIN32_WINNT 0x0400
|
||||
#endif
|
||||
#include <windows.h>
|
||||
#include <bcrypt.h>
|
||||
#if _MSC_VER <= 1600
|
||||
/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and <intsafe.h> are included, as they
|
||||
* redefine a number of <TYPE>_MAX constants. These constants are guaranteed to be the same, though, so
|
||||
* we suppress the warning when including intsafe.h.
|
||||
*/
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4005 )
|
||||
#endif
|
||||
#include <intsafe.h>
|
||||
#if _MSC_VER <= 1600
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
#include <wincrypt.h>
|
||||
|
||||
int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
|
||||
size_t *olen )
|
||||
{
|
||||
ULONG len_as_ulong = 0;
|
||||
HCRYPTPROV provider;
|
||||
((void) data);
|
||||
*olen = 0;
|
||||
|
||||
/*
|
||||
* BCryptGenRandom takes ULONG for size, which is smaller than size_t on 64-bit platforms.
|
||||
* Ensure len's value can be safely converted into a ULONG.
|
||||
*/
|
||||
if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) )
|
||||
if( CryptAcquireContext( &provider, NULL, NULL,
|
||||
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
|
||||
{
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
}
|
||||
|
||||
if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) )
|
||||
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
|
||||
{
|
||||
CryptReleaseContext( provider, 0 );
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
}
|
||||
|
||||
CryptReleaseContext( provider, 0 );
|
||||
*olen = len;
|
||||
|
||||
return( 0 );
|
||||
|
|
|
@ -115,6 +115,13 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md2_starts( mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_md2_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD2_PROCESS_ALT)
|
||||
int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
|
||||
{
|
||||
|
@ -151,6 +158,13 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md2_process( mbedtls_md2_context *ctx )
|
||||
{
|
||||
mbedtls_internal_md2_process( ctx );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_MD2_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -187,6 +201,15 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md2_update( mbedtls_md2_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md2_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* MD2 final digest
|
||||
*/
|
||||
|
@ -214,6 +237,14 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md2_finish( mbedtls_md2_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_MD2_ALT */
|
||||
|
||||
/*
|
||||
|
@ -243,6 +274,15 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md2( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md2_ret( input, ilen, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
|
|
@ -111,6 +111,13 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md4_starts( mbedtls_md4_context *ctx )
|
||||
{
|
||||
mbedtls_md4_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD4_PROCESS_ALT)
|
||||
int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
|
@ -217,6 +224,14 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md4_process( mbedtls_md4_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md4_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_MD4_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -273,6 +288,15 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md4_update( mbedtls_md4_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md4_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char md4_padding[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -318,6 +342,14 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md4_finish( mbedtls_md4_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_MD4_ALT */
|
||||
|
||||
/*
|
||||
|
@ -347,6 +379,15 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md4( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md4_ret( input, ilen, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
|
|
@ -110,6 +110,13 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md5_starts( mbedtls_md5_context *ctx )
|
||||
{
|
||||
mbedtls_md5_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
|
||||
int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
|
@ -236,6 +243,14 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md5_process( mbedtls_md5_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_md5_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -289,6 +304,15 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md5_update( mbedtls_md5_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_md5_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char md5_padding[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -332,6 +356,14 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md5_finish( mbedtls_md5_context *ctx,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_MD5_ALT */
|
||||
|
||||
/*
|
||||
|
@ -361,6 +393,15 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_md5( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_md5_ret( input, ilen, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* RFC 1321 test vectors
|
||||
|
|
|
@ -113,7 +113,7 @@ static void debug_header( memory_header *hdr )
|
|||
#endif
|
||||
}
|
||||
|
||||
static void debug_chain()
|
||||
static void debug_chain( void )
|
||||
{
|
||||
memory_header *cur = heap.first;
|
||||
|
||||
|
@ -180,11 +180,11 @@ static int verify_header( memory_header *hdr )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
static int verify_chain()
|
||||
static int verify_chain( void )
|
||||
{
|
||||
memory_header *prv = heap.first, *cur = heap.first->next;
|
||||
memory_header *prv = heap.first, *cur;
|
||||
|
||||
if( verify_header( heap.first ) != 0 )
|
||||
if( prv == NULL || verify_header( prv ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: verification of first header "
|
||||
|
@ -202,6 +202,8 @@ static int verify_chain()
|
|||
return( 1 );
|
||||
}
|
||||
|
||||
cur = heap.first->next;
|
||||
|
||||
while( cur != NULL )
|
||||
{
|
||||
if( verify_header( cur ) != 0 )
|
||||
|
@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
|
|||
|
||||
original_len = len = n * size;
|
||||
|
||||
if( n != 0 && len / n != size )
|
||||
if( n == 0 || size == 0 || len / n != size )
|
||||
return( NULL );
|
||||
else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return( NULL );
|
||||
|
||||
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
|
@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr )
|
|||
if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
|
||||
return;
|
||||
|
||||
if( p < heap.buf || p > heap.buf + heap.len )
|
||||
if( p < heap.buf || p >= heap.buf + heap.len )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
|
||||
|
@ -500,13 +504,13 @@ void mbedtls_memory_buffer_set_verify( int verify )
|
|||
heap.verify = verify;
|
||||
}
|
||||
|
||||
int mbedtls_memory_buffer_alloc_verify()
|
||||
int mbedtls_memory_buffer_alloc_verify( void )
|
||||
{
|
||||
return verify_chain();
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
void mbedtls_memory_buffer_alloc_status()
|
||||
void mbedtls_memory_buffer_alloc_status( void )
|
||||
{
|
||||
mbedtls_fprintf( stderr,
|
||||
"Current use: %zu blocks / %zu bytes, max: %zu blocks / "
|
||||
|
@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
|
|||
|
||||
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
||||
{
|
||||
memset( &heap, 0, sizeof(buffer_alloc_ctx) );
|
||||
memset( buf, 0, len );
|
||||
memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &heap.mutex );
|
||||
|
@ -581,26 +584,30 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
|||
mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
|
||||
#endif
|
||||
|
||||
if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return;
|
||||
else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
{
|
||||
/* Adjust len first since buf is used in the computation */
|
||||
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
}
|
||||
|
||||
memset( buf, 0, len );
|
||||
|
||||
heap.buf = buf;
|
||||
heap.len = len;
|
||||
|
||||
heap.first = (memory_header *) buf;
|
||||
heap.first->size = len - sizeof(memory_header);
|
||||
heap.first = (memory_header *)buf;
|
||||
heap.first->size = len - sizeof( memory_header );
|
||||
heap.first->magic1 = MAGIC1;
|
||||
heap.first->magic2 = MAGIC2;
|
||||
heap.first_free = heap.first;
|
||||
}
|
||||
|
||||
void mbedtls_memory_buffer_alloc_free()
|
||||
void mbedtls_memory_buffer_alloc_free( void )
|
||||
{
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &heap.mutex );
|
||||
|
@ -620,7 +627,7 @@ static int check_pointer( void *p )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
static int check_all_free( )
|
||||
static int check_all_free( void )
|
||||
{
|
||||
if(
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
#undef _WIN32_WINNT
|
||||
#endif
|
||||
/* Enables getaddrinfo() & Co */
|
||||
#define _WIN32_WINNT 0x0601
|
||||
#define _WIN32_WINNT 0x0501
|
||||
#include <ws2tcpip.h>
|
||||
|
||||
#include <winsock2.h>
|
||||
|
|
|
@ -625,6 +625,51 @@ static const oid_md_alg_t oid_md_alg[] =
|
|||
FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
|
||||
FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
|
||||
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
|
||||
|
||||
/*
|
||||
* For HMAC digestAlgorithm
|
||||
*/
|
||||
typedef struct {
|
||||
mbedtls_oid_descriptor_t descriptor;
|
||||
mbedtls_md_type_t md_hmac;
|
||||
} oid_md_hmac_t;
|
||||
|
||||
static const oid_md_hmac_t oid_md_hmac[] =
|
||||
{
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" },
|
||||
MBEDTLS_MD_SHA1,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },
|
||||
MBEDTLS_MD_SHA224,
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },
|
||||
MBEDTLS_MD_SHA256,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" },
|
||||
MBEDTLS_MD_SHA384,
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" },
|
||||
MBEDTLS_MD_SHA512,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
{
|
||||
{ NULL, 0, NULL, NULL },
|
||||
MBEDTLS_MD_NONE,
|
||||
},
|
||||
};
|
||||
|
||||
FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
|
||||
FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_PKCS12_C)
|
||||
|
|
|
@ -442,7 +442,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
|||
unsigned char *buf, size_t buf_len, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *encode_buf, *c, *p = buf;
|
||||
unsigned char *encode_buf = NULL, *c, *p = buf;
|
||||
size_t len = 0, use_len, add_len = 0;
|
||||
|
||||
mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
|
||||
|
@ -454,7 +454,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
|||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
|
||||
if( use_len != 0 &&
|
||||
( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
|
||||
return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
|
||||
|
||||
if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
|
||||
|
|
|
@ -96,11 +96,9 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
|
|||
if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
|
||||
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
|
||||
|
||||
if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 )
|
||||
if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
|
||||
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
|
||||
|
||||
*md_type = MBEDTLS_MD_SHA1;
|
||||
|
||||
if( p != end )
|
||||
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
|
|
@ -181,6 +181,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if ( end - *p < 1 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
/* Tag may be either OID or SEQUENCE */
|
||||
params->tag = **p;
|
||||
if( params->tag != MBEDTLS_ASN1_OID
|
||||
|
@ -1277,6 +1281,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
{
|
||||
unsigned char *key_copy;
|
||||
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
||||
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
|
||||
|
@ -1348,11 +1355,45 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char *p;
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
const mbedtls_pk_info_t *pk_info;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
size_t len;
|
||||
mbedtls_pem_context pem;
|
||||
|
||||
mbedtls_pem_init( &pem );
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN RSA PUBLIC KEY-----",
|
||||
"-----END RSA PUBLIC KEY-----",
|
||||
key, NULL, 0, &len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
p = pem.buf;
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
|
||||
mbedtls_pk_free( ctx );
|
||||
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( keylen == 0 || key[keylen - 1] != '\0' )
|
||||
|
@ -1368,23 +1409,43 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
|
|||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
key = pem.buf;
|
||||
keylen = pem.buflen;
|
||||
p = pem.buf;
|
||||
|
||||
ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx );
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
mbedtls_pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
mbedtls_pem_free( &pem );
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
||||
|
||||
if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
p = (unsigned char *)key;
|
||||
ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
|
||||
if( ret == 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
mbedtls_pk_free( ctx );
|
||||
if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
p = (unsigned char *) key;
|
||||
|
||||
ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_free( &pem );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
|
|||
return( -1 );
|
||||
|
||||
va_start( argp, fmt );
|
||||
#if defined(_TRUNCATE)
|
||||
#if defined(_TRUNCATE) && !defined(__MINGW32__)
|
||||
ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
|
||||
#else
|
||||
ret = _vsnprintf( s, n, fmt, argp );
|
||||
|
|
|
@ -112,6 +112,13 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
|
||||
{
|
||||
mbedtls_ripemd160_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
|
||||
/*
|
||||
* Process one block
|
||||
|
@ -295,6 +302,14 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_ripemd160_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -349,6 +364,15 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_ripemd160_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char ripemd160_padding[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -395,6 +419,14 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ! MBEDTLS_RIPEMD160_ALT */
|
||||
|
||||
/*
|
||||
|
@ -424,6 +456,15 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_ripemd160( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_ripemd160_ret( input, ilen, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* Test vectors from the RIPEMD-160 paper and
|
||||
|
|
|
@ -773,16 +773,38 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
size_t olen;
|
||||
mbedtls_mpi T, T1, T2;
|
||||
|
||||
/* Temporary holding the result */
|
||||
mbedtls_mpi T;
|
||||
|
||||
/* Temporaries holding P-1, Q-1 and the
|
||||
* exponent blinding factor, respectively. */
|
||||
mbedtls_mpi P1, Q1, R;
|
||||
#if defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi D_blind;
|
||||
mbedtls_mpi *D = &ctx->D;
|
||||
#else
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
/* Temporaries holding the results mod p resp. mod q. */
|
||||
mbedtls_mpi TP, TQ;
|
||||
|
||||
/* Temporaries holding the blinded exponents for
|
||||
* the mod p resp. mod q computation (if used). */
|
||||
mbedtls_mpi DP_blind, DQ_blind;
|
||||
|
||||
/* Pointers to actual exponents to be used - either the unblinded
|
||||
* or the blinded ones, depending on the presence of a PRNG. */
|
||||
mbedtls_mpi *DP = &ctx->DP;
|
||||
mbedtls_mpi *DQ = &ctx->DQ;
|
||||
#endif
|
||||
#else
|
||||
/* Temporary holding the blinded exponent (if used). */
|
||||
mbedtls_mpi D_blind;
|
||||
|
||||
/* Pointer to actual exponent to be used - either the unblinded
|
||||
* or the blinded one, depending on the presence of a PRNG. */
|
||||
mbedtls_mpi *D = &ctx->D;
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
||||
/* Temporaries holding the initial input and the double
|
||||
* checked result; should be the same in the end. */
|
||||
mbedtls_mpi I, C;
|
||||
|
||||
if( rsa_check_context( ctx, 1 /* private key checks */,
|
||||
f_rng != NULL /* blinding y/n */ ) != 0 )
|
||||
|
@ -790,8 +812,17 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
|
||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
/* MPI Initialization */
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
mbedtls_mpi_init( &P1 );
|
||||
mbedtls_mpi_init( &Q1 );
|
||||
mbedtls_mpi_init( &R );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
|
@ -803,12 +834,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
#endif
|
||||
}
|
||||
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_init( &I );
|
||||
mbedtls_mpi_init( &C );
|
||||
|
||||
/* End of MPI initialization */
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
|
||||
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
|
||||
{
|
||||
|
@ -816,6 +850,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
/*
|
||||
|
@ -874,24 +910,25 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
/*
|
||||
* Faster decryption using the CRT
|
||||
*
|
||||
* T1 = input ^ dP mod P
|
||||
* T2 = input ^ dQ mod Q
|
||||
* TP = input ^ dP mod P
|
||||
* TQ = input ^ dQ mod Q
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
|
||||
|
||||
/*
|
||||
* T = (T1 - T2) * (Q^-1 mod P) mod P
|
||||
* T = (TP - TQ) * (Q^-1 mod P) mod P
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
|
||||
|
||||
/*
|
||||
* T = T2 + T * Q
|
||||
* T = TQ + T * Q
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
||||
if( f_rng != NULL )
|
||||
|
@ -904,6 +941,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
/* Verify the result to prevent glitching attacks. */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
|
||||
&ctx->N, &ctx->RN ) );
|
||||
if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
olen = ctx->len;
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
|
||||
|
||||
|
@ -913,8 +959,9 @@ cleanup:
|
|||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
|
||||
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R );
|
||||
mbedtls_mpi_free( &P1 );
|
||||
mbedtls_mpi_free( &Q1 );
|
||||
mbedtls_mpi_free( &R );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
|
@ -926,6 +973,15 @@ cleanup:
|
|||
#endif
|
||||
}
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &C );
|
||||
mbedtls_mpi_free( &I );
|
||||
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
|
||||
|
||||
|
@ -2222,7 +2278,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2237,7 +2294,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2250,7 +2308,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
|
||||
|
@ -2258,7 +2317,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2283,7 +2343,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2296,7 +2357,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
|
|
@ -111,6 +111,13 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
mbedtls_sha1_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
|
@ -270,6 +277,14 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha1_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -322,6 +337,15 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha1_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char sha1_padding[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -365,6 +389,14 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_SHA1_ALT */
|
||||
|
||||
/*
|
||||
|
@ -394,6 +426,15 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_ret( input, ilen, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* FIPS-180-1 test vectors
|
||||
|
|
|
@ -135,6 +135,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_starts_ret( ctx, is224 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
|
||||
static const uint32_t K[] =
|
||||
{
|
||||
|
@ -238,6 +246,14 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha256_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -290,6 +306,15 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha256_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char sha256_padding[64] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -339,6 +364,14 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] )
|
||||
{
|
||||
mbedtls_sha256_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_SHA256_ALT */
|
||||
|
||||
/*
|
||||
|
@ -369,6 +402,16 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[32],
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_ret( input, ilen, output, is224 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/*
|
||||
* FIPS-180-2 test vectors
|
||||
|
|
|
@ -149,6 +149,14 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_starts_ret( ctx, is384 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
|
||||
|
||||
/*
|
||||
|
@ -269,6 +277,14 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] )
|
||||
{
|
||||
mbedtls_internal_sha512_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
|
||||
|
||||
/*
|
||||
|
@ -320,6 +336,15 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha512_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char sha512_padding[128] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
|
@ -375,6 +400,14 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] )
|
||||
{
|
||||
mbedtls_sha512_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !MBEDTLS_SHA512_ALT */
|
||||
|
||||
/*
|
||||
|
@ -405,6 +438,16 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512( const unsigned char *input,
|
||||
size_t ilen,
|
||||
unsigned char output[64],
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_ret( input, ilen, output, is384 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
|
|
@ -902,6 +902,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
*p++ = (unsigned char)( ciphersuites[i] );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
|
||||
|
||||
/*
|
||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
*/
|
||||
|
@ -909,6 +911,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
|
||||
n++;
|
||||
|
@ -928,8 +931,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
*q++ = (unsigned char)( n >> 7 );
|
||||
*q++ = (unsigned char)( n << 1 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
offer_compress = 1;
|
||||
#else
|
||||
|
@ -2057,10 +2058,16 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
*
|
||||
* opaque psk_identity_hint<0..2^16-1>;
|
||||
*/
|
||||
if( (*p) > end - 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
len = (*p)[0] << 8 | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
if( (*p) + len > end )
|
||||
if( (*p) > end - len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
|
@ -2478,10 +2485,18 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Read signature
|
||||
*/
|
||||
|
||||
if( p > end - 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
sig_len = ( p[0] << 8 ) | p[1];
|
||||
p += 2;
|
||||
|
||||
if( end != p + sig_len )
|
||||
if( p != end - sig_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
|
|
|
@ -501,6 +501,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
unsigned char *key2;
|
||||
unsigned char *mac_enc;
|
||||
unsigned char *mac_dec;
|
||||
size_t mac_key_len;
|
||||
size_t iv_copy_len;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
@ -692,6 +693,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
cipher_info->mode == MBEDTLS_MODE_CCM )
|
||||
{
|
||||
transform->maclen = 0;
|
||||
mac_key_len = 0;
|
||||
|
||||
transform->ivlen = 12;
|
||||
transform->fixed_ivlen = 4;
|
||||
|
@ -712,7 +714,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
/* Get MAC length */
|
||||
transform->maclen = mbedtls_md_get_size( md_info );
|
||||
mac_key_len = mbedtls_md_get_size( md_info );
|
||||
transform->maclen = mac_key_len;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
/*
|
||||
|
@ -721,7 +724,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
* so we only need to adjust the length here.
|
||||
*/
|
||||
if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
|
||||
{
|
||||
transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
|
||||
/* Fall back to old, non-compliant version of the truncated
|
||||
* HMAC implementation which also truncates the key
|
||||
* (Mbed TLS versions from 1.3 to 2.6.0) */
|
||||
mac_key_len = transform->maclen;
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
/* IV length */
|
||||
|
@ -783,11 +795,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2;
|
||||
key2 = keyblk + transform->maclen * 2 + transform->keylen;
|
||||
key1 = keyblk + mac_key_len * 2;
|
||||
key2 = keyblk + mac_key_len * 2 + transform->keylen;
|
||||
|
||||
mac_enc = keyblk;
|
||||
mac_dec = keyblk + transform->maclen;
|
||||
mac_dec = keyblk + mac_key_len;
|
||||
|
||||
/*
|
||||
* This is not used in TLS v1.1.
|
||||
|
@ -803,10 +815,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2 + transform->keylen;
|
||||
key2 = keyblk + transform->maclen * 2;
|
||||
key1 = keyblk + mac_key_len * 2 + transform->keylen;
|
||||
key2 = keyblk + mac_key_len * 2;
|
||||
|
||||
mac_enc = keyblk + transform->maclen;
|
||||
mac_enc = keyblk + mac_key_len;
|
||||
mac_dec = keyblk;
|
||||
|
||||
/*
|
||||
|
@ -828,14 +840,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
if( transform->maclen > sizeof transform->mac_enc )
|
||||
if( mac_key_len > sizeof transform->mac_enc )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
memcpy( transform->mac_enc, mac_enc, transform->maclen );
|
||||
memcpy( transform->mac_dec, mac_dec, transform->maclen );
|
||||
memcpy( transform->mac_enc, mac_enc, mac_key_len );
|
||||
memcpy( transform->mac_dec, mac_dec, mac_key_len );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
@ -843,8 +855,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -864,7 +876,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
transform->iv_enc, transform->iv_dec,
|
||||
iv_copy_len,
|
||||
mac_enc, mac_dec,
|
||||
transform->maclen ) ) != 0 )
|
||||
mac_key_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
@ -877,7 +889,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
|
||||
session->master, keyblk,
|
||||
transform->maclen, transform->keylen,
|
||||
mac_key_len, transform->keylen,
|
||||
iv_copy_len );
|
||||
}
|
||||
#endif
|
||||
|
@ -7673,8 +7685,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
* Default
|
||||
*/
|
||||
default:
|
||||
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
|
||||
conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
|
||||
MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
|
||||
MBEDTLS_SSL_MIN_MAJOR_VERSION :
|
||||
MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
|
||||
conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
|
||||
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
|
||||
MBEDTLS_SSL_MIN_MINOR_VERSION :
|
||||
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
|
||||
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
||||
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include "mbedtls/version.h"
|
||||
#include <string.h>
|
||||
|
||||
unsigned int mbedtls_version_get_number()
|
||||
unsigned int mbedtls_version_get_number( void )
|
||||
{
|
||||
return( MBEDTLS_VERSION_NUMBER );
|
||||
}
|
||||
|
|
|
@ -468,6 +468,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
"MBEDTLS_SSL_TRUNCATED_HMAC",
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
|
||||
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
"MBEDTLS_THREADING_ALT",
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
|
|
@ -95,17 +95,23 @@ static int x509_crl_get_version( unsigned char **p,
|
|||
}
|
||||
|
||||
/*
|
||||
* X.509 CRL v2 extensions (no extensions parsed yet.)
|
||||
* X.509 CRL v2 extensions
|
||||
*
|
||||
* We currently don't parse any extension's content, but we do check that the
|
||||
* list of extensions is well-formed and abort on critical extensions (that
|
||||
* are unsupported as we don't support any extension so far)
|
||||
*/
|
||||
static int x509_get_crl_ext( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_buf *ext )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
/* Get explicit tag */
|
||||
if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
|
||||
/*
|
||||
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
||||
* -- if present, version MUST be v2
|
||||
*/
|
||||
if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
||||
return( 0 );
|
||||
|
@ -115,11 +121,54 @@ static int x509_get_crl_ext( unsigned char **p,
|
|||
|
||||
while( *p < end )
|
||||
{
|
||||
/*
|
||||
* Extension ::= SEQUENCE {
|
||||
* extnID OBJECT IDENTIFIER,
|
||||
* critical BOOLEAN DEFAULT FALSE,
|
||||
* extnValue OCTET STRING }
|
||||
*/
|
||||
int is_critical = 0;
|
||||
const unsigned char *end_ext_data;
|
||||
size_t len;
|
||||
|
||||
/* Get enclosing sequence tag */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
end_ext_data = *p + len;
|
||||
|
||||
/* Get OID (currently ignored) */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
|
||||
MBEDTLS_ASN1_OID ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
}
|
||||
*p += len;
|
||||
|
||||
/* Get optional critical */
|
||||
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
|
||||
&is_critical ) ) != 0 &&
|
||||
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
}
|
||||
|
||||
/* Data should be octet string type */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
|
||||
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
/* Ignore data so far and just check its length */
|
||||
*p += len;
|
||||
if( *p != end_ext_data )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
/* Abort on (unsupported) critical extensions */
|
||||
if( is_critical )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
}
|
||||
|
||||
if( *p != end )
|
||||
|
@ -257,7 +306,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
|||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
unsigned char *p = NULL, *end = NULL;
|
||||
mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
|
||||
mbedtls_x509_crl *crl = chain;
|
||||
|
||||
|
@ -294,7 +343,11 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
|||
/*
|
||||
* Copy raw DER-encoded CRL
|
||||
*/
|
||||
if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
|
||||
if( buflen == 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
p = mbedtls_calloc( 1, buflen );
|
||||
if( p == NULL )
|
||||
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
|
|
@ -62,18 +62,6 @@
|
|||
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
#include <windows.h>
|
||||
#if _MSC_VER <= 1600
|
||||
/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and <intsafe.h> are included, as they
|
||||
* redefine a number of <TYPE>_MAX constants. These constants are guaranteed to be the same, though, so
|
||||
* we suppress the warning when including intsafe.h.
|
||||
*/
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4005 )
|
||||
#endif
|
||||
#include <intsafe.h>
|
||||
#if _MSC_VER <= 1600
|
||||
#pragma warning( pop )
|
||||
#endif
|
||||
#else
|
||||
#include <time.h>
|
||||
#endif
|
||||
|
@ -145,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
|
|||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
|
||||
/* Only ECDSA */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/* Only NIST P-256 and P-384 */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
||||
|
@ -484,9 +473,12 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
||||
if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
}
|
||||
|
||||
/* Skip everything but DNS name */
|
||||
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
||||
|
@ -1122,7 +1114,6 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
char filename[MAX_PATH];
|
||||
char *p;
|
||||
size_t len = strlen( path );
|
||||
int lengthAsInt = 0;
|
||||
|
||||
WIN32_FIND_DATAW file_data;
|
||||
HANDLE hFind;
|
||||
|
@ -1137,10 +1128,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
p = filename + len;
|
||||
filename[len++] = '*';
|
||||
|
||||
if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) )
|
||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
||||
|
||||
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir,
|
||||
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
|
||||
MAX_PATH - 3 );
|
||||
if( w_ret == 0 )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
@ -1157,11 +1145,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
||||
continue;
|
||||
|
||||
if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &lengthAsInt ) ) )
|
||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
||||
|
||||
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
||||
lengthAsInt,
|
||||
lstrlenW( file_data.cFileName ),
|
||||
p, (int) len - 1,
|
||||
NULL, NULL );
|
||||
if( w_ret == 0 )
|
||||
|
|
Loading…
Reference in New Issue