Externals: Update mbedtls to 2.4.1
The latest version has tons of security fixes (which is expected for a library such as mbedtls). Updating also allows getting rid of a few deprecation warnings.
This commit is contained in:
parent
0e961776e6
commit
b8dd3e690f
|
@ -10,7 +10,7 @@ set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRAR
|
|||
set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
|
||||
check_cxx_source_compiles("
|
||||
#include <mbedtls/version.h>
|
||||
#if MBEDTLS_VERSION_NUMBER < 0x02010100
|
||||
#if MBEDTLS_VERSION_NUMBER < 0x02040000
|
||||
#error \"Your mbed TLS version is too old.\"
|
||||
#endif
|
||||
int main() {}"
|
||||
|
@ -20,4 +20,4 @@ include(FindPackageHandleStandardArgs)
|
|||
find_package_handle_standard_args(MBEDTLS DEFAULT_MSG
|
||||
MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY MBEDTLS_VERSION_OK)
|
||||
|
||||
mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)
|
||||
mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)
|
||||
|
|
|
@ -44,6 +44,9 @@ extern "C" {
|
|||
* \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
|
||||
* *olen is always updated to reflect the amount
|
||||
* of data that has (or would have) been written.
|
||||
* If that length cannot be represented, then no data is
|
||||
* written to the buffer and *olen is set to the maximum
|
||||
* length representable as a size_t.
|
||||
*
|
||||
* \note Call this function with dlen = 0 to obtain the
|
||||
* required buffer size in *olen
|
||||
|
|
|
@ -122,6 +122,7 @@
|
|||
#define MBEDTLS_HAVE_INT64
|
||||
typedef int64_t mbedtls_mpi_sint;
|
||||
typedef uint64_t mbedtls_mpi_uint;
|
||||
/* mbedtls_t_udbl defined as 128-bit unsigned int */
|
||||
typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
|
||||
#define MBEDTLS_HAVE_UDBL
|
||||
#else
|
||||
|
|
|
@ -162,10 +162,6 @@
|
|||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
"movq %3, %%rsi \n\t" \
|
||||
"movq %4, %%rdi \n\t" \
|
||||
"movq %5, %%rcx \n\t" \
|
||||
"movq %6, %%rbx \n\t" \
|
||||
"xorq %%r8, %%r8 \n\t"
|
||||
|
||||
#define MULADDC_CORE \
|
||||
|
@ -181,12 +177,9 @@
|
|||
"addq $8, %%rdi \n\t"
|
||||
|
||||
#define MULADDC_STOP \
|
||||
"movq %%rcx, %0 \n\t" \
|
||||
"movq %%rdi, %1 \n\t" \
|
||||
"movq %%rsi, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" \
|
||||
: "+c" (c), "+D" (d), "+S" (s) \
|
||||
: "b" (b) \
|
||||
: "rax", "rdx", "r8" \
|
||||
);
|
||||
|
||||
#endif /* AMD64 */
|
||||
|
@ -412,10 +405,11 @@
|
|||
#endif /* PPC32 */
|
||||
|
||||
/*
|
||||
* The Sparc64 assembly is reported to be broken.
|
||||
* The Sparc(64) assembly is reported to be broken.
|
||||
* Disable it for now, until we're able to fix it.
|
||||
*/
|
||||
#if 0 && defined(__sparc__) && defined(__sparc64__)
|
||||
#if 0 && defined(__sparc__)
|
||||
#if defined(__sparc64__)
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
|
@ -446,9 +440,8 @@
|
|||
: "g1", "o0", "o1", "o2", "o3", "o4", \
|
||||
"o5" \
|
||||
);
|
||||
#endif /* SPARCv9 */
|
||||
|
||||
#if defined(__sparc__) && !defined(__sparc64__)
|
||||
#else /* __sparc64__ */
|
||||
|
||||
#define MULADDC_INIT \
|
||||
asm( \
|
||||
|
@ -480,7 +473,8 @@
|
|||
"o5" \
|
||||
);
|
||||
|
||||
#endif /* SPARCv8 */
|
||||
#endif /* __sparc64__ */
|
||||
#endif /* __sparc__ */
|
||||
|
||||
#if defined(__microblaze__) || defined(microblaze)
|
||||
|
||||
|
@ -562,7 +556,23 @@
|
|||
|
||||
#endif /* TriCore */
|
||||
|
||||
#if defined(__arm__)
|
||||
/*
|
||||
* gcc -O0 by default uses r7 for the frame pointer, so it complains about our
|
||||
* use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
|
||||
* passing that option is not easy when building with yotta.
|
||||
*
|
||||
* On the other hand, -fomit-frame-pointer is implied by any -Ox options with
|
||||
* x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
|
||||
* clang and armcc5 under the same conditions).
|
||||
*
|
||||
* So, only use the optimized assembly below for optimized build, which avoids
|
||||
* the build error and is pretty reasonable anyway.
|
||||
*/
|
||||
#if defined(__GNUC__) && !defined(__OPTIMIZE__)
|
||||
#define MULADDC_CANNOT_USE_R7
|
||||
#endif
|
||||
|
||||
#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
|
||||
|
||||
#if defined(__thumb__) && !defined(__thumb2__)
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* \brief Consistency checks for configuration options
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -77,6 +77,11 @@
|
|||
#error "MBEDTLS_DHM_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C) && \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
|
||||
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -88,6 +93,11 @@
|
|||
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
|
||||
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
|
||||
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -125,6 +135,16 @@
|
|||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
|
||||
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
|
||||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
|
||||
( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
|
||||
defined(MBEDTLS_HAVEGE_C) )
|
||||
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) && ( \
|
||||
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
|
||||
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
|
||||
|
@ -187,6 +207,12 @@
|
|||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
||||
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
|
||||
|
@ -235,6 +261,36 @@
|
|||
#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
|
||||
defined(MBEDTLS_PLATFORM_TIME_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
|
||||
defined(MBEDTLS_PLATFORM_TIME_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -331,6 +387,12 @@
|
|||
#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
|
||||
!defined(MBEDTLS_HAVE_TIME) )
|
||||
#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
|
||||
!defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
|
||||
|
@ -346,11 +408,48 @@
|
|||
#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
|
||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
|
||||
#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
|
||||
!defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
|
||||
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
|
||||
!defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
|
||||
( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
|
||||
#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
|
||||
!defined(MBEDTLS_OID_C) )
|
||||
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
|
||||
!defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
|
||||
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
||||
|
|
|
@ -46,7 +46,8 @@
|
|||
#define MBEDTLS_CIPHER_MODE_STREAM
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
@ -56,6 +57,7 @@
|
|||
#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */
|
||||
#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
|
||||
#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
|
||||
#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */
|
||||
|
||||
#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
|
||||
#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
|
||||
|
@ -174,6 +176,11 @@ enum {
|
|||
*/
|
||||
typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
|
||||
|
||||
/**
|
||||
* CMAC context (opaque struct).
|
||||
*/
|
||||
typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
||||
|
||||
/**
|
||||
* Cipher information. Allows cipher functions to be called in a generic way.
|
||||
*/
|
||||
|
@ -239,6 +246,11 @@ typedef struct {
|
|||
|
||||
/** Cipher-specific context */
|
||||
void *cipher_ctx;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
/** CMAC Specific context */
|
||||
mbedtls_cmac_context_t *cmac_ctx;
|
||||
#endif
|
||||
} mbedtls_cipher_context_t;
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,166 @@
|
|||
/**
|
||||
* \file cmac.h
|
||||
*
|
||||
* \brief Cipher-based Message Authentication Code (CMAC) Mode for
|
||||
* Authentication
|
||||
*
|
||||
* Copyright (C) 2015-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_AES_BLOCK_SIZE 16
|
||||
#define MBEDTLS_DES3_BLOCK_SIZE 8
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /* longest used by CMAC is AES */
|
||||
#else
|
||||
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */
|
||||
#endif
|
||||
|
||||
/**
|
||||
* CMAC context structure - Contains internal state information only
|
||||
*/
|
||||
struct mbedtls_cmac_context_t
|
||||
{
|
||||
/** Internal state of the CMAC algorithm */
|
||||
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Unprocessed data - either data that was not block aligned and is still
|
||||
* pending to be processed, or the final block */
|
||||
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
|
||||
|
||||
/** Length of data pending to be processed */
|
||||
size_t unprocessed_len;
|
||||
};
|
||||
|
||||
/**
|
||||
* \brief Set the CMAC key and prepare to authenticate the input
|
||||
* data.
|
||||
* Should be called with an initialised cipher context.
|
||||
*
|
||||
* \param ctx Cipher context
|
||||
* \param key CMAC key
|
||||
* \param keybits length of the CMAC key in bits
|
||||
* (must be acceptable by the cipher)
|
||||
*
|
||||
* \return 0 if successful, or a cipher specific error code
|
||||
*/
|
||||
int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key, size_t keybits );
|
||||
|
||||
/**
|
||||
* \brief Generic CMAC process buffer.
|
||||
* Called between mbedtls_cipher_cmac_starts() or
|
||||
* mbedtls_cipher_cmac_reset() and
|
||||
* mbedtls_cipher_cmac_finish().
|
||||
* May be called repeatedly.
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Output CMAC.
|
||||
* Called after mbedtls_cipher_cmac_update().
|
||||
* Usually followed by mbedtls_cipher_cmac_reset(), then
|
||||
* mbedtls_cipher_cmac_starts(), or mbedtls_cipher_free().
|
||||
*
|
||||
* \param ctx CMAC context
|
||||
* \param output Generic CMAC checksum result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output );
|
||||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_cipher_cmac_finish() and before
|
||||
* mbedtls_cipher_cmac_update().
|
||||
*
|
||||
* \param ctx CMAC context to be reset
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = Generic_CMAC( hmac key, input buffer )
|
||||
*
|
||||
* \param cipher_info message digest info
|
||||
* \param key CMAC key
|
||||
* \param keylen length of the CMAC key in bits
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output Generic CMAC-result
|
||||
*
|
||||
* \returns 0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
|
||||
* verification fails.
|
||||
*/
|
||||
int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
|
||||
const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output );
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
/**
|
||||
* \brief AES-CMAC-128-PRF
|
||||
* Implementation of (AES-CMAC-PRF-128), as defined in RFC 4615
|
||||
*
|
||||
* \param key PRF key
|
||||
* \param key_len PRF key length in bytes
|
||||
* \param input buffer holding the input data
|
||||
* \param in_len length of the input data in bytes
|
||||
* \param output buffer holding the generated pseudorandom output (16 bytes)
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char output[16] );
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int mbedtls_cmac_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CMAC_H */
|
|
@ -1,7 +1,8 @@
|
|||
/**
|
||||
* \file config.h
|
||||
* \file compat-1.3.h
|
||||
*
|
||||
* \brief Compatibility names (set of defines)
|
||||
* \brief Compatibility definitions for using mbed TLS with client code written
|
||||
* for the PolarSSL naming conventions.
|
||||
*
|
||||
* \deprecated Use the new names directly instead
|
||||
*
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
*
|
||||
* \brief Configuration options (set of defines)
|
||||
*
|
||||
* This set of compile-time options may be used to enable
|
||||
* or disable features selectively, and reduce the global
|
||||
* memory footprint.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
|
@ -21,11 +25,6 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* This set of compile-time options may be used to enable
|
||||
* or disable features selectively, and reduce the global
|
||||
* memory footprint.
|
||||
*/
|
||||
#ifndef MBEDTLS_CONFIG_H
|
||||
#define MBEDTLS_CONFIG_H
|
||||
|
||||
|
@ -72,6 +71,10 @@
|
|||
* The time does not need to be correct, only time differences are used,
|
||||
* by contrast with MBEDTLS_HAVE_TIME_DATE
|
||||
*
|
||||
* Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
|
||||
* MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
|
||||
* MBEDTLS_PLATFORM_STD_TIME.
|
||||
*
|
||||
* Comment if your system does not support time functions
|
||||
*/
|
||||
#define MBEDTLS_HAVE_TIME
|
||||
|
@ -132,10 +135,10 @@
|
|||
//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PLATFORM_XXX_ALT
|
||||
* \def MBEDTLS_PLATFORM_EXIT_ALT
|
||||
*
|
||||
* Uncomment a macro to let mbed TLS support the function in the platform
|
||||
* abstraction layer.
|
||||
* MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
|
||||
* function in the platform abstraction layer.
|
||||
*
|
||||
* Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
|
||||
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
|
||||
|
@ -149,13 +152,17 @@
|
|||
* \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
|
||||
* MBEDTLS_PLATFORM_XXX_MACRO!
|
||||
*
|
||||
* Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
|
||||
*
|
||||
* Uncomment a macro to enable alternate implementation of specific base
|
||||
* platform function
|
||||
*/
|
||||
//#define MBEDTLS_PLATFORM_EXIT_ALT
|
||||
//#define MBEDTLS_PLATFORM_TIME_ALT
|
||||
//#define MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
//#define MBEDTLS_PLATFORM_PRINTF_ALT
|
||||
//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_DEPRECATED_WARNING
|
||||
|
@ -208,12 +215,12 @@
|
|||
//#define MBEDTLS_TIMING_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS__MODULE_NAME__ALT
|
||||
* \def MBEDTLS_AES_ALT
|
||||
*
|
||||
* Uncomment a macro to let mbed TLS use your alternate core implementation of
|
||||
* a symmetric crypto or hash module (e.g. platform specific assembly
|
||||
* optimized implementations). Keep in mind that the function prototypes
|
||||
* should remain the same.
|
||||
* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
|
||||
* alternate core implementation of a symmetric crypto or hash module (e.g.
|
||||
* platform specific assembly optimized implementations). Keep in mind that
|
||||
* the function prototypes should remain the same.
|
||||
*
|
||||
* This replaces the whole module. If you only want to replace one of the
|
||||
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
|
||||
|
@ -241,11 +248,11 @@
|
|||
//#define MBEDTLS_SHA512_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS__FUNCTION_NAME__ALT
|
||||
* \def MBEDTLS_MD2_PROCESS_ALT
|
||||
*
|
||||
* Uncomment a macro to let mbed TLS use you alternate core implementation of
|
||||
* symmetric crypto or hash function. Keep in mind that function prototypes
|
||||
* should remain the same.
|
||||
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
|
||||
* alternate core implementation of symmetric crypto or hash function. Keep in
|
||||
* mind that function prototypes should remain the same.
|
||||
*
|
||||
* This replaces only one function. The header file from mbed TLS is still
|
||||
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
|
||||
|
@ -278,6 +285,23 @@
|
|||
//#define MBEDTLS_AES_ENCRYPT_ALT
|
||||
//#define MBEDTLS_AES_DECRYPT_ALT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_TEST_NULL_ENTROPY
|
||||
*
|
||||
* Enables testing and use of mbed TLS without any configured entropy sources.
|
||||
* This permits use of the library on platforms before an entropy source has
|
||||
* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
|
||||
* MBEDTLS_ENTROPY_NV_SEED switches).
|
||||
*
|
||||
* WARNING! This switch MUST be disabled in production builds, and is suitable
|
||||
* only for development.
|
||||
* Enabling the switch negates any security provided by the library.
|
||||
*
|
||||
* Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_TEST_NULL_ENTROPY
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
*
|
||||
|
@ -364,10 +388,11 @@
|
|||
//#define MBEDTLS_CIPHER_NULL_CIPHER
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CIPHER_PADDING_XXX
|
||||
* \def MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
*
|
||||
* Uncomment or comment macros to add support for specific padding modes
|
||||
* in the cipher layer with cipher modes that support padding (e.g. CBC)
|
||||
* MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
|
||||
* specific padding modes in the cipher layer with cipher modes that support
|
||||
* padding (e.g. CBC)
|
||||
*
|
||||
* If you disable all padding modes, only full blocks can be used with CBC.
|
||||
*
|
||||
|
@ -407,10 +432,10 @@
|
|||
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_XXXX_ENABLED
|
||||
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
*
|
||||
* Enables specific curves within the Elliptic Curve module.
|
||||
* By default all supported curves are enabled.
|
||||
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
|
||||
* module. By default all supported curves are enabled.
|
||||
*
|
||||
* Comment macros to disable the curve and functions for it
|
||||
*/
|
||||
|
@ -694,6 +719,25 @@
|
|||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
*
|
||||
* Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* \warning This is currently experimental. EC J-PAKE support is based on the
|
||||
* Thread v1.0.0 specification; incompatible changes to the specification
|
||||
* might still happen. For this reason, this is disabled by default.
|
||||
*
|
||||
* Requires: MBEDTLS_ECJPAKE_C
|
||||
* MBEDTLS_SHA256_C
|
||||
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
|
||||
*/
|
||||
//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
*
|
||||
|
@ -779,6 +823,34 @@
|
|||
*/
|
||||
//#define MBEDTLS_ENTROPY_FORCE_SHA256
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ENTROPY_NV_SEED
|
||||
*
|
||||
* Enable the non-volatile (NV) seed file-based entropy source.
|
||||
* (Also enables the NV seed read/write functions in the platform layer)
|
||||
*
|
||||
* This is crucial (if not required) on systems that do not have a
|
||||
* cryptographic entropy source (in hardware or kernel) available.
|
||||
*
|
||||
* Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
|
||||
*
|
||||
* \note The read/write functions that are used by the entropy source are
|
||||
* determined in the platform layer, and can be modified at runtime and/or
|
||||
* compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
|
||||
*
|
||||
* \note If you use the default implementation functions that read a seedfile
|
||||
* with regular fopen(), please make sure you make a seedfile with the
|
||||
* proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
|
||||
* least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
|
||||
* and written to or you will get an entropy source error! The default
|
||||
* implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
|
||||
* bytes from the file.
|
||||
*
|
||||
* \note The entropy collector will write to the seed file before entropy is
|
||||
* given to an external source, to update it.
|
||||
*/
|
||||
//#define MBEDTLS_ENTROPY_NV_SEED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_MEMORY_DEBUG
|
||||
*
|
||||
|
@ -868,18 +940,6 @@
|
|||
*/
|
||||
//#define MBEDTLS_SHA256_SMALLER
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_AEAD_RANDOM_IV
|
||||
*
|
||||
* Generate a random IV rather than using the record sequence number as a
|
||||
* nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
|
||||
*
|
||||
* Using the sequence number is generally recommended.
|
||||
*
|
||||
* Uncomment this macro to always use random IVs with AEAD ciphersuites.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_AEAD_RANDOM_IV
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
|
@ -1039,7 +1099,7 @@
|
|||
*
|
||||
* Comment this macro to disable support for SSL 3.0
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROTO_SSL3
|
||||
//#define MBEDTLS_SSL_PROTO_SSL3
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||
|
@ -1175,6 +1235,16 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_SESSION_TICKETS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_EXPORT_KEYS
|
||||
*
|
||||
* Enable support for exporting key block and master secret.
|
||||
* This is required for certain users of TLS, e.g. EAP-TLS.
|
||||
*
|
||||
* Comment this macro to disable support for key export
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXPORT_KEYS
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
|
||||
*
|
||||
|
@ -1246,6 +1316,8 @@
|
|||
* If set, the X509 parser will not break-off when parsing an X509 certificate
|
||||
* and encountering an unknown critical extension.
|
||||
*
|
||||
* \warning Depending on your PKI use, enabling this can be a security risk!
|
||||
*
|
||||
* Uncomment to prevent an error.
|
||||
*/
|
||||
//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
|
@ -1587,6 +1659,19 @@
|
|||
*/
|
||||
#define MBEDTLS_CIPHER_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CMAC_C
|
||||
*
|
||||
* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
|
||||
* ciphers.
|
||||
*
|
||||
* Module: library/cmac.c
|
||||
*
|
||||
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_CMAC_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_CTR_DRBG_C
|
||||
*
|
||||
|
@ -1686,6 +1771,25 @@
|
|||
*/
|
||||
#define MBEDTLS_ECDSA_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECJPAKE_C
|
||||
*
|
||||
* Enable the elliptic curve J-PAKE library.
|
||||
*
|
||||
* \warning This is currently experimental. EC J-PAKE support is based on the
|
||||
* Thread v1.0.0 specification; incompatible changes to the specification
|
||||
* might still happen. For this reason, this is disabled by default.
|
||||
*
|
||||
* Module: library/ecjpake.c
|
||||
* Caller:
|
||||
*
|
||||
* This module is used by the following key exchanges:
|
||||
* ECJPAKE
|
||||
*
|
||||
* Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
|
||||
*/
|
||||
//#define MBEDTLS_ECJPAKE_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_C
|
||||
*
|
||||
|
@ -1694,6 +1798,7 @@
|
|||
* Module: library/ecp.c
|
||||
* Caller: library/ecdh.c
|
||||
* library/ecdsa.c
|
||||
* library/ecjpake.c
|
||||
*
|
||||
* Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
|
||||
*/
|
||||
|
@ -1846,11 +1951,19 @@
|
|||
/**
|
||||
* \def MBEDTLS_NET_C
|
||||
*
|
||||
* Enable the TCP/IP networking routines.
|
||||
* Enable the TCP and UDP over IPv6/IPv4 networking routines.
|
||||
*
|
||||
* Module: library/net.c
|
||||
* \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
|
||||
* and Windows. For other platforms, you'll want to disable it, and write your
|
||||
* own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
|
||||
*
|
||||
* This module provides TCP/IP networking routines.
|
||||
* \note See also our Knowledge Base article about porting to a new
|
||||
* environment:
|
||||
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
|
||||
*
|
||||
* Module: library/net_sockets.c
|
||||
*
|
||||
* This module provides networking routines.
|
||||
*/
|
||||
#define MBEDTLS_NET_C
|
||||
|
||||
|
@ -2196,7 +2309,8 @@
|
|||
* By default mbed TLS assumes it is used in a non-threaded environment or that
|
||||
* contexts are not shared between threads. If you do intend to use contexts
|
||||
* between threads, you will need to enable this layer to prevent race
|
||||
* conditions.
|
||||
* conditions. See also our Knowledge Base article about threading:
|
||||
* https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
|
||||
*
|
||||
* Module: library/threading.c
|
||||
*
|
||||
|
@ -2213,7 +2327,18 @@
|
|||
/**
|
||||
* \def MBEDTLS_TIMING_C
|
||||
*
|
||||
* Enable the portable timing interface.
|
||||
* Enable the semi-portable timing interface.
|
||||
*
|
||||
* \note The provided implementation only works on POSIX/Unix (including Linux,
|
||||
* BSD and OS X) and Windows. On other platforms, you can either disable that
|
||||
* module and provide your own implementations of the callbacks needed by
|
||||
* \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
|
||||
* your own implementation of the whole module by setting
|
||||
* \c MBEDTLS_TIMING_ALT in the current file.
|
||||
*
|
||||
* \note See also our Knowledge Base article about porting to a new
|
||||
* environment:
|
||||
* https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
|
||||
*
|
||||
* Module: library/timing.c
|
||||
* Caller: library/havege.c
|
||||
|
@ -2385,6 +2510,7 @@
|
|||
/* Entropy options */
|
||||
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
|
||||
//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
|
||||
|
||||
/* Memory buffer allocator options */
|
||||
//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
|
||||
|
@ -2394,20 +2520,30 @@
|
|||
//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
|
||||
/* Note: your snprintf must correclty zero-terminate the buffer! */
|
||||
//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
|
||||
|
||||
/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
|
||||
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
|
||||
//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
|
||||
//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
|
||||
/* Note: your snprintf must correclty zero-terminate the buffer! */
|
||||
//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
|
@ -2435,11 +2571,15 @@
|
|||
|
||||
/* X509 options */
|
||||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
||||
|
||||
/* \} name SECTION: Module configuration options */
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED)
|
||||
#include "mbedtls/target_config.h"
|
||||
/* Target and application specific configurations */
|
||||
//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
|
||||
#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
|
|
@ -111,7 +111,7 @@ mbedtls_ctr_drbg_context;
|
|||
|
||||
/**
|
||||
* \brief CTR_DRBG context initialization
|
||||
* Makes the context ready for mbetls_ctr_drbg_seed() or
|
||||
* Makes the context ready for mbedtls_ctr_drbg_seed() or
|
||||
* mbedtls_ctr_drbg_free().
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be initialized
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* \file debug.h
|
||||
*
|
||||
* \brief Debug functions
|
||||
* \brief Functions for controlling and providing debug output from the library.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
|
@ -80,39 +80,141 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the level threshold to handle globally. Messages that have a
|
||||
* level over the threshold value are ignored.
|
||||
* (Default value: 0 (No debug))
|
||||
* \brief Set the threshold error level to handle globally all debug output.
|
||||
* Debug messages that have a level over the threshold value are
|
||||
* discarded.
|
||||
* (Default value: 0 = No debug )
|
||||
*
|
||||
* \param threshold maximum level of messages to pass on
|
||||
* \param threshold theshold level of messages to filter on. Messages at a
|
||||
* higher level will be discarded.
|
||||
* - Debug levels
|
||||
* - 0 No debug
|
||||
* - 1 Error
|
||||
* - 2 State change
|
||||
* - 3 Informational
|
||||
* - 4 Verbose
|
||||
*/
|
||||
void mbedtls_debug_set_threshold( int threshold );
|
||||
|
||||
/**
|
||||
* \brief Print a message to the debug output. This function is always used
|
||||
* through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
|
||||
* context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the message has occurred in
|
||||
* \param line line number the message has occurred at
|
||||
* \param format format specifier, in printf format
|
||||
* \param ... variables used by the format specifier
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *format, ... );
|
||||
|
||||
/**
|
||||
* \brief Print the return value of a function to the debug output. This
|
||||
* function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text the name of the function that returned the error
|
||||
* \param ret the return code value
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, int ret );
|
||||
|
||||
/**
|
||||
* \brief Output a buffer of size len bytes to the debug output. This function
|
||||
* is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the buffer being dumped. Normally the
|
||||
* variable or buffer name
|
||||
* \param buf the buffer to be outputted
|
||||
* \param len length of the buffer
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line, const char *text,
|
||||
const unsigned char *buf, size_t len );
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
/**
|
||||
* \brief Print a MPI variable to the debug output. This function is always
|
||||
* used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
|
||||
* ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the MPI being output. Normally the
|
||||
* variable name
|
||||
* \param X the MPI variable
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_mpi *X );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/**
|
||||
* \brief Print an ECP point to the debug output. This function is always
|
||||
* used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
|
||||
* ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the ECP point being output. Normally the
|
||||
* variable name
|
||||
* \param X the ECP point
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_ecp_point *X );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Print a X.509 certificate structure to the debug output. This
|
||||
* function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
|
||||
* which supplies the ssl context, file and line number parameters.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
* \param file file the error has occurred in
|
||||
* \param line line number the error has occurred in
|
||||
* \param text a name or label for the certificate being output
|
||||
* \param crt X.509 certificate structure
|
||||
*
|
||||
* \attention This function is intended for INTERNAL usage within the
|
||||
* library only.
|
||||
*/
|
||||
void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
||||
const char *file, int line,
|
||||
const char *text, const mbedtls_x509_crt *crt );
|
||||
|
@ -123,3 +225,4 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
#endif
|
||||
|
||||
#endif /* debug.h */
|
||||
|
||||
|
|
|
@ -221,7 +221,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
|||
* \param ctx DHM context
|
||||
* \param x_size private value size in bytes
|
||||
* \param output destination buffer
|
||||
* \param olen must be equal to ctx->P.len
|
||||
* \param olen must be at least equal to the size of P, ctx->len
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
|
|
|
@ -0,0 +1,238 @@
|
|||
/**
|
||||
* \file ecjpake.h
|
||||
*
|
||||
* \brief Elliptic curve J-PAKE
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_ECJPAKE_H
|
||||
#define MBEDTLS_ECJPAKE_H
|
||||
|
||||
/*
|
||||
* J-PAKE is a password-authenticated key exchange that allows deriving a
|
||||
* strong shared secret from a (potentially low entropy) pre-shared
|
||||
* passphrase, with forward secrecy and mutual authentication.
|
||||
* https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
|
||||
*
|
||||
* This file implements the Elliptic Curve variant of J-PAKE,
|
||||
* as defined in Chapter 7.4 of the Thread v1.0 Specification,
|
||||
* available to members of the Thread Group http://threadgroup.org/
|
||||
*
|
||||
* As the J-PAKE algorithm is inherently symmetric, so is our API.
|
||||
* Each party needs to send its first round message, in any order, to the
|
||||
* other party, then each sends its second round message, in any order.
|
||||
* The payloads are serialized in a way suitable for use in TLS, but could
|
||||
* also be use outside TLS.
|
||||
*/
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Roles in the EC J-PAKE exchange
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
|
||||
MBEDTLS_ECJPAKE_SERVER, /**< Server */
|
||||
} mbedtls_ecjpake_role;
|
||||
|
||||
/**
|
||||
* EC J-PAKE context structure.
|
||||
*
|
||||
* J-PAKE is a symmetric protocol, except for the identifiers used in
|
||||
* Zero-Knowledge Proofs, and the serialization of the second message
|
||||
* (KeyExchange) as defined by the Thread spec.
|
||||
*
|
||||
* In order to benefit from this symmetry, we choose a different naming
|
||||
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
|
||||
* description as a pair C: client name, S: server name
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
const mbedtls_md_info_t *md_info; /**< Hash to use */
|
||||
mbedtls_ecp_group grp; /**< Elliptic curve */
|
||||
mbedtls_ecjpake_role role; /**< Are we client or server? */
|
||||
int point_format; /**< Format for point export */
|
||||
|
||||
mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
|
||||
mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
|
||||
mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
|
||||
mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
|
||||
mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
|
||||
|
||||
mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
|
||||
mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
|
||||
|
||||
mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
|
||||
} mbedtls_ecjpake_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* (just makes it ready for setup() or free()).
|
||||
*
|
||||
* \param ctx context to initialize
|
||||
*/
|
||||
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set up a context for use
|
||||
*
|
||||
* \note Currently the only values for hash/curve allowed by the
|
||||
* standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
|
||||
*
|
||||
* \param ctx context to set up
|
||||
* \param role Our role: client or server
|
||||
* \param hash hash function to use (MBEDTLS_MD_XXX)
|
||||
* \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
|
||||
* \param secret pre-shared secret (passphrase)
|
||||
* \param len length of the shared secret
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
||||
mbedtls_ecjpake_role role,
|
||||
mbedtls_md_type_t hash,
|
||||
mbedtls_ecp_group_id curve,
|
||||
const unsigned char *secret,
|
||||
size_t len );
|
||||
|
||||
/*
|
||||
* \brief Check if a context is ready for use
|
||||
*
|
||||
* \param ctx Context to check
|
||||
*
|
||||
* \return 0 if the context is ready for use,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Generate and write the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes)
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Read and process the first round message
|
||||
* (TLS: contents of the Client/ServerHello extension,
|
||||
* excluding extension type and length bytes)
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Pointer to extension contents
|
||||
* \param len Extension length
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Generate and write the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange)
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Read and process the second round message
|
||||
* (TLS: contents of the Client/ServerKeyExchange)
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Pointer to the message
|
||||
* \param len Message length
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Derive the shared secret
|
||||
* (TLS: Pre-Master Secret)
|
||||
*
|
||||
* \param ctx Context to use
|
||||
* \param buf Buffer to write the contents to
|
||||
* \param len Buffer size
|
||||
* \param olen Will be updated with the number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successfull,
|
||||
* a negative error code otherwise
|
||||
*/
|
||||
int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
||||
unsigned char *buf, size_t len, size_t *olen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Free a context's content
|
||||
*
|
||||
* \param ctx context to free
|
||||
*/
|
||||
void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_ecjpake_self_test( int verbose );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ecjpake.h */
|
|
@ -346,6 +346,21 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
|
|||
*/
|
||||
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Compare two points
|
||||
*
|
||||
* \note This assumes the points are normalized. Otherwise,
|
||||
* they may compare as "not equal" even if they are.
|
||||
*
|
||||
* \param P First point to compare
|
||||
* \param Q Second point to compare
|
||||
*
|
||||
* \return 0 if the points are equal,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
|
||||
*/
|
||||
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q );
|
||||
|
||||
/**
|
||||
* \brief Import a non-zero point from two ASCII strings
|
||||
*
|
||||
|
@ -569,6 +584,29 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po
|
|||
*/
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
|
||||
|
||||
/**
|
||||
* \brief Generate a keypair with configurable base point
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param G Chosen base point
|
||||
* \param d Destination MPI (secret part)
|
||||
* \param Q Destination point (public part)
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
*
|
||||
* \note Uses bare components rather than an mbedtls_ecp_keypair structure
|
||||
* in order to ease use with other structures such as
|
||||
* mbedtls_ecdh_context of mbedtls_ecdsa_context.
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *G,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Generate a keypair
|
||||
*
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* \brief Entropy accumulator implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -134,6 +134,9 @@ typedef struct
|
|||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex; /*!< mutex */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
int initial_entropy_run;
|
||||
#endif
|
||||
}
|
||||
mbedtls_entropy_context;
|
||||
|
||||
|
@ -208,6 +211,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
|
|||
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
|
||||
const unsigned char *data, size_t len );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
/**
|
||||
* \brief Trigger an update of the seed file in NV by using the
|
||||
* current entropy pool.
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
|
@ -240,9 +255,29 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
|
|||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* This module self-test also calls the entropy self-test,
|
||||
* mbedtls_entropy_source_self_test();
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_entropy_self_test( int verbose );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* Verifies the integrity of the hardware entropy source
|
||||
* provided by the function 'mbedtls_hardware_poll()'.
|
||||
*
|
||||
* Note this is the only hardware entropy source that is known
|
||||
* at link time, and other entropy sources configured
|
||||
* dynamically at runtime by the function
|
||||
* mbedtls_entropy_add_source() will not be tested.
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
*/
|
||||
int mbedtls_entropy_source_self_test( int verbose );
|
||||
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* \brief Platform-specific and custom entropy polling functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -41,7 +41,17 @@ extern "C" {
|
|||
#define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */
|
||||
#define MBEDTLS_ENTROPY_MIN_HAVEGE 32 /**< Minimum for HAVEGE */
|
||||
#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */
|
||||
#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
|
||||
#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Entropy poll callback that provides 0 entropy.
|
||||
*/
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
int mbedtls_null_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
||||
/**
|
||||
|
@ -82,6 +92,16 @@ int mbedtls_hardware_poll( void *data,
|
|||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
/**
|
||||
* \brief Entropy poll callback for a non-volatile seed file
|
||||
*
|
||||
* \note This must accept NULL as its first argument.
|
||||
*/
|
||||
int mbedtls_nv_seed_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -79,7 +79,7 @@
|
|||
* ECP 4 8 (Started from top)
|
||||
* MD 5 4
|
||||
* CIPHER 6 6
|
||||
* SSL 6 16 (Started from top)
|
||||
* SSL 6 17 (Started from top)
|
||||
* SSL 7 31
|
||||
*
|
||||
* Module dependent error code (5 bits 0x.00.-0x.F8.)
|
||||
|
|
|
@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
* 16 bytes.
|
||||
*
|
||||
* \param ctx GCM context
|
||||
* \param tag buffer for holding the tag (may be NULL if tag_len is 0)
|
||||
* \param tag_len length of the tag to generate
|
||||
* \param tag buffer for holding the tag
|
||||
* \param tag_len length of the tag to generate (must be at least 4)
|
||||
*
|
||||
* \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
|
||||
*/
|
||||
|
|
|
@ -98,7 +98,7 @@ typedef struct
|
|||
|
||||
/**
|
||||
* \brief HMAC_DRBG context initialization
|
||||
* Makes the context ready for mbetls_hmac_drbg_seed(),
|
||||
* Makes the context ready for mbedtls_hmac_drbg_seed(),
|
||||
* mbedtls_hmac_drbg_seed_buf() or
|
||||
* mbedtls_hmac_drbg_free().
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_md.h
|
||||
* \file md.h
|
||||
*
|
||||
* \brief Generic message digest wrapper
|
||||
*
|
||||
|
@ -27,10 +27,6 @@
|
|||
|
||||
#include <stddef.h>
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||
|
@ -308,8 +304,8 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu
|
|||
/**
|
||||
* \brief Output HMAC.
|
||||
* Called after mbedtls_md_hmac_update().
|
||||
* Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(),
|
||||
* or mbedtls_md_free().
|
||||
* Usually followed by mbedtls_md_hmac_reset(),
|
||||
* mbedtls_md_hmac_starts(), or mbedtls_md_free().
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param output Generic HMAC checksum result
|
||||
|
@ -321,7 +317,8 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
|
|||
|
||||
/**
|
||||
* \brief Prepare to authenticate a new message with the same key.
|
||||
* Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update().
|
||||
* Called after mbedtls_md_hmac_finish() and before
|
||||
* mbedtls_md_hmac_update().
|
||||
*
|
||||
* \param ctx HMAC context to be reset
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_md2.h
|
||||
* \file md2.h
|
||||
*
|
||||
* \brief MD2 message digest algorithm (hash function)
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_md4.h
|
||||
* \file md4.h
|
||||
*
|
||||
* \brief MD4 message digest algorithm (hash function)
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_md5.h
|
||||
* \file md5.h
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
|
|
|
@ -98,8 +98,10 @@ void mbedtls_memory_buffer_alloc_status( void );
|
|||
/**
|
||||
* \brief Get the peak heap usage so far
|
||||
*
|
||||
* \param max_used Peak number of bytes reauested by the application
|
||||
* \param max_blocks Peak number of blocks reauested by the application
|
||||
* \param max_used Peak number of bytes in use or committed. This
|
||||
* includes bytes in allocated blocks too small to split
|
||||
* into smaller blocks but larger than the requested size.
|
||||
* \param max_blocks Peak number of blocks in use, including free and used
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
|
||||
|
||||
|
@ -111,8 +113,10 @@ void mbedtls_memory_buffer_alloc_max_reset( void );
|
|||
/**
|
||||
* \brief Get the current heap usage
|
||||
*
|
||||
* \param cur_used Number of bytes reauested by the application
|
||||
* \param cur_blocks Number of blocks reauested by the application
|
||||
* \param cur_used Current number of bytes in use or committed. This
|
||||
* includes bytes in allocated blocks too small to split
|
||||
* into smaller blocks but larger than the requested size.
|
||||
* \param cur_blocks Current number of blocks in use, including free and used
|
||||
*/
|
||||
void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
|
||||
#endif /* MBEDTLS_MEMORY_DEBUG */
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
/**
|
||||
* \file net.h
|
||||
*
|
||||
* \brief Network communication functions
|
||||
* \brief Deprecated header file that includes mbedtls/net_sockets.h
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -19,207 +19,13 @@
|
|||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*
|
||||
* \deprecated Superseded by mbedtls/net_sockets.h
|
||||
*/
|
||||
#ifndef MBEDTLS_NET_H
|
||||
#define MBEDTLS_NET_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */
|
||||
#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */
|
||||
#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */
|
||||
#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */
|
||||
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
|
||||
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
|
||||
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Wrapper type for sockets.
|
||||
*
|
||||
* Currently backed by just a file descriptor, but might be more in the future
|
||||
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
|
||||
* structures for hand-made UDP demultiplexing).
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int fd; /**< The underlying file descriptor */
|
||||
}
|
||||
mbedtls_net_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* Just makes the context ready to be used or freed safely.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
*/
|
||||
void mbedtls_net_init( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initiate a connection with host:port in the given protocol
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param host Host to connect to
|
||||
* \param port Port to connect to
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_UNKNOWN_HOST,
|
||||
* MBEDTLS_ERR_NET_CONNECT_FAILED
|
||||
*
|
||||
* \note Sets the socket in connected mode even with UDP.
|
||||
*/
|
||||
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Create a receiving socket on bind_ip:port in the chosen
|
||||
* protocol. If bind_ip == NULL, all interfaces are bound.
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param bind_ip IP to bind to, can be NULL
|
||||
* \param port Port number to use
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_BIND_FAILED,
|
||||
* MBEDTLS_ERR_NET_LISTEN_FAILED
|
||||
*
|
||||
* \note Regardless of the protocol, opens the sockets and binds it.
|
||||
* In addition, make the socket listening if protocol is TCP.
|
||||
*/
|
||||
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Accept a connection from a remote client
|
||||
*
|
||||
* \param bind_ctx Relevant socket
|
||||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
|
||||
* non-blocking and accept() would block.
|
||||
*/
|
||||
int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len );
|
||||
|
||||
/**
|
||||
* \brief Set the socket blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_block( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set the socket non-blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Portable usleep helper
|
||||
*
|
||||
* \param usec Amount of microseconds to sleep
|
||||
*
|
||||
* \note Real amount of time slept will not be less than
|
||||
* select()'s timeout granularity (typically, 10ms).
|
||||
*/
|
||||
void mbedtls_net_usleep( unsigned long usec );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
|
||||
*/
|
||||
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Write at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to read from
|
||||
* \param len The length of the buffer
|
||||
*
|
||||
* \return the number of bytes sent,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
|
||||
*/
|
||||
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters, blocking for at most
|
||||
* 'timeout' seconds. If no error occurs, the actual amount
|
||||
* read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
* \param timeout Maximum number of milliseconds to wait for data
|
||||
* 0 means no timeout (wait forever)
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
*
|
||||
* \note This function will block (until data becomes available or
|
||||
* timeout is reached) even if the socket is set to
|
||||
* non-blocking. Handling timeouts with non-blocking reads
|
||||
* requires a different strategy.
|
||||
*/
|
||||
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Gracefully shutdown the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to free
|
||||
*/
|
||||
void mbedtls_net_free( mbedtls_net_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* net.h */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
|
|
@ -0,0 +1,225 @@
|
|||
/**
|
||||
* \file net_sockets.h
|
||||
*
|
||||
* \brief Network communication functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_NET_SOCKETS_H
|
||||
#define MBEDTLS_NET_SOCKETS_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */
|
||||
#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */
|
||||
#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */
|
||||
#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */
|
||||
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */
|
||||
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
|
||||
#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Wrapper type for sockets.
|
||||
*
|
||||
* Currently backed by just a file descriptor, but might be more in the future
|
||||
* (eg two file descriptors for combined IPv4 + IPv6 support, or additional
|
||||
* structures for hand-made UDP demultiplexing).
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
int fd; /**< The underlying file descriptor */
|
||||
}
|
||||
mbedtls_net_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize a context
|
||||
* Just makes the context ready to be used or freed safely.
|
||||
*
|
||||
* \param ctx Context to initialize
|
||||
*/
|
||||
void mbedtls_net_init( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Initiate a connection with host:port in the given protocol
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param host Host to connect to
|
||||
* \param port Port to connect to
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_UNKNOWN_HOST,
|
||||
* MBEDTLS_ERR_NET_CONNECT_FAILED
|
||||
*
|
||||
* \note Sets the socket in connected mode even with UDP.
|
||||
*/
|
||||
int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Create a receiving socket on bind_ip:port in the chosen
|
||||
* protocol. If bind_ip == NULL, all interfaces are bound.
|
||||
*
|
||||
* \param ctx Socket to use
|
||||
* \param bind_ip IP to bind to, can be NULL
|
||||
* \param port Port number to use
|
||||
* \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
|
||||
*
|
||||
* \return 0 if successful, or one of:
|
||||
* MBEDTLS_ERR_NET_SOCKET_FAILED,
|
||||
* MBEDTLS_ERR_NET_BIND_FAILED,
|
||||
* MBEDTLS_ERR_NET_LISTEN_FAILED
|
||||
*
|
||||
* \note Regardless of the protocol, opens the sockets and binds it.
|
||||
* In addition, make the socket listening if protocol is TCP.
|
||||
*/
|
||||
int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
|
||||
|
||||
/**
|
||||
* \brief Accept a connection from a remote client
|
||||
*
|
||||
* \param bind_ctx Relevant socket
|
||||
* \param client_ctx Will contain the connected client socket
|
||||
* \param client_ip Will contain the client IP address
|
||||
* \param buf_size Size of the client_ip buffer
|
||||
* \param ip_len Will receive the size of the client IP written
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
|
||||
* non-blocking and accept() would block.
|
||||
*/
|
||||
int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
||||
mbedtls_net_context *client_ctx,
|
||||
void *client_ip, size_t buf_size, size_t *ip_len );
|
||||
|
||||
/**
|
||||
* \brief Set the socket blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_block( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Set the socket non-blocking
|
||||
*
|
||||
* \param ctx Socket to set
|
||||
*
|
||||
* \return 0 if successful, or a non-zero error code
|
||||
*/
|
||||
int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Portable usleep helper
|
||||
*
|
||||
* \param usec Amount of microseconds to sleep
|
||||
*
|
||||
* \note Real amount of time slept will not be less than
|
||||
* select()'s timeout granularity (typically, 10ms).
|
||||
*/
|
||||
void mbedtls_net_usleep( unsigned long usec );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
|
||||
*/
|
||||
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Write at most 'len' characters. If no error occurs,
|
||||
* the actual amount read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to read from
|
||||
* \param len The length of the buffer
|
||||
*
|
||||
* \return the number of bytes sent,
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
|
||||
*/
|
||||
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Read at most 'len' characters, blocking for at most
|
||||
* 'timeout' seconds. If no error occurs, the actual amount
|
||||
* read is returned.
|
||||
*
|
||||
* \param ctx Socket
|
||||
* \param buf The buffer to write to
|
||||
* \param len Maximum length of the buffer
|
||||
* \param timeout Maximum number of milliseconds to wait for data
|
||||
* 0 means no timeout (wait forever)
|
||||
*
|
||||
* \return the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
*
|
||||
* \note This function will block (until data becomes available or
|
||||
* timeout is reached) even if the socket is set to
|
||||
* non-blocking. Handling timeouts with non-blocking reads
|
||||
* requires a different strategy.
|
||||
*/
|
||||
int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Gracefully shutdown the connection and free associated data
|
||||
*
|
||||
* \param ctx The context to free
|
||||
*/
|
||||
void mbedtls_net_free( mbedtls_net_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* net_sockets.h */
|
|
@ -44,6 +44,11 @@
|
|||
#include "ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
|
||||
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
|
||||
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
|
||||
|
@ -59,7 +64,6 @@
|
|||
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
|
||||
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -317,7 +321,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
/**
|
||||
* \brief Make signature, including padding if relevant.
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
|
@ -346,7 +350,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||
/**
|
||||
* \brief Decrypt message (including padding if relevant).
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param ctx PK context to use - must hold a private key
|
||||
* \param input Input to decrypt
|
||||
* \param ilen Input size
|
||||
* \param output Decrypted output
|
||||
|
@ -492,11 +496,12 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
|
|||
* \brief Load and parse a public key
|
||||
*
|
||||
* \param ctx key to be initialized
|
||||
* \param path filename to read the private key from
|
||||
* \param path filename to read the public key from
|
||||
*
|
||||
* \note On entry, ctx must be empty, either freshly initialised
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
|
||||
* specific key type, check the result with mbedtls_pk_can_do().
|
||||
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
|
||||
* you need a specific key type, check the result with
|
||||
* mbedtls_pk_can_do().
|
||||
*
|
||||
* \note The key is also checked for correctness.
|
||||
*
|
||||
|
|
|
@ -37,7 +37,8 @@
|
|||
|
||||
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
@ -54,7 +55,7 @@ typedef struct {
|
|||
} mbedtls_pkcs11_context;
|
||||
|
||||
/**
|
||||
* Initialize a mbetls_pkcs11_context.
|
||||
* Initialize a mbedtls_pkcs11_context.
|
||||
* (Just making memory references valid.)
|
||||
*/
|
||||
void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* \brief mbed TLS Platform abstraction layer
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -29,6 +29,10 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -44,6 +48,7 @@ extern "C" {
|
|||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
|
||||
#if defined(_WIN32)
|
||||
#define MBEDTLS_PLATFORM_STD_SNPRINTF mbedtls_platform_win32_snprintf /**< Default snprintf to use */
|
||||
|
@ -64,14 +69,35 @@ extern "C" {
|
|||
#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default free to use */
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS /**< Default exit value to use */
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /**< Default exit value to use */
|
||||
#endif
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
|
||||
#endif
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
|
||||
#include MBEDTLS_PLATFORM_STD_MEM_HDR
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
||||
/*
|
||||
|
@ -207,6 +233,61 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
|
|||
#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
|
||||
/*
|
||||
* The default exit values
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
|
||||
#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
|
||||
#else
|
||||
#define MBEDTLS_EXIT_SUCCESS 0
|
||||
#endif
|
||||
#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
|
||||
#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
|
||||
#else
|
||||
#define MBEDTLS_EXIT_FAILURE 1
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The function pointers for reading from and writing a seed file to
|
||||
* Non-Volatile storage (NV) in a platform-independent way
|
||||
*
|
||||
* Only enabled when the NV seed entropy source is enabled
|
||||
*/
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Internal standard platform definitions */
|
||||
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
|
||||
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
|
||||
extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
|
||||
|
||||
/**
|
||||
* \brief Set your own seed file writing/reading functions
|
||||
*
|
||||
* \param nv_seed_read_func the seed reading function implementation
|
||||
* \param nv_seed_write_func the seed writing function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
|
||||
);
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
|
||||
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
|
||||
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
|
||||
#define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
|
||||
#else
|
||||
#define mbedtls_nv_seed_read mbedtls_platform_std_nv_seed_read
|
||||
#define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
|
||||
#endif
|
||||
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
/**
|
||||
* \file platform_time.h
|
||||
*
|
||||
* \brief mbed TLS Platform time abstraction
|
||||
*
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_TIME_H
|
||||
#define MBEDTLS_PLATFORM_TIME_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
/*
|
||||
* The time_t datatype
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
|
||||
typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
|
||||
#else
|
||||
/* For time_t */
|
||||
#include <time.h>
|
||||
typedef time_t mbedtls_time_t;
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
|
||||
|
||||
/*
|
||||
* The function pointers for time
|
||||
*/
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
|
||||
|
||||
/**
|
||||
* \brief Set your own time function pointer
|
||||
*
|
||||
* \param time_func the time function implementation
|
||||
*
|
||||
* \return 0
|
||||
*/
|
||||
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
|
||||
#else
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
|
||||
#define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
|
||||
#else
|
||||
#define mbedtls_time time
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* platform_time.h */
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_ripemd160.h
|
||||
* \file ripemd160.h
|
||||
*
|
||||
* \brief RIPE MD-160 message digest
|
||||
*
|
||||
|
|
|
@ -99,7 +99,7 @@ typedef struct
|
|||
mbedtls_mpi Vf; /*!< cached un-blinding value */
|
||||
|
||||
int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
|
||||
RSA_PKCS_v21 for OAEP/PSS */
|
||||
MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */
|
||||
int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
|
||||
specified in the mbedtls_md.h header file
|
||||
for the EME-OAEP and EMSA-PSS
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_sha1.h
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief SHA-1 cryptographic hash function
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_sha256.h
|
||||
* \file sha256.h
|
||||
*
|
||||
* \brief SHA-224 and SHA-256 cryptographic hash function
|
||||
*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_sha512.h
|
||||
* \file sha512.h
|
||||
*
|
||||
* \brief SHA-384 and SHA-512 cryptographic hash function
|
||||
*
|
||||
|
|
|
@ -52,27 +52,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include <time.h>
|
||||
#endif
|
||||
|
||||
/* For convenience below and in programs */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -126,6 +106,9 @@
|
|||
#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
|
||||
#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
|
||||
#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */
|
||||
#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */
|
||||
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
|
||||
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
|
@ -139,6 +122,8 @@
|
|||
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
|
||||
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
|
||||
|
||||
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
|
||||
|
||||
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
|
||||
* NONE must be zero so that memset()ing structure to zero works */
|
||||
#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
|
||||
|
@ -249,7 +234,7 @@
|
|||
* Signaling ciphersuite values (SCSV)
|
||||
*/
|
||||
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
|
||||
#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
|
||||
#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */
|
||||
|
||||
/*
|
||||
* Supported Signature and Hash algorithms (For TLS 1.2)
|
||||
|
@ -350,6 +335,8 @@
|
|||
|
||||
#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
|
||||
|
||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
|
||||
|
||||
#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
|
||||
|
||||
/*
|
||||
|
@ -388,6 +375,9 @@ union mbedtls_ssl_premaster_secret
|
|||
unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
|
||||
+ MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
|
||||
#endif
|
||||
};
|
||||
|
||||
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
|
||||
|
@ -423,6 +413,116 @@ typedef enum
|
|||
}
|
||||
mbedtls_ssl_states;
|
||||
|
||||
/**
|
||||
* \brief Callback type: send data on the network.
|
||||
*
|
||||
* \note That callback may be either blocking or non-blocking.
|
||||
*
|
||||
* \param ctx Context for the send callback (typically a file descriptor)
|
||||
* \param buf Buffer holding the data to send
|
||||
* \param len Length of the data to send
|
||||
*
|
||||
* \return The callback must return the number of bytes sent if any,
|
||||
* or a non-zero error code.
|
||||
* If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
|
||||
* must be returned when the operation would block.
|
||||
*
|
||||
* \note The callback is allowed to send fewer bytes than requested.
|
||||
* It must always return the number of bytes actually sent.
|
||||
*/
|
||||
typedef int mbedtls_ssl_send_t( void *ctx,
|
||||
const unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Callback type: receive data from the network.
|
||||
*
|
||||
* \note That callback may be either blocking or non-blocking.
|
||||
*
|
||||
* \param ctx Context for the receive callback (typically a file
|
||||
* descriptor)
|
||||
* \param buf Buffer to write the received data to
|
||||
* \param len Length of the receive buffer
|
||||
*
|
||||
* \return The callback must return the number of bytes received,
|
||||
* or a non-zero error code.
|
||||
* If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
|
||||
* must be returned when the operation would block.
|
||||
*
|
||||
* \note The callback may receive fewer bytes than the length of the
|
||||
* buffer. It must always return the number of bytes actually
|
||||
* received and written to the buffer.
|
||||
*/
|
||||
typedef int mbedtls_ssl_recv_t( void *ctx,
|
||||
unsigned char *buf,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Callback type: receive data from the network, with timeout
|
||||
*
|
||||
* \note That callback must block until data is received, or the
|
||||
* timeout delay expires, or the operation is interrupted by a
|
||||
* signal.
|
||||
*
|
||||
* \param ctx Context for the receive callback (typically a file descriptor)
|
||||
* \param buf Buffer to write the received data to
|
||||
* \param len Length of the receive buffer
|
||||
* \param timeout Maximum nomber of millisecondes to wait for data
|
||||
* 0 means no timeout (potentially waiting forever)
|
||||
*
|
||||
* \return The callback must return the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
*
|
||||
* \note The callback may receive fewer bytes than the length of the
|
||||
* buffer. It must always return the number of bytes actually
|
||||
* received and written to the buffer.
|
||||
*/
|
||||
typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
|
||||
unsigned char *buf,
|
||||
size_t len,
|
||||
uint32_t timeout );
|
||||
/**
|
||||
* \brief Callback type: set a pair of timers/delays to watch
|
||||
*
|
||||
* \param ctx Context pointer
|
||||
* \param int_ms Intermediate delay in milliseconds
|
||||
* \param fin_ms Final delay in milliseconds
|
||||
* 0 cancels the current timer.
|
||||
*
|
||||
* \note This callback must at least store the necessary information
|
||||
* for the associated \c mbedtls_ssl_get_timer_t callback to
|
||||
* return correct information.
|
||||
*
|
||||
* \note If using a event-driven style of programming, an event must
|
||||
* be generated when the final delay is passed. The event must
|
||||
* cause a call to \c mbedtls_ssl_handshake() with the proper
|
||||
* SSL context to be scheduled. Care must be taken to ensure
|
||||
* that at most one such call happens at a time.
|
||||
*
|
||||
* \note Only one timer at a time must be running. Calling this
|
||||
* function while a timer is running must cancel it. Cancelled
|
||||
* timers must not generate any event.
|
||||
*/
|
||||
typedef void mbedtls_ssl_set_timer_t( void * ctx,
|
||||
uint32_t int_ms,
|
||||
uint32_t fin_ms );
|
||||
|
||||
/**
|
||||
* \brief Callback type: get status of timers/delays
|
||||
*
|
||||
* \param ctx Context pointer
|
||||
*
|
||||
* \return This callback must return:
|
||||
* -1 if cancelled (fin_ms == 0),
|
||||
* 0 if none of the delays have passed,
|
||||
* 1 if only the intermediate delay has passed,
|
||||
* 2 if the final delay has passed.
|
||||
*/
|
||||
typedef int mbedtls_ssl_get_timer_t( void * ctx );
|
||||
|
||||
|
||||
/* Defined below */
|
||||
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
|
||||
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
|
||||
|
@ -444,7 +544,7 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
|||
struct mbedtls_ssl_session
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t start; /*!< starting time */
|
||||
mbedtls_time_t start; /*!< starting time */
|
||||
#endif
|
||||
int ciphersuite; /*!< chosen ciphersuite */
|
||||
int compression; /*!< chosen compression */
|
||||
|
@ -540,6 +640,13 @@ struct mbedtls_ssl_config
|
|||
void *p_ticket; /*!< context for the ticket callbacks */
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
/** Callback to export key block and master secret */
|
||||
int (*f_export_keys)( void *, const unsigned char *,
|
||||
const unsigned char *, size_t, size_t, size_t );
|
||||
void *p_export_keys; /*!< context for key export callback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
|
||||
|
@ -547,7 +654,7 @@ struct mbedtls_ssl_config
|
|||
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
const int *sig_hashes; /*!< allowed signature hashes */
|
||||
#endif
|
||||
|
||||
|
@ -667,12 +774,11 @@ struct mbedtls_ssl_context
|
|||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Callbacks
|
||||
*/
|
||||
int (*f_send)(void *, const unsigned char *, size_t);
|
||||
int (*f_recv)(void *, unsigned char *, size_t);
|
||||
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
|
||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
||||
/*!< Callback for network receive with timeout */
|
||||
|
||||
void *p_bio; /*!< context for I/O operations */
|
||||
|
||||
/*
|
||||
|
@ -698,8 +804,9 @@ struct mbedtls_ssl_context
|
|||
* Timers
|
||||
*/
|
||||
void *p_timer; /*!< context for the timer callbacks */
|
||||
void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */
|
||||
int (*f_get_timer)(void *); /*!< get timer callback */
|
||||
|
||||
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
|
||||
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
|
||||
|
||||
/*
|
||||
* Record layer (incoming data)
|
||||
|
@ -840,7 +947,7 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
|
|||
|
||||
/**
|
||||
* \brief Initialize an SSL context
|
||||
* Just makes the context ready for mbetls_ssl_setup() or
|
||||
* Just makes the context ready for mbedtls_ssl_setup() or
|
||||
* mbedtls_ssl_free()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
|
@ -853,7 +960,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
|
|||
* \note No copy of the configuration context is made, it can be
|
||||
* shared by many mbedtls_ssl_context structures.
|
||||
*
|
||||
* \warning Modifying the conf structure after is has been used in this
|
||||
* \warning Modifying the conf structure after it has been used in this
|
||||
* function is unsupported!
|
||||
*
|
||||
* \param ssl SSL context
|
||||
|
@ -871,7 +978,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
|||
* pointers and data.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
|
||||
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
|
||||
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
|
||||
* MBEDTLS_ERR_SSL_COMPRESSION_FAILED
|
||||
*/
|
||||
|
@ -919,6 +1026,7 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
|
|||
*
|
||||
* MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
|
||||
* handshake is aborted if verification failed.
|
||||
* (default on client)
|
||||
*
|
||||
* \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
|
||||
* With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
|
||||
|
@ -983,8 +1091,6 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
|
|||
* \param f_send write callback
|
||||
* \param f_recv read callback
|
||||
* \param f_recv_timeout blocking read callback with timeout.
|
||||
* The last argument is the timeout in milliseconds,
|
||||
* 0 means no timeout (block forever until a message comes)
|
||||
*
|
||||
* \note One of f_recv or f_recv_timeout can be NULL, in which case
|
||||
* the other is used. If both are non-NULL, f_recv_timeout is
|
||||
|
@ -996,12 +1102,21 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
|
|||
*
|
||||
* \note For DTLS, you need to provide either a non-NULL
|
||||
* f_recv_timeout callback, or a f_recv that doesn't block.
|
||||
*
|
||||
* \note See the documentations of \c mbedtls_ssl_sent_t,
|
||||
* \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
|
||||
* the conventions those callbacks must follow.
|
||||
*
|
||||
* \note On some platforms, net_sockets.c provides
|
||||
* \c mbedtls_net_send(), \c mbedtls_net_recv() and
|
||||
* \c mbedtls_net_recv_timeout() that are suitable to be used
|
||||
* here.
|
||||
*/
|
||||
void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||
void *p_bio,
|
||||
int (*f_send)(void *, const unsigned char *, size_t),
|
||||
int (*f_recv)(void *, unsigned char *, size_t),
|
||||
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
|
||||
void *p_bio,
|
||||
mbedtls_ssl_send_t *f_send,
|
||||
mbedtls_ssl_recv_t *f_recv,
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout );
|
||||
|
||||
/**
|
||||
* \brief Set the timeout period for mbedtls_ssl_read()
|
||||
|
@ -1022,37 +1137,42 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
|||
void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
|
||||
|
||||
/**
|
||||
* \brief Set the timer callbacks
|
||||
* (Mandatory for DTLS.)
|
||||
* \brief Set the timer callbacks (Mandatory for DTLS.)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param p_timer parameter (context) shared by timer callback
|
||||
* \param p_timer parameter (context) shared by timer callbacks
|
||||
* \param f_set_timer set timer callback
|
||||
* Accepts an intermediate and a final delay in milliseconcs
|
||||
* If the final delay is 0, cancels the running timer.
|
||||
* \param f_get_timer get timer callback. Must return:
|
||||
* -1 if cancelled
|
||||
* 0 if none of the delays is expired
|
||||
* 1 if the intermediate delay only is expired
|
||||
* 2 if the final delay is expired
|
||||
*
|
||||
* \note See the documentation of \c mbedtls_ssl_set_timer_t and
|
||||
* \c mbedtls_ssl_get_timer_t for the conventions this pair of
|
||||
* callbacks must fallow.
|
||||
*
|
||||
* \note On some platforms, timing.c provides
|
||||
* \c mbedtls_timing_set_delay() and
|
||||
* \c mbedtls_timing_get_delay() that are suitable for using
|
||||
* here, except if using an event-driven style.
|
||||
*
|
||||
* \note See also the "DTLS tutorial" article in our knowledge base.
|
||||
* https://tls.mbed.org/kb/how-to/dtls-tutorial
|
||||
*/
|
||||
void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
|
||||
void *p_timer,
|
||||
void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
|
||||
int (*f_get_timer)(void *) );
|
||||
mbedtls_ssl_set_timer_t *f_set_timer,
|
||||
mbedtls_ssl_get_timer_t *f_get_timer );
|
||||
|
||||
/**
|
||||
* \brief Callback type: generate and write session ticket
|
||||
*
|
||||
* \note This describes what a callback implementation should do.
|
||||
* This callback should generate and encrypted and
|
||||
* This callback should generate an encrypted and
|
||||
* authenticated ticket for the session and write it to the
|
||||
* output buffer. Here, ticket means the opaque ticket part
|
||||
* of the NewSessionTicket structure of RFC 5077.
|
||||
*
|
||||
* \param p_ticket Context for the callback
|
||||
* \param session SSL session to bo written in the ticket
|
||||
* \param start Start of the outpur buffer
|
||||
* \param session SSL session to be written in the ticket
|
||||
* \param start Start of the output buffer
|
||||
* \param end End of the output buffer
|
||||
* \param tlen On exit, holds the length written
|
||||
* \param lifetime On exit, holds the lifetime of the ticket in seconds
|
||||
|
@ -1067,6 +1187,35 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
|
|||
size_t *tlen,
|
||||
uint32_t *lifetime );
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
/**
|
||||
* \brief Callback type: Export key block and master secret
|
||||
*
|
||||
* \note This is required for certain uses of TLS, e.g. EAP-TLS
|
||||
* (RFC 5216) and Thread. The key pointers are ephemeral and
|
||||
* therefore must not be stored. The master secret and keys
|
||||
* should not be used directly except as an input to a key
|
||||
* derivation function.
|
||||
*
|
||||
* \param p_expkey Context for the callback
|
||||
* \param ms Pointer to master secret (fixed length: 48 bytes)
|
||||
* \param kb Pointer to key block, see RFC 5246 section 6.3
|
||||
* (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
|
||||
* \param maclen MAC length
|
||||
* \param keylen Key length
|
||||
* \param ivlen IV length
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* a specific MBEDTLS_ERR_XXX code.
|
||||
*/
|
||||
typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen );
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
/**
|
||||
* \brief Callback type: parse and load session ticket
|
||||
*
|
||||
|
@ -1116,6 +1265,22 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
|||
void *p_ticket );
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
/**
|
||||
* \brief Configure key export callback.
|
||||
* (Default: none.)
|
||||
*
|
||||
* \note See \c mbedtls_ssl_export_keys_t.
|
||||
*
|
||||
* \param conf SSL configuration context
|
||||
* \param f_export_keys Callback for exporting keys
|
||||
* \param p_export_keys Context for the callback
|
||||
*/
|
||||
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_export_keys_t *f_export_keys,
|
||||
void *p_export_keys );
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
/**
|
||||
* \brief Callback type: generate a cookie
|
||||
*
|
||||
|
@ -1258,7 +1423,7 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
/**
|
||||
* \brief Set retransmit timeout values for the DTLS handshale.
|
||||
* \brief Set retransmit timeout values for the DTLS handshake.
|
||||
* (DTLS only, no effect on TLS.)
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
|
@ -1269,9 +1434,24 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
|
|||
*
|
||||
* \note Default values are from RFC 6347 section 4.2.4.1.
|
||||
*
|
||||
* \note Higher values for initial timeout may increase average
|
||||
* handshake latency. Lower values may increase the risk of
|
||||
* network congestion by causing more retransmissions.
|
||||
* \note The 'min' value should typically be slightly above the
|
||||
* expected round-trip time to your peer, plus whatever time
|
||||
* it takes for the peer to process the message. For example,
|
||||
* if your RTT is about 600ms and you peer needs up to 1s to
|
||||
* do the cryptographic operations in the handshake, then you
|
||||
* should set 'min' slightly above 1600. Lower values of 'min'
|
||||
* might cause spurious resends which waste network resources,
|
||||
* while larger value of 'min' will increase overall latency
|
||||
* on unreliable network links.
|
||||
*
|
||||
* \note The more unreliable your network connection is, the larger
|
||||
* your max / min ratio needs to be in order to achieve
|
||||
* reliable handshakes.
|
||||
*
|
||||
* \note Messages are retransmitted up to log2(ceil(max/min)) times.
|
||||
* For example, if min = 1s and max = 5s, the retransmit plan
|
||||
* goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
|
||||
* resend ... 5s -> give up and return a timeout error.
|
||||
*/
|
||||
void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
@ -1341,7 +1521,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
|||
/**
|
||||
* \brief Set the list of allowed ciphersuites and the preference
|
||||
* order. First in the list has the highest preference.
|
||||
* (Overrides all version specific lists)
|
||||
* (Overrides all version-specific lists)
|
||||
*
|
||||
* The ciphersuites array is not copied, and must remain
|
||||
* valid for the lifetime of the ssl_config.
|
||||
|
@ -1383,6 +1563,10 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
|||
/**
|
||||
* \brief Set the X.509 security profile used for verification
|
||||
*
|
||||
* \note The restrictions are enforced for all certificates in the
|
||||
* chain. However, signatures in the handshake are not covered
|
||||
* by this setting but by \b mbedtls_ssl_conf_sig_hashes().
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param profile Profile to use
|
||||
*/
|
||||
|
@ -1415,7 +1599,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
|
|||
* adequate, preference is given to the one set by the first
|
||||
* call to this function, then second, etc.
|
||||
*
|
||||
* \note On client, only the first call has any effect.
|
||||
* \note On client, only the first call has any effect. That is,
|
||||
* only one client certificate can be provisioned. The
|
||||
* server's preferences in its CertficateRequest message will
|
||||
* be ignored and our only cert will be sent regardless of
|
||||
* whether it matches those preferences - the server can then
|
||||
* decide what it wants to do with it.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param own_cert own public certificate chain
|
||||
|
@ -1435,6 +1624,12 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
|
|||
* \note This is mainly useful for clients. Servers will usually
|
||||
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
|
||||
*
|
||||
* \note Currently clients can only register one pre-shared key.
|
||||
* In other words, the servers' identity hint is ignored.
|
||||
* Support for setting multiple PSKs on clients and selecting
|
||||
* one based on the identity hint is not a planned feature but
|
||||
* feedback is welcomed.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param psk pointer to the pre-shared key
|
||||
* \param psk_len pre-shared key length
|
||||
|
@ -1544,16 +1739,14 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
* On client: this affects the list of curves offered for any
|
||||
* use. The server can override our preference order.
|
||||
*
|
||||
* Both sides: limits the set of curves used by peer to the
|
||||
* listed curves for any use ECDHE and the end-entity
|
||||
* certificate.
|
||||
* Both sides: limits the set of curves accepted for use in
|
||||
* ECDHE and in the peer's end-entity certificate.
|
||||
*
|
||||
* \note This has no influence on which curve are allowed inside the
|
||||
* \note This has no influence on which curves are allowed inside the
|
||||
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
|
||||
* for that. For example, if the peer's certificate chain is
|
||||
* EE -> CA_int -> CA_root, then the allowed curves for EE are
|
||||
* controlled by \c mbedtls_ssl_conf_curves() but for CA_int
|
||||
* and CA_root it's \c mbedtls_ssl_conf_cert_profile().
|
||||
* for that. For the end-entity certificate however, the key
|
||||
* will be accepted only if it is allowed both by this list
|
||||
* and by the cert profile.
|
||||
*
|
||||
* \note This list should be ordered by decreasing preference
|
||||
* (preferred curve first).
|
||||
|
@ -1566,10 +1759,10 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
|||
const mbedtls_ecp_group_id *curves );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
/**
|
||||
* \brief Set the allowed hashes for signatures during the handshake.
|
||||
* (Default: all available hashes.)
|
||||
* (Default: all available hashes except MD5.)
|
||||
*
|
||||
* \note This only affects which hashes are offered and can be used
|
||||
* for signatures during the handshake. Hashes for message
|
||||
|
@ -1587,14 +1780,15 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
|||
*/
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Set hostname for ServerName TLS extension
|
||||
* \brief Set the hostname to check against the received server
|
||||
* certificate. It sets the ServerName TLS extension too,
|
||||
* if the extension is enabled.
|
||||
* (client-side only)
|
||||
*
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param hostname the server hostname
|
||||
*
|
||||
|
@ -1677,13 +1871,39 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
|
|||
void *p_sni );
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/**
|
||||
* \brief Set the EC J-PAKE password for current handshake.
|
||||
*
|
||||
* \note An internal copy is made, and destroyed as soon as the
|
||||
* handshake is completed, or when the SSL context is reset or
|
||||
* freed.
|
||||
*
|
||||
* \note The SSL context needs to be already set up. The right place
|
||||
* to call this function is between \c mbedtls_ssl_setup() or
|
||||
* \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param pw EC J-PAKE password (pre-shared secret)
|
||||
* \param pw_len length of pw in bytes
|
||||
*
|
||||
* \return 0 on success, or a negative error code.
|
||||
*/
|
||||
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *pw,
|
||||
size_t pw_len );
|
||||
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
/**
|
||||
* \brief Set the supported Application Layer Protocols.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param protos NULL-terminated list of supported protocols,
|
||||
* in decreasing preference order.
|
||||
* \param protos Pointer to a NULL-terminated list of supported protocols,
|
||||
* in decreasing preference order. The pointer to the list is
|
||||
* recorded by the library for later reference as required, so
|
||||
* the lifetime of the table must be atleast as long as the
|
||||
* lifetime of the SSL configuration structure.
|
||||
*
|
||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||
*/
|
||||
|
@ -1797,11 +2017,13 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems
|
|||
* \brief Disable or enable support for RC4
|
||||
* (Default: MBEDTLS_SSL_ARC4_DISABLED)
|
||||
*
|
||||
* \warning Use of RC4 in (D)TLS has been prohibited by RFC ????
|
||||
* for security reasons. Use at your own risks.
|
||||
* \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
|
||||
* for security reasons. Use at your own risk.
|
||||
*
|
||||
* \note This function will likely be removed in future versions as
|
||||
* RC4 will then be disabled by default at compile time.
|
||||
* \note This function is deprecated and will likely be removed in
|
||||
* a future version of the library.
|
||||
* RC4 is disabled by default at compile time and needs to be
|
||||
* actively enabled for use with legacy systems.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
|
||||
|
@ -1877,7 +2099,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
|
|||
*
|
||||
* \warning It is recommended to always disable renegotation unless you
|
||||
* know you need it and you know what you're doing. In the
|
||||
* past, there has been several issues associated with
|
||||
* past, there have been several issues associated with
|
||||
* renegotiation or a poor understanding of its properties.
|
||||
*
|
||||
* \note Server-side, enabling renegotiation also makes the server
|
||||
|
@ -2103,7 +2325,8 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session
|
|||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it.
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note If DTLS is in use, then you may choose to handle
|
||||
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
|
||||
|
@ -2116,8 +2339,14 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
|
|||
* \brief Perform a single step of the SSL handshake
|
||||
*
|
||||
* \note The state of the context (ssl->state) will be at
|
||||
* the following state after execution of this function.
|
||||
* Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
||||
* the next state after execution of this function. Do not
|
||||
* call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
|
@ -2132,11 +2361,19 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
|
|||
* \brief Initiate an SSL renegotiation on the running connection.
|
||||
* Client: perform the renegotiation right now.
|
||||
* Server: request renegotiation, which will be performed
|
||||
* during the next call to mbedtls_ssl_read() if honored by client.
|
||||
* during the next call to mbedtls_ssl_read() if honored by
|
||||
* client.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return 0 if successful, or any mbedtls_ssl_handshake() return value.
|
||||
* \return 0 if successful, or any mbedtls_ssl_handshake() return
|
||||
* value.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
@ -2154,6 +2391,13 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
|
|||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
|
||||
* another negative error code.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
|
||||
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
|
||||
* (which can only happen server-side), it means that a client
|
||||
* is initiating a new connection using the same source port.
|
||||
|
@ -2187,6 +2431,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
|
||||
* or another negative error code.
|
||||
*
|
||||
* \note If this function returns something other than a positive
|
||||
* value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*
|
||||
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
|
||||
* it must be called later with the *same* arguments,
|
||||
* until it returns a positive value.
|
||||
|
@ -2210,6 +2460,12 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
|||
* \param message The alert message (SSL_ALERT_MSG_*)
|
||||
*
|
||||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||
unsigned char level,
|
||||
|
@ -2218,6 +2474,14 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
|||
* \brief Notify the peer that the connection is being closed
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return 0 if successful, or a specific SSL error code.
|
||||
*
|
||||
* \note If this function returns something other than 0 or
|
||||
* MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
|
||||
* becomes unusable, and you should either free it or call
|
||||
* \c mbedtls_ssl_session_reset() on it before re-using it for
|
||||
* a new connection; the current connection must be closed.
|
||||
*/
|
||||
int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
|
|||
struct mbedtls_ssl_cache_entry
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t timestamp; /*!< entry timestamp */
|
||||
mbedtls_time_t timestamp; /*!< entry timestamp */
|
||||
#endif
|
||||
mbedtls_ssl_session session; /*!< entry session */
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
@ -121,7 +121,7 @@ void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeou
|
|||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
/**
|
||||
* \brief Set the cache timeout
|
||||
* \brief Set the maximum number of cache entries
|
||||
* (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
|
||||
*
|
||||
* \param cache SSL cache context
|
||||
|
|
|
@ -229,8 +229,10 @@ extern "C" {
|
|||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
|
||||
|
||||
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED below.
|
||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_KEY_EXCHANGE_NONE = 0,
|
||||
|
@ -244,19 +246,35 @@ typedef enum {
|
|||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE,
|
||||
} mbedtls_key_exchange_type_t;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
/* Key exchanges using a certificate */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using a PSK */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using a ECDHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#endif
|
||||
|
||||
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
|
||||
|
||||
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||
|
|
|
@ -41,7 +41,12 @@
|
|||
#include "sha512.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#include "ecjpake.h"
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
@ -146,6 +151,7 @@
|
|||
* of state of the renegotiation flag, so no indicator is required)
|
||||
*/
|
||||
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -160,7 +166,6 @@ struct mbedtls_ssl_handshake_params
|
|||
* Handshake specific crypto variables
|
||||
*/
|
||||
int sig_alg; /*!< Hash algorithm for signature */
|
||||
int cert_type; /*!< Requested cert type */
|
||||
int verify_sig_alg; /*!< Signature algorithm for verify */
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
||||
|
@ -168,7 +173,15 @@ struct mbedtls_ssl_handshake_params
|
|||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
|
||||
size_t ecjpake_cache_len; /*!< Length of cached data */
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
@ -342,6 +355,11 @@ int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
|
|||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
|
||||
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
|
||||
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
|
||||
|
||||
|
@ -371,12 +389,13 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
|
|||
|
||||
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
|
||||
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
||||
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_md_type_t md );
|
||||
#endif
|
||||
|
|
|
@ -81,6 +81,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
|
|||
void mbedtls_threading_free_alt( void );
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/*
|
||||
* The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
|
||||
*
|
||||
|
@ -96,6 +97,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
|
|||
*/
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
|
||||
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -92,7 +92,7 @@ void mbedtls_set_alarm( int seconds );
|
|||
* (See \c mbedtls_timing_get_delay().)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbetls_timing_delay_context struct.
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
* \param int_ms First (intermediate) delay in milliseconds.
|
||||
* \param fin_ms Second (final) delay in milliseconds.
|
||||
* Pass 0 to cancel the current delay.
|
||||
|
@ -104,7 +104,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
|
|||
* (Memory helper: number of delays passed.)
|
||||
*
|
||||
* \param data Pointer to timing data
|
||||
* Must point to a valid \c mbetls_timing_delay_context struct.
|
||||
* Must point to a valid \c mbedtls_timing_delay_context struct.
|
||||
*
|
||||
* \return -1 if cancelled (fin_ms = 0)
|
||||
* 0 if none of the delays are passed,
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 1
|
||||
#define MBEDTLS_VERSION_MINOR 4
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
|
||||
/**
|
||||
|
@ -46,9 +46,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02010100
|
||||
#define MBEDTLS_VERSION_STRING "2.1.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.1.1"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02040100
|
||||
#define MBEDTLS_VERSION_STRING "2.4.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.1"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_x509_crl.h
|
||||
* \file x509_crl.h
|
||||
*
|
||||
* \brief X.509 certificate revocation list parsing
|
||||
*
|
||||
|
@ -100,6 +100,7 @@ mbedtls_x509_crl;
|
|||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the CRL data in DER format
|
||||
* \param buflen size of the buffer
|
||||
* (including the terminating null byte for PEM data)
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_x509_crt.h
|
||||
* \file x509_crt.h
|
||||
*
|
||||
* \brief X.509 certificate parsing and writing
|
||||
*
|
||||
|
@ -120,6 +120,10 @@ mbedtls_x509_crt_profile;
|
|||
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
|
||||
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
|
||||
|
||||
#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
|
||||
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Container for writing a certificate (CRT)
|
||||
*/
|
||||
|
@ -271,9 +275,14 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
|||
* \note Same as \c mbedtls_x509_crt_verify_with_profile() with the
|
||||
* default security profile.
|
||||
*
|
||||
* \param crt a certificate to be verified
|
||||
* \param trust_ca the trusted CA chain
|
||||
* \param ca_crl the CRL chain for trusted CA's
|
||||
* \note It is your responsibility to provide up-to-date CRLs for
|
||||
* all trusted CAs. If no CRL is provided for the CA that was
|
||||
* used to sign the certificate, CRL verification is skipped
|
||||
* silently, that is *without* setting any flag.
|
||||
*
|
||||
* \param crt a certificate (chain) to be verified
|
||||
* \param trust_ca the list of trusted CAs
|
||||
* \param ca_crl the list of CRLs for trusted CAs (see note above)
|
||||
* \param cn expected Common Name (can be set to
|
||||
* NULL if the CN must not be verified)
|
||||
* \param flags result of the verification
|
||||
|
@ -301,12 +310,12 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
|||
* security profile.
|
||||
*
|
||||
* \note The restrictions on keys (RSA minimum size, allowed curves
|
||||
* for ECDSA) only applys to (intermediate) CAs, not to the
|
||||
* end-entity certificate.
|
||||
* for ECDSA) apply to all certificates: trusted root,
|
||||
* intermediate CAs if any, and end entity certificate.
|
||||
*
|
||||
* \param crt a certificate to be verified
|
||||
* \param trust_ca the trusted CA chain
|
||||
* \param ca_crl the CRL chain for trusted CA's
|
||||
* \param crt a certificate (chain) to be verified
|
||||
* \param trust_ca the list of trusted CAs
|
||||
* \param ca_crl the list of CRLs for trusted CAs
|
||||
* \param profile security profile for verification
|
||||
* \param cn expected Common Name (can be set to
|
||||
* NULL if the CN must not be verified)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* \file mbedtls_x509_csr.h
|
||||
* \file x509_csr.h
|
||||
*
|
||||
* \brief X.509 certificate signing request parsing and writing
|
||||
*
|
||||
|
@ -83,6 +83,8 @@ mbedtls_x509write_csr;
|
|||
/**
|
||||
* \brief Load a Certificate Signing Request (CSR) in DER format
|
||||
*
|
||||
* \note CSR attributes (if any) are currently silently ignored.
|
||||
*
|
||||
* \param csr CSR context to fill
|
||||
* \param buf buffer holding the CRL data
|
||||
* \param buflen size of the buffer
|
||||
|
@ -95,6 +97,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
|||
/**
|
||||
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
|
||||
*
|
||||
* \note See notes for \c mbedtls_x509_csr_parse_der()
|
||||
*
|
||||
* \param csr CSR context to fill
|
||||
* \param buf buffer holding the CRL data
|
||||
* \param buflen size of the buffer
|
||||
|
@ -108,6 +112,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
|
|||
/**
|
||||
* \brief Load a Certificate Signing Request (CSR)
|
||||
*
|
||||
* \note See notes for \c mbedtls_x509_csr_parse()
|
||||
*
|
||||
* \param csr CSR context to fill
|
||||
* \param path filename to read the CSR from
|
||||
*
|
||||
|
@ -276,7 +282,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
|||
*
|
||||
* \note f_rng may be NULL if RSA is used for signature and the
|
||||
* signature is made offline (otherwise f_rng is desirable
|
||||
* for couermeasures against timing attacks).
|
||||
* for countermeasures against timing attacks).
|
||||
* ECDSA signatures always require a non-NULL f_rng.
|
||||
*/
|
||||
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
|
||||
|
|
|
@ -15,11 +15,13 @@ set(src_crypto
|
|||
ccm.c
|
||||
cipher.c
|
||||
cipher_wrap.c
|
||||
cmac.c
|
||||
ctr_drbg.c
|
||||
des.c
|
||||
dhm.c
|
||||
ecdh.c
|
||||
ecdsa.c
|
||||
ecjpake.c
|
||||
ecp.c
|
||||
ecp_curves.c
|
||||
entropy.c
|
||||
|
@ -70,7 +72,7 @@ set(src_x509
|
|||
|
||||
set(src_tls
|
||||
debug.c
|
||||
net.c
|
||||
net_sockets.c
|
||||
ssl_cache.c
|
||||
ssl_ciphersuites.c
|
||||
ssl_cli.c
|
||||
|
@ -130,20 +132,28 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
add_library(${mbedtls_static_target} STATIC ${src_tls})
|
||||
set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
|
||||
target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
|
||||
|
||||
install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target}
|
||||
DESTINATION ${LIB_INSTALL_DIR}
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
endif(USE_STATIC_MBEDTLS_LIBRARY)
|
||||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.1 SOVERSION 0)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.1 SOVERSION 0)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.1.1 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.4.1 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.1.1 SOVERSION 10)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.4.1 SOVERSION 10)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
DESTINATION ${LIB_INSTALL_DIR}
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
endif(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
|
||||
#add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls)
|
||||
|
|
|
@ -48,8 +48,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \
|
|||
asn1parse.o asn1write.o base64.o \
|
||||
bignum.o blowfish.o camellia.o \
|
||||
ccm.o cipher.o cipher_wrap.o \
|
||||
ctr_drbg.o des.o dhm.o \
|
||||
ecdh.o ecdsa.o ecp.o \
|
||||
cmac.o ctr_drbg.o des.o \
|
||||
dhm.o ecdh.o ecdsa.o \
|
||||
ecjpake.o ecp.o \
|
||||
ecp_curves.o entropy.o entropy_poll.o \
|
||||
error.o gcm.o havege.o \
|
||||
hmac_drbg.o md.o md2.o \
|
||||
|
@ -67,9 +68,10 @@ OBJS_X509= certs.o pkcs11.o x509.o \
|
|||
x509_create.o x509_crl.o x509_crt.o \
|
||||
x509_csr.o x509write_crt.o x509write_csr.o
|
||||
|
||||
OBJS_TLS= debug.o net.o ssl_cache.o \
|
||||
ssl_ciphersuites.o ssl_cli.o \
|
||||
ssl_cookie.o ssl_srv.o ssl_ticket.o \
|
||||
OBJS_TLS= debug.o net_sockets.o \
|
||||
ssl_cache.o ssl_ciphersuites.o \
|
||||
ssl_cli.o ssl_cookie.o \
|
||||
ssl_srv.o ssl_ticket.o \
|
||||
ssl_tls.o
|
||||
|
||||
.SILENT:
|
||||
|
@ -89,9 +91,9 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
|
|||
# tls
|
||||
libmbedtls.a: $(OBJS_TLS)
|
||||
echo " AR $@"
|
||||
$(AR) rc $@ $(OBJS_TLS)
|
||||
$(AR) -rc $@ $(OBJS_TLS)
|
||||
echo " RL $@"
|
||||
$(AR) s $@
|
||||
$(AR) -s $@
|
||||
|
||||
libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
|
||||
echo " LD $@"
|
||||
|
@ -112,9 +114,9 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
|
|||
# x509
|
||||
libmbedx509.a: $(OBJS_X509)
|
||||
echo " AR $@"
|
||||
$(AR) rc $@ $(OBJS_X509)
|
||||
$(AR) -rc $@ $(OBJS_X509)
|
||||
echo " RL $@"
|
||||
$(AR) s $@
|
||||
$(AR) -s $@
|
||||
|
||||
libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
|
||||
echo " LD $@"
|
||||
|
@ -135,9 +137,9 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
|
|||
# crypto
|
||||
libmbedcrypto.a: $(OBJS_CRYPTO)
|
||||
echo " AR $@"
|
||||
$(AR) rc $@ $(OBJS_CRYPTO)
|
||||
$(AR) -rc $@ $(OBJS_CRYPTO)
|
||||
echo " RL $@"
|
||||
$(AR) s $@
|
||||
$(AR) -s $@
|
||||
|
||||
libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
|
||||
echo " LD $@"
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1222,7 +1222,9 @@ int mbedtls_aes_self_test( int verbose )
|
|||
int ret = 0, i, j, u, v;
|
||||
unsigned char key[32];
|
||||
unsigned char buf[64];
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
unsigned char iv[16];
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
unsigned char prv[16];
|
||||
#endif
|
||||
|
|
|
@ -100,7 +100,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
asm( "movdqu (%3), %%xmm0 \n\t" // load input
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key 0
|
||||
"pxor %%xmm1, %%xmm0 \n\t" // round 0
|
||||
"addq $16, %1 \n\t" // point to next round key
|
||||
"add $16, %1 \n\t" // point to next round key
|
||||
"subl $1, %0 \n\t" // normal rounds = nr - 1
|
||||
"test %2, %2 \n\t" // mode?
|
||||
"jz 2f \n\t" // 0 = decrypt
|
||||
|
@ -108,7 +108,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
"1: \n\t" // encryption loop
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
AESENC xmm1_xmm0 "\n\t" // do round
|
||||
"addq $16, %1 \n\t" // point to next round key
|
||||
"add $16, %1 \n\t" // point to next round key
|
||||
"subl $1, %0 \n\t" // loop
|
||||
"jnz 1b \n\t"
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
|
@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
|
|||
"2: \n\t" // decryption loop
|
||||
"movdqu (%1), %%xmm1 \n\t"
|
||||
AESDEC xmm1_xmm0 "\n\t" // do round
|
||||
"addq $16, %1 \n\t"
|
||||
"add $16, %1 \n\t"
|
||||
"subl $1, %0 \n\t"
|
||||
"jnz 2b \n\t"
|
||||
"movdqu (%1), %%xmm1 \n\t" // load round key
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p,
|
|||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
|
||||
if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
|
||||
*val = 0;
|
||||
|
@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
|
|||
/* Allocate and assign next pointer */
|
||||
if( *p < end )
|
||||
{
|
||||
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
|
||||
cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
|
||||
sizeof( mbedtls_asn1_sequence ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||
|
|
|
@ -60,16 +60,43 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
|
|||
return( 2 );
|
||||
}
|
||||
|
||||
if( *p - start < 3 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
if( len <= 0xFFFF )
|
||||
{
|
||||
if( *p - start < 3 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
// We assume we never have lengths larger than 65535 bytes
|
||||
//
|
||||
*--(*p) = len % 256;
|
||||
*--(*p) = ( len / 256 ) % 256;
|
||||
*--(*p) = 0x82;
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = 0x82;
|
||||
return( 3 );
|
||||
}
|
||||
|
||||
return( 3 );
|
||||
if( len <= 0xFFFFFF )
|
||||
{
|
||||
if( *p - start < 4 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = 0x83;
|
||||
return( 4 );
|
||||
}
|
||||
|
||||
if( len <= 0xFFFFFFFF )
|
||||
{
|
||||
if( *p - start < 5 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = ( len ) & 0xFF;
|
||||
*--(*p) = ( len >> 8 ) & 0xFF;
|
||||
*--(*p) = ( len >> 16 ) & 0xFF;
|
||||
*--(*p) = ( len >> 24 ) & 0xFF;
|
||||
*--(*p) = 0x84;
|
||||
return( 5 );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
|
||||
|
@ -87,7 +114,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
|
|||
{
|
||||
size_t len = 0;
|
||||
|
||||
if( *p - start < (int) size )
|
||||
if( *p < start || (size_t)( *p - start ) < size )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size;
|
||||
|
@ -107,7 +134,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt
|
|||
//
|
||||
len = mbedtls_mpi_size( X );
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
(*p) -= len;
|
||||
|
@ -191,7 +218,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
|
|||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = (boolean) ? 1 : 0;
|
||||
*--(*p) = (boolean) ? 255 : 0;
|
||||
len++;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
|
@ -270,7 +297,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
|||
|
||||
// Calculate byte length
|
||||
//
|
||||
if( *p - start < (int) size + 1 )
|
||||
if( *p < start || (size_t)( *p - start ) < size + 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size + 1;
|
||||
|
@ -312,7 +339,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data
|
|||
{
|
||||
// Add new entry if not present yet based on OID
|
||||
//
|
||||
if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL )
|
||||
cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
|
||||
sizeof(mbedtls_asn1_named_data) );
|
||||
if( cur == NULL )
|
||||
return( NULL );
|
||||
|
||||
cur->oid.len = oid_len;
|
||||
|
@ -339,19 +368,18 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data
|
|||
}
|
||||
else if( cur->val.len < val_len )
|
||||
{
|
||||
// Enlarge existing value buffer if needed
|
||||
//
|
||||
mbedtls_free( cur->val.p );
|
||||
cur->val.p = NULL;
|
||||
|
||||
cur->val.len = val_len;
|
||||
cur->val.p = mbedtls_calloc( 1, val_len );
|
||||
if( cur->val.p == NULL )
|
||||
{
|
||||
mbedtls_free( cur->oid.p );
|
||||
mbedtls_free( cur );
|
||||
/*
|
||||
* Enlarge existing value buffer if needed
|
||||
* Preserve old data until the allocation succeeded, to leave list in
|
||||
* a consistent state in case allocation fails.
|
||||
*/
|
||||
void *p = mbedtls_calloc( 1, val_len );
|
||||
if( p == NULL )
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
mbedtls_free( cur->val.p );
|
||||
cur->val.p = p;
|
||||
cur->val.len = val_len;
|
||||
}
|
||||
|
||||
if( val != NULL )
|
||||
|
|
|
@ -69,6 +69,8 @@ static const unsigned char base64_dec_map[128] =
|
|||
49, 50, 51, 127, 127, 127, 127, 127
|
||||
};
|
||||
|
||||
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
|
||||
|
||||
/*
|
||||
* Encode a buffer into base64 format
|
||||
*/
|
||||
|
@ -85,16 +87,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
n = ( slen << 3 ) / 6;
|
||||
n = slen / 3 + ( slen % 3 != 0 );
|
||||
|
||||
switch( ( slen << 3 ) - ( n * 6 ) )
|
||||
if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
|
||||
{
|
||||
case 2: n += 3; break;
|
||||
case 4: n += 2; break;
|
||||
default: break;
|
||||
*olen = BASE64_SIZE_T_MAX;
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
if( dlen < n + 1 )
|
||||
n *= 4;
|
||||
|
||||
if( ( dlen < n + 1 ) || ( NULL == dst ) )
|
||||
{
|
||||
*olen = n + 1;
|
||||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
|
@ -184,7 +187,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||
}
|
||||
|
||||
if( n == 0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
n = ( ( n * 6 ) + 7 ) >> 3;
|
||||
n -= j;
|
||||
|
|
|
@ -18,12 +18,21 @@
|
|||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
/*
|
||||
* This MPI implementation is based on:
|
||||
* The following sources were referenced in the design of this Multi-precision
|
||||
* Integer library:
|
||||
*
|
||||
* [1] Handbook of Applied Cryptography - 1997
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
*
|
||||
* [2] Multi-Precision Math
|
||||
* Tom St Denis
|
||||
* https://github.com/libtom/libtommath/blob/develop/tommath.pdf
|
||||
*
|
||||
* [3] GNU Multi-Precision Arithmetic Library
|
||||
* https://gmplib.org/manual/index.html
|
||||
*
|
||||
* http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
|
||||
* http://www.stillhq.com/extracted/gnupg-api/mbedtls_mpi/
|
||||
* http://math.libtomcrypt.com/files/tommath.pdf
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
|
@ -50,19 +59,22 @@
|
|||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
|
||||
volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
|
||||
#define biL (ciL << 3) /* bits in limb */
|
||||
#define biH (ciL << 2) /* half limb size */
|
||||
|
||||
#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
|
||||
|
||||
/*
|
||||
* Convert between bits/chars and number of limbs
|
||||
* Divide first in order to avoid potential overflows
|
||||
*/
|
||||
#define BITS_TO_LIMBS(i) (((i) + biL - 1) / biL)
|
||||
#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
|
||||
#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
|
||||
#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
|
||||
|
||||
/*
|
||||
* Initialize one MPI
|
||||
|
@ -87,7 +99,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X )
|
|||
|
||||
if( X->p != NULL )
|
||||
{
|
||||
mbedtls_zeroize( X->p, X->n * ciL );
|
||||
mbedtls_mpi_zeroize( X->p, X->n );
|
||||
mbedtls_free( X->p );
|
||||
}
|
||||
|
||||
|
@ -108,13 +120,13 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
|
|||
|
||||
if( X->n < nblimbs )
|
||||
{
|
||||
if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
||||
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
if( X->p != NULL )
|
||||
{
|
||||
memcpy( p, X->p, X->n * ciL );
|
||||
mbedtls_zeroize( X->p, X->n * ciL );
|
||||
mbedtls_mpi_zeroize( X->p, X->n );
|
||||
mbedtls_free( X->p );
|
||||
}
|
||||
|
||||
|
@ -146,13 +158,13 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
|||
if( i < nblimbs )
|
||||
i = nblimbs;
|
||||
|
||||
if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
|
||||
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
if( X->p != NULL )
|
||||
{
|
||||
memcpy( p, X->p, i * ciL );
|
||||
mbedtls_zeroize( X->p, X->n * ciL );
|
||||
mbedtls_mpi_zeroize( X->p, X->n );
|
||||
mbedtls_free( X->p );
|
||||
}
|
||||
|
||||
|
@ -344,6 +356,24 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Count leading zero bits in a given integer
|
||||
*/
|
||||
static size_t mbedtls_clz( const mbedtls_mpi_uint x )
|
||||
{
|
||||
size_t j;
|
||||
mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
|
||||
|
||||
for( j = 0; j < biL; j++ )
|
||||
{
|
||||
if( x & mask ) break;
|
||||
|
||||
mask >>= 1;
|
||||
}
|
||||
|
||||
return j;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the number of bits
|
||||
*/
|
||||
|
@ -358,9 +388,7 @@ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
|
|||
if( X->p[i] != 0 )
|
||||
break;
|
||||
|
||||
for( j = biL; j > 0; j-- )
|
||||
if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 )
|
||||
break;
|
||||
j = biL - mbedtls_clz( X->p[i] );
|
||||
|
||||
return( ( i * biL ) + j );
|
||||
}
|
||||
|
@ -409,6 +437,9 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
|
|||
|
||||
if( radix == 16 )
|
||||
{
|
||||
if( slen > MPI_SIZE_T_MAX >> 2 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
n = BITS_TO_LIMBS( slen << 2 );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
|
||||
|
@ -852,7 +883,7 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
{
|
||||
int ret;
|
||||
size_t i, j;
|
||||
mbedtls_mpi_uint *o, *p, c;
|
||||
mbedtls_mpi_uint *o, *p, c, tmp;
|
||||
|
||||
if( X == B )
|
||||
{
|
||||
|
@ -875,10 +906,14 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
|
||||
o = B->p; p = X->p; c = 0;
|
||||
|
||||
/*
|
||||
* tmp is used because it might happen that p == o
|
||||
*/
|
||||
for( i = 0; i < j; i++, o++, p++ )
|
||||
{
|
||||
tmp= *o;
|
||||
*p += c; c = ( *p < c );
|
||||
*p += *o; c += ( *p < *o );
|
||||
*p += tmp; c += ( *p < tmp );
|
||||
}
|
||||
|
||||
while( c != 0 )
|
||||
|
@ -1180,6 +1215,102 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
|
|||
return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
|
||||
* mbedtls_mpi_uint divisor, d
|
||||
*/
|
||||
static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
|
||||
mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_UDBL)
|
||||
mbedtls_t_udbl dividend, quotient;
|
||||
#else
|
||||
const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
|
||||
const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
|
||||
mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
|
||||
mbedtls_mpi_uint u0_msw, u0_lsw;
|
||||
size_t s;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check for overflow
|
||||
*/
|
||||
if( 0 == d || u1 >= d )
|
||||
{
|
||||
if (r != NULL) *r = ~0;
|
||||
|
||||
return ( ~0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_HAVE_UDBL)
|
||||
dividend = (mbedtls_t_udbl) u1 << biL;
|
||||
dividend |= (mbedtls_t_udbl) u0;
|
||||
quotient = dividend / d;
|
||||
if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
|
||||
quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
|
||||
|
||||
if( r != NULL )
|
||||
*r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
|
||||
|
||||
return (mbedtls_mpi_uint) quotient;
|
||||
#else
|
||||
|
||||
/*
|
||||
* Algorithm D, Section 4.3.1 - The Art of Computer Programming
|
||||
* Vol. 2 - Seminumerical Algorithms, Knuth
|
||||
*/
|
||||
|
||||
/*
|
||||
* Normalize the divisor, d, and dividend, u0, u1
|
||||
*/
|
||||
s = mbedtls_clz( d );
|
||||
d = d << s;
|
||||
|
||||
u1 = u1 << s;
|
||||
u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
|
||||
u0 = u0 << s;
|
||||
|
||||
d1 = d >> biH;
|
||||
d0 = d & uint_halfword_mask;
|
||||
|
||||
u0_msw = u0 >> biH;
|
||||
u0_lsw = u0 & uint_halfword_mask;
|
||||
|
||||
/*
|
||||
* Find the first quotient and remainder
|
||||
*/
|
||||
q1 = u1 / d1;
|
||||
r0 = u1 - d1 * q1;
|
||||
|
||||
while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
|
||||
{
|
||||
q1 -= 1;
|
||||
r0 += d1;
|
||||
|
||||
if ( r0 >= radix ) break;
|
||||
}
|
||||
|
||||
rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
|
||||
q0 = rAX / d1;
|
||||
r0 = rAX - q0 * d1;
|
||||
|
||||
while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
|
||||
{
|
||||
q0 -= 1;
|
||||
r0 += d1;
|
||||
|
||||
if ( r0 >= radix ) break;
|
||||
}
|
||||
|
||||
if (r != NULL)
|
||||
*r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
|
||||
|
||||
quotient = q1 * radix + q0;
|
||||
|
||||
return quotient;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
|
||||
*/
|
||||
|
@ -1237,57 +1368,8 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, c
|
|||
Z.p[i - t - 1] = ~0;
|
||||
else
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_UDBL)
|
||||
mbedtls_t_udbl r;
|
||||
|
||||
r = (mbedtls_t_udbl) X.p[i] << biL;
|
||||
r |= (mbedtls_t_udbl) X.p[i - 1];
|
||||
r /= Y.p[t];
|
||||
if( r > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
|
||||
r = ( (mbedtls_t_udbl) 1 << biL ) - 1;
|
||||
|
||||
Z.p[i - t - 1] = (mbedtls_mpi_uint) r;
|
||||
#else
|
||||
/*
|
||||
* __udiv_qrnnd_c, from gmp/longlong.h
|
||||
*/
|
||||
mbedtls_mpi_uint q0, q1, r0, r1;
|
||||
mbedtls_mpi_uint d0, d1, d, m;
|
||||
|
||||
d = Y.p[t];
|
||||
d0 = ( d << biH ) >> biH;
|
||||
d1 = ( d >> biH );
|
||||
|
||||
q1 = X.p[i] / d1;
|
||||
r1 = X.p[i] - d1 * q1;
|
||||
r1 <<= biH;
|
||||
r1 |= ( X.p[i - 1] >> biH );
|
||||
|
||||
m = q1 * d0;
|
||||
if( r1 < m )
|
||||
{
|
||||
q1--, r1 += d;
|
||||
while( r1 >= d && r1 < m )
|
||||
q1--, r1 += d;
|
||||
}
|
||||
r1 -= m;
|
||||
|
||||
q0 = r1 / d1;
|
||||
r0 = r1 - d1 * q0;
|
||||
r0 <<= biH;
|
||||
r0 |= ( X.p[i - 1] << biH ) >> biH;
|
||||
|
||||
m = q0 * d0;
|
||||
if( r0 < m )
|
||||
{
|
||||
q0--, r0 += d;
|
||||
while( r0 >= d && r0 < m )
|
||||
q0--, r0 += d;
|
||||
}
|
||||
r0 -= m;
|
||||
|
||||
Z.p[i - t - 1] = ( q1 << biH ) | q0;
|
||||
#endif /* MBEDTLS_HAVE_UDBL && !64-bit Apple with Clang 5.0 */
|
||||
Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
|
||||
Y.p[t], NULL);
|
||||
}
|
||||
|
||||
Z.p[i - t - 1]++;
|
||||
|
@ -1460,12 +1542,15 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
|
|||
/*
|
||||
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
|
||||
*/
|
||||
static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
|
||||
static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
|
||||
const mbedtls_mpi *T )
|
||||
{
|
||||
size_t i, n, m;
|
||||
mbedtls_mpi_uint u0, u1, *d;
|
||||
|
||||
if( T->n < N->n + 1 || T->p == NULL )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
memset( T->p, 0, T->n * ciL );
|
||||
|
||||
d = T->p;
|
||||
|
@ -1493,12 +1578,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi
|
|||
else
|
||||
/* prevent timing attacks */
|
||||
mpi_sub_hlp( n, A->p, T->p );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Montgomery reduction: A = A * R^-1 mod N
|
||||
*/
|
||||
static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
|
||||
static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
|
||||
{
|
||||
mbedtls_mpi_uint z = 1;
|
||||
mbedtls_mpi U;
|
||||
|
@ -1506,7 +1593,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint
|
|||
U.n = U.s = (int) z;
|
||||
U.p = &z;
|
||||
|
||||
mpi_montmul( A, &U, N, mm, T );
|
||||
return( mpi_montmul( A, &U, N, mm, T ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1583,13 +1670,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
else
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
|
||||
|
||||
mpi_montmul( &W[1], &RR, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
|
||||
|
||||
/*
|
||||
* X = R^2 * R^-1 mod N = R mod N
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
|
||||
mpi_montred( X, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
|
||||
|
||||
if( wsize > 1 )
|
||||
{
|
||||
|
@ -1602,7 +1689,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
|
||||
|
||||
for( i = 0; i < wsize - 1; i++ )
|
||||
mpi_montmul( &W[j], &W[j], N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
|
||||
|
||||
/*
|
||||
* W[i] = W[i - 1] * W[1]
|
||||
|
@ -1612,7 +1699,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
|
||||
|
||||
mpi_montmul( &W[i], &W[1], N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1649,7 +1736,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
/*
|
||||
* out of window, square X
|
||||
*/
|
||||
mpi_montmul( X, X, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -1667,12 +1754,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
* X = X^wsize R^-1 mod N
|
||||
*/
|
||||
for( i = 0; i < wsize; i++ )
|
||||
mpi_montmul( X, X, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
|
||||
|
||||
/*
|
||||
* X = X * W[wbits] R^-1 mod N
|
||||
*/
|
||||
mpi_montmul( X, &W[wbits], N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
|
||||
|
||||
state--;
|
||||
nbits = 0;
|
||||
|
@ -1685,18 +1772,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
*/
|
||||
for( i = 0; i < nbits; i++ )
|
||||
{
|
||||
mpi_montmul( X, X, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
|
||||
|
||||
wbits <<= 1;
|
||||
|
||||
if( ( wbits & ( one << wsize ) ) != 0 )
|
||||
mpi_montmul( X, &W[1], N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* X = A^E * R * R^-1 mod N = A^E mod N
|
||||
*/
|
||||
mpi_montred( X, N, mm, &T );
|
||||
MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
|
||||
|
||||
if( neg )
|
||||
{
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -963,38 +963,38 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
|
||||
( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
|
||||
|
||||
memcpy( src, camellia_test_cbc_iv, 16 );
|
||||
memcpy( dst, camellia_test_cbc_iv, 16 );
|
||||
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
|
||||
|
||||
if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
|
||||
mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
} else {
|
||||
mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
}
|
||||
|
||||
for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
|
||||
memcpy( src, camellia_test_cbc_iv, 16 );
|
||||
memcpy( dst, camellia_test_cbc_iv, 16 );
|
||||
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
|
||||
|
||||
if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
|
||||
memcpy( iv , src, 16 );
|
||||
memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
|
||||
memcpy( dst, camellia_test_cbc_plain[i], 16 );
|
||||
} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
|
||||
memcpy( iv , dst, 16 );
|
||||
memcpy( src, camellia_test_cbc_plain[i], 16 );
|
||||
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
|
||||
mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
|
||||
} else {
|
||||
mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
|
||||
}
|
||||
|
||||
mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
|
||||
for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
|
||||
|
||||
if( memcmp( buf, dst, 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
|
||||
memcpy( iv , src, 16 );
|
||||
memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
|
||||
memcpy( dst, camellia_test_cbc_plain[i], 16 );
|
||||
} else { /* MBEDTLS_CAMELLIA_ENCRYPT */
|
||||
memcpy( iv , dst, 16 );
|
||||
memcpy( src, camellia_test_cbc_plain[i], 16 );
|
||||
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
|
||||
}
|
||||
|
||||
return( 1 );
|
||||
mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
|
||||
|
||||
if( memcmp( buf, dst, 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
|
|
@ -51,7 +51,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
|
|
|
@ -45,13 +45,24 @@
|
|||
#include "mbedtls/ccm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
#include "mbedtls/cmac.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#define MBEDTLS_CIPHER_MODE_STREAM
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
static int supported_init = 0;
|
||||
|
@ -127,6 +138,14 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( ctx->cmac_ctx )
|
||||
{
|
||||
mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
|
||||
mbedtls_free( ctx->cmac_ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ctx->cipher_ctx )
|
||||
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
|
||||
|
||||
|
@ -252,6 +271,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
size_t ilen, unsigned char *output, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
size_t block_size = 0;
|
||||
|
||||
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
|
||||
{
|
||||
|
@ -259,10 +279,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
}
|
||||
|
||||
*olen = 0;
|
||||
block_size = mbedtls_cipher_get_block_size( ctx );
|
||||
|
||||
if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
|
||||
{
|
||||
if( ilen != mbedtls_cipher_get_block_size( ctx ) )
|
||||
if( ilen != block_size )
|
||||
return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
|
||||
|
||||
*olen = ilen;
|
||||
|
@ -285,8 +306,13 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
}
|
||||
#endif
|
||||
|
||||
if ( 0 == block_size )
|
||||
{
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
}
|
||||
|
||||
if( input == output &&
|
||||
( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
|
||||
( ctx->unprocessed_len != 0 || ilen % block_size ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
@ -300,9 +326,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
* If there is not enough data for a full block, cache it.
|
||||
*/
|
||||
if( ( ctx->operation == MBEDTLS_DECRYPT &&
|
||||
ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) ||
|
||||
ilen + ctx->unprocessed_len <= block_size ) ||
|
||||
( ctx->operation == MBEDTLS_ENCRYPT &&
|
||||
ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) )
|
||||
ilen + ctx->unprocessed_len < block_size ) )
|
||||
{
|
||||
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
||||
ilen );
|
||||
|
@ -314,22 +340,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
/*
|
||||
* Process cached data first
|
||||
*/
|
||||
if( ctx->unprocessed_len != 0 )
|
||||
if( 0 != ctx->unprocessed_len )
|
||||
{
|
||||
copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len;
|
||||
copy_len = block_size - ctx->unprocessed_len;
|
||||
|
||||
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
|
||||
copy_len );
|
||||
|
||||
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
|
||||
ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
|
||||
ctx->operation, block_size, ctx->iv,
|
||||
ctx->unprocessed_data, output ) ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
*olen += mbedtls_cipher_get_block_size( ctx );
|
||||
output += mbedtls_cipher_get_block_size( ctx );
|
||||
*olen += block_size;
|
||||
output += block_size;
|
||||
ctx->unprocessed_len = 0;
|
||||
|
||||
input += copy_len;
|
||||
|
@ -341,9 +367,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
*/
|
||||
if( 0 != ilen )
|
||||
{
|
||||
copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
|
||||
if( 0 == block_size )
|
||||
{
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
}
|
||||
|
||||
copy_len = ilen % block_size;
|
||||
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
|
||||
copy_len = mbedtls_cipher_get_block_size( ctx );
|
||||
copy_len = block_size;
|
||||
|
||||
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
|
||||
copy_len );
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -67,8 +67,8 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
|
|||
}
|
||||
|
||||
/*
|
||||
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
|
||||
* tests to succeed (which require known length fixed entropy)
|
||||
* Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
|
||||
* NIST tests to succeed (which require known length fixed entropy)
|
||||
*/
|
||||
int mbedtls_ctr_drbg_seed_entropy_len(
|
||||
mbedtls_ctr_drbg_context *ctx,
|
||||
|
|
|
@ -27,22 +27,24 @@
|
|||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_time_t time_t
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#include "mbedtls/debug.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
@ -84,7 +86,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||
char str[DEBUG_BUF_SIZE];
|
||||
int ret;
|
||||
|
||||
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||
if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold )
|
||||
return;
|
||||
|
||||
va_start( argp, format );
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -19,9 +19,12 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* Reference:
|
||||
* The following sources were referenced in the design of this implementation
|
||||
* of the Diffie-Hellman-Merkle algorithm:
|
||||
*
|
||||
* [1] Handbook of Applied Cryptography - 1997, Chapter 12
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
*
|
||||
* http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -62,7 +62,8 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
@ -402,6 +403,22 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
|
|||
return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare two points lazyly
|
||||
*/
|
||||
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q )
|
||||
{
|
||||
if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
|
||||
mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
|
||||
mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
* Import a non-zero point from ASCII strings
|
||||
*/
|
||||
|
@ -1666,8 +1683,39 @@ cleanup:
|
|||
}
|
||||
#endif /* ECP_SHORTWEIERSTRASS */
|
||||
|
||||
/*
|
||||
* R = m * P with shortcuts for m == 1 and m == -1
|
||||
* NOT constant-time - ONLY for short Weierstrass!
|
||||
*/
|
||||
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m,
|
||||
const mbedtls_ecp_point *P )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
|
||||
}
|
||||
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
|
||||
if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
|
||||
}
|
||||
|
||||
cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Linear combination
|
||||
* NOT constant-time
|
||||
*/
|
||||
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
|
@ -1681,8 +1729,9 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||
|
||||
mbedtls_ecp_point_init( &mP );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &mP, m, P, NULL, NULL ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, n, Q, NULL, NULL ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
|
||||
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
|
||||
|
||||
|
@ -1761,9 +1810,11 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *
|
|||
}
|
||||
|
||||
/*
|
||||
* Generate a keypair
|
||||
* Generate a keypair with configurable base point
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *G,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
|
@ -1776,7 +1827,9 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
/* [M225] page 5 */
|
||||
size_t b;
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
do {
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
} while( mbedtls_mpi_bitlen( d ) == 0);
|
||||
|
||||
/* Make sure the most significant bit is nbits */
|
||||
b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
|
||||
|
@ -1835,7 +1888,18 @@ cleanup:
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
|
||||
return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate key pair, wrapper for conventional base point
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
|
||||
mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -31,7 +31,8 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Entropy accumulator implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -27,6 +27,12 @@
|
|||
|
||||
#if defined(MBEDTLS_ENTROPY_C)
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
|
||||
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
|
||||
#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
|
||||
#endif
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
|
||||
|
@ -36,6 +42,10 @@
|
|||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#include "mbedtls/platform.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
|
@ -73,6 +83,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
|||
mbedtls_havege_init( &ctx->havege_data );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
|
||||
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
|
||||
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
||||
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
|
||||
|
@ -94,6 +109,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
|||
MBEDTLS_ENTROPY_MIN_HARDWARE,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
|
||||
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||
#endif
|
||||
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
|
||||
}
|
||||
|
||||
|
@ -272,6 +292,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
/* Update the NV entropy seed before generating any entropy for outside
|
||||
* use.
|
||||
*/
|
||||
if( ctx->initial_entropy_run == 0 )
|
||||
{
|
||||
ctx->initial_entropy_run = 1;
|
||||
if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -346,6 +378,27 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
|
||||
|
||||
/* Read new seed and write it to NV */
|
||||
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
|
||||
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
|
||||
/* Manually update the remaining stream with a separator value to diverge */
|
||||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
||||
{
|
||||
|
@ -403,6 +456,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
|
|||
#endif /* MBEDTLS_FS_IO */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
/*
|
||||
* Dummy source function
|
||||
*/
|
||||
|
@ -416,6 +470,105 @@ static int entropy_dummy_source( void *data, unsigned char *output,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
|
||||
static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t entropy_len = 0;
|
||||
size_t olen = 0;
|
||||
size_t attempts = buf_len;
|
||||
|
||||
while( attempts > 0 && entropy_len < buf_len )
|
||||
{
|
||||
if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len,
|
||||
buf_len - entropy_len, &olen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
entropy_len += olen;
|
||||
attempts--;
|
||||
}
|
||||
|
||||
if( entropy_len < buf_len )
|
||||
{
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
||||
static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf,
|
||||
size_t buf_len )
|
||||
{
|
||||
unsigned char set= 0xFF;
|
||||
unsigned char unset = 0x00;
|
||||
size_t i;
|
||||
|
||||
for( i = 0; i < buf_len; i++ )
|
||||
{
|
||||
set &= buf[i];
|
||||
unset |= buf[i];
|
||||
}
|
||||
|
||||
return( set == 0xFF || unset == 0x00 );
|
||||
}
|
||||
|
||||
/*
|
||||
* A test to ensure hat the entropy sources are functioning correctly
|
||||
* and there is no obvious failure. The test performs the following checks:
|
||||
* - The entropy source is not providing only 0s (all bits unset) or 1s (all
|
||||
* bits set).
|
||||
* - The entropy source is not providing values in a pattern. Because the
|
||||
* hardware could be providing data in an arbitrary length, this check polls
|
||||
* the hardware entropy source twice and compares the result to ensure they
|
||||
* are not equal.
|
||||
* - The error code returned by the entropy source is not an error.
|
||||
*/
|
||||
int mbedtls_entropy_source_self_test( int verbose )
|
||||
{
|
||||
int ret = 0;
|
||||
unsigned char buf0[2 * sizeof( unsigned long long int )];
|
||||
unsigned char buf1[2 * sizeof( unsigned long long int )];
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " ENTROPY_BIAS test: " );
|
||||
|
||||
memset( buf0, 0x00, sizeof( buf0 ) );
|
||||
memset( buf1, 0x00, sizeof( buf1 ) );
|
||||
|
||||
if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Make sure that the returned values are not all 0 or 1 */
|
||||
if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
|
||||
goto cleanup;
|
||||
if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Make sure that the entropy source is not returning values in a
|
||||
* pattern */
|
||||
ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0;
|
||||
|
||||
cleanup:
|
||||
if( verbose != 0 )
|
||||
{
|
||||
if( ret != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
else
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
mbedtls_printf( "\n" );
|
||||
}
|
||||
|
||||
return( ret != 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
|
||||
/*
|
||||
* The actual entropy quality is hard to test, but we can at least
|
||||
|
@ -424,15 +577,18 @@ static int entropy_dummy_source( void *data, unsigned char *output,
|
|||
*/
|
||||
int mbedtls_entropy_self_test( int verbose )
|
||||
{
|
||||
int ret = 0;
|
||||
int ret = 1;
|
||||
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
mbedtls_entropy_context ctx;
|
||||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
|
||||
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
|
||||
size_t i, j;
|
||||
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( " ENTROPY test: " );
|
||||
|
||||
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
mbedtls_entropy_init( &ctx );
|
||||
|
||||
/* First do a gather to make sure we have default sources */
|
||||
|
@ -473,8 +629,14 @@ int mbedtls_entropy_self_test( int verbose )
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
|
||||
goto cleanup;
|
||||
#endif
|
||||
|
||||
cleanup:
|
||||
mbedtls_entropy_free( &ctx );
|
||||
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
|
||||
|
||||
if( verbose != 0 )
|
||||
{
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Platform-specific and custom entropy polling functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -37,8 +37,17 @@
|
|||
#if defined(MBEDTLS_HAVEGE_C)
|
||||
#include "mbedtls/havege.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#include "mbedtls/platform.h"
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
|
||||
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
|
||||
#if !defined(_WIN32_WINNT)
|
||||
|
@ -61,7 +70,10 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len
|
|||
}
|
||||
|
||||
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
|
||||
{
|
||||
CryptReleaseContext( provider, 0 );
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
}
|
||||
|
||||
CryptReleaseContext( provider, 0 );
|
||||
*olen = len;
|
||||
|
@ -179,6 +191,23 @@ int mbedtls_platform_entropy_poll( void *data,
|
|||
#endif /* _WIN32 && !EFIX64 && !EFI32 */
|
||||
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
|
||||
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
int mbedtls_null_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
((void) data);
|
||||
((void) output);
|
||||
*olen = 0;
|
||||
|
||||
if( len < sizeof(unsigned char) )
|
||||
return( 0 );
|
||||
|
||||
*olen = sizeof(unsigned char);
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
int mbedtls_hardclock_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
|
@ -213,4 +242,27 @@ int mbedtls_havege_poll( void *data,
|
|||
}
|
||||
#endif /* MBEDTLS_HAVEGE_C */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
int mbedtls_nv_seed_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
|
||||
((void) data);
|
||||
|
||||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||
|
||||
if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
|
||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
if( len < use_len )
|
||||
use_len = len;
|
||||
|
||||
memcpy( output, buf, use_len );
|
||||
*olen = use_len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#endif /* MBEDTLS_ENTROPY_C */
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_time_t time_t
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
|
@ -101,7 +102,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_NET_C)
|
||||
#include "mbedtls/net.h"
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_OID_C)
|
||||
|
@ -182,6 +183,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
|
||||
mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" );
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
|
@ -430,6 +433,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "SSL - The operation timed out" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - The client initiated a reconnect from the same port" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Record header looks valid but is not expected" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_NON_FATAL) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
|
|
|
@ -362,7 +362,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
|
||||
* Also check for possible overflow */
|
||||
if( ctx->len + length < ctx->len ||
|
||||
(uint64_t) ctx->len + length > 0x03FFFFE0ull )
|
||||
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
|
||||
{
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
}
|
||||
|
@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||
if( tag_len > 16 || tag_len < 4 )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
|
||||
if( tag_len != 0 )
|
||||
memcpy( tag, ctx->base_ectr, tag_len );
|
||||
memcpy( tag, ctx->base_ectr, tag_len );
|
||||
|
||||
if( orig_len || orig_add_len )
|
||||
{
|
||||
|
|
|
@ -174,6 +174,8 @@ static void havege_fill( mbedtls_havege_state *hs )
|
|||
PTX = U1 = 0;
|
||||
PTY = U2 = 0;
|
||||
|
||||
(void)PTX;
|
||||
|
||||
memset( RES, 0, sizeof( RES ) );
|
||||
|
||||
while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
|
||||
|
|
|
@ -417,6 +417,12 @@ static void buffer_alloc_free( void *ptr )
|
|||
heap.total_used -= hdr->size;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BACKTRACE)
|
||||
free( hdr->trace );
|
||||
hdr->trace = NULL;
|
||||
hdr->trace_count = 0;
|
||||
#endif
|
||||
|
||||
// Regroup with block before
|
||||
//
|
||||
if( hdr->prev != NULL && hdr->prev->alloc == 0 )
|
||||
|
@ -432,9 +438,6 @@ static void buffer_alloc_free( void *ptr )
|
|||
if( hdr->next != NULL )
|
||||
hdr->next->prev = hdr;
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BACKTRACE)
|
||||
free( old->trace );
|
||||
#endif
|
||||
memset( old, 0, sizeof(memory_header) );
|
||||
}
|
||||
|
||||
|
@ -474,9 +477,6 @@ static void buffer_alloc_free( void *ptr )
|
|||
if( hdr->next != NULL )
|
||||
hdr->next->prev = hdr;
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BACKTRACE)
|
||||
free( old->trace );
|
||||
#endif
|
||||
memset( old, 0, sizeof(memory_header) );
|
||||
}
|
||||
|
||||
|
@ -491,11 +491,6 @@ static void buffer_alloc_free( void *ptr )
|
|||
heap.first_free = hdr;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BACKTRACE)
|
||||
hdr->trace = NULL;
|
||||
hdr->trace_count = 0;
|
||||
#endif
|
||||
|
||||
if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
|
||||
mbedtls_exit( 1 );
|
||||
}
|
||||
|
|
|
@ -27,7 +27,18 @@
|
|||
|
||||
#if defined(MBEDTLS_NET_C)
|
||||
|
||||
#include "mbedtls/net.h"
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#endif
|
||||
|
||||
#include "mbedtls/net_sockets.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
|
@ -81,7 +92,6 @@ static int wsa_init_done = 0;
|
|||
#define MSVC_INT_CAST
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <time.h>
|
||||
|
@ -292,7 +302,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
|
|||
struct sockaddr_storage client_addr;
|
||||
|
||||
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
|
||||
defined(_SOCKLEN_T_DECLARED)
|
||||
defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
|
||||
socklen_t n = (socklen_t) sizeof( client_addr );
|
||||
socklen_t type_len = (socklen_t) sizeof( type );
|
||||
#else
|
|
@ -152,6 +152,7 @@ int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
|
|||
return( MBEDTLS_ERR_OID_NOT_FOUND ); \
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
/*
|
||||
* For X520 attribute types
|
||||
*/
|
||||
|
@ -247,7 +248,6 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
|
|||
FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
|
||||
FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
/*
|
||||
* For X509 extensions
|
||||
*/
|
||||
|
@ -267,7 +267,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
|
|||
MBEDTLS_X509_EXT_KEY_USAGE,
|
||||
},
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-keyUsage", "Extended Key Usage" },
|
||||
{ ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
|
||||
MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
|
||||
},
|
||||
{
|
||||
|
@ -314,22 +314,32 @@ typedef struct {
|
|||
|
||||
static const oid_sig_alg_t oid_sig_alg[] =
|
||||
{
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" },
|
||||
MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_MD2_C */
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" },
|
||||
MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_MD4_C */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" },
|
||||
MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_MD5_C */
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" },
|
||||
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
|
||||
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
|
||||
|
@ -338,6 +348,8 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
|
||||
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" },
|
||||
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
|
||||
|
@ -346,14 +358,22 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" },
|
||||
MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" },
|
||||
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" },
|
||||
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
|
||||
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
|
||||
|
@ -362,6 +382,8 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
|
||||
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" },
|
||||
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
|
||||
|
@ -370,10 +392,14 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
|
||||
MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
|
||||
MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
|
||||
},
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
{
|
||||
{ NULL, 0, NULL, NULL },
|
||||
MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
|
||||
|
@ -429,50 +455,72 @@ typedef struct {
|
|||
|
||||
static const oid_ecp_grp_t oid_ecp_grp[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" },
|
||||
MBEDTLS_ECP_DP_SECP192R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" },
|
||||
MBEDTLS_ECP_DP_SECP224R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" },
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" },
|
||||
MBEDTLS_ECP_DP_SECP384R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
|
||||
MBEDTLS_ECP_DP_SECP521R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" },
|
||||
MBEDTLS_ECP_DP_SECP192K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" },
|
||||
MBEDTLS_ECP_DP_SECP224K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" },
|
||||
MBEDTLS_ECP_DP_SECP256K1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
|
||||
MBEDTLS_ECP_DP_BP256R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" },
|
||||
MBEDTLS_ECP_DP_BP384R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" },
|
||||
MBEDTLS_ECP_DP_BP512R1,
|
||||
},
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
{
|
||||
{ NULL, 0, NULL, NULL },
|
||||
MBEDTLS_ECP_DP_NONE,
|
||||
|
@ -524,22 +572,31 @@ typedef struct {
|
|||
|
||||
static const oid_md_alg_t oid_md_alg[] =
|
||||
{
|
||||
#if defined(MBEDTLS_MD2_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" },
|
||||
MBEDTLS_MD_MD2,
|
||||
},
|
||||
#endif /* MBEDTLS_MD2_C */
|
||||
#if defined(MBEDTLS_MD4_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" },
|
||||
MBEDTLS_MD_MD4,
|
||||
},
|
||||
#endif /* MBEDTLS_MD4_C */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
|
||||
MBEDTLS_MD_MD5,
|
||||
},
|
||||
#endif /* MBEDTLS_MD5_C */
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
|
||||
MBEDTLS_MD_SHA1,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
|
||||
MBEDTLS_MD_SHA224,
|
||||
|
@ -548,6 +605,8 @@ static const oid_md_alg_t oid_md_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
|
||||
MBEDTLS_MD_SHA256,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
{
|
||||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
|
||||
MBEDTLS_MD_SHA384,
|
||||
|
@ -556,6 +615,7 @@ static const oid_md_alg_t oid_md_alg[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
|
||||
MBEDTLS_MD_SHA512,
|
||||
},
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
{
|
||||
{ NULL, 0, NULL, NULL },
|
||||
MBEDTLS_MD_NONE,
|
||||
|
|
|
@ -316,6 +316,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
|
||||
}
|
||||
|
||||
if( s1 == s2 )
|
||||
return( MBEDTLS_ERR_PEM_INVALID_DATA );
|
||||
|
||||
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
|
||||
|
|
|
@ -86,15 +86,20 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#define PKCS12_MAX_PWDLEN 128
|
||||
|
||||
static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
unsigned char *key, size_t keylen,
|
||||
unsigned char *iv, size_t ivlen )
|
||||
{
|
||||
int ret, iterations;
|
||||
int ret, iterations = 0;
|
||||
mbedtls_asn1_buf salt;
|
||||
size_t i;
|
||||
unsigned char unipwd[258];
|
||||
unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
|
||||
|
||||
if( pwdlen > PKCS12_MAX_PWDLEN )
|
||||
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
|
||||
|
||||
memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
|
||||
memset( &unipwd, 0, sizeof(unipwd) );
|
||||
|
@ -125,6 +130,8 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#undef PKCS12_MAX_PWDLEN
|
||||
|
||||
int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
const unsigned char *data, size_t len,
|
||||
|
|
|
@ -391,7 +391,8 @@ int mbedtls_pkcs5_self_test( int verbose )
|
|||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
mbedtls_printf( "\n" );
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
exit:
|
||||
mbedtls_md_free( &sha1_ctx );
|
||||
|
|
|
@ -1181,6 +1181,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
|
||||
#else
|
||||
((void) ret);
|
||||
((void) pwd);
|
||||
((void) pwdlen);
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
|
|
@ -96,7 +96,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
if( *p - start < (int) len )
|
||||
if( *p < start || (size_t)( *p - start ) < len )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*p -= len;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Platform abstraction layer
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -190,4 +190,118 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
|
|||
}
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_TIME)
|
||||
/*
|
||||
* Make dummy function to prevent NULL pointer dereferences
|
||||
*/
|
||||
static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
|
||||
{
|
||||
((void) timer);
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit
|
||||
#endif /* !MBEDTLS_PLATFORM_STD_TIME */
|
||||
|
||||
mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
|
||||
|
||||
int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
|
||||
{
|
||||
mbedtls_time = time_func;
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
|
||||
/* Default implementations for the platform independent seed functions use
|
||||
* standard libc file functions to read from and write to a pre-defined filename
|
||||
*/
|
||||
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
|
||||
{
|
||||
FILE *file;
|
||||
size_t n;
|
||||
|
||||
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
|
||||
return -1;
|
||||
|
||||
if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
|
||||
{
|
||||
fclose( file );
|
||||
return -1;
|
||||
}
|
||||
|
||||
fclose( file );
|
||||
return( n );
|
||||
}
|
||||
|
||||
int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
|
||||
{
|
||||
FILE *file;
|
||||
size_t n;
|
||||
|
||||
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
|
||||
return -1;
|
||||
|
||||
if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
|
||||
{
|
||||
fclose( file );
|
||||
return -1;
|
||||
}
|
||||
|
||||
fclose( file );
|
||||
return( n );
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
|
||||
/*
|
||||
* Make dummy function to prevent NULL pointer dereferences
|
||||
*/
|
||||
static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
|
||||
{
|
||||
((void) buf);
|
||||
((void) buf_len);
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit
|
||||
#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
|
||||
/*
|
||||
* Make dummy function to prevent NULL pointer dereferences
|
||||
*/
|
||||
static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
|
||||
{
|
||||
((void) buf);
|
||||
((void) buf_len);
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit
|
||||
#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
|
||||
|
||||
int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
|
||||
MBEDTLS_PLATFORM_STD_NV_SEED_READ;
|
||||
int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
|
||||
MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
|
||||
|
||||
int mbedtls_platform_set_nv_seed(
|
||||
int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
|
||||
int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
|
||||
{
|
||||
mbedtls_nv_seed_read = nv_seed_read_func;
|
||||
mbedtls_nv_seed_write = nv_seed_write_func;
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
|
|
@ -456,6 +456,9 @@ int mbedtls_ripemd160_self_test( int verbose )
|
|||
mbedtls_printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
|
|
@ -19,10 +19,16 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
/*
|
||||
* RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
|
||||
* The following sources were referenced in the design of this implementation
|
||||
* of the RSA algorithm:
|
||||
*
|
||||
* [1] A method for obtaining digital signatures and public-key cryptosystems
|
||||
* R Rivest, A Shamir, and L Adleman
|
||||
* http://people.csail.mit.edu/rivest/pubs.html#RSA78
|
||||
*
|
||||
* [2] Handbook of Applied Cryptography - 1997, Chapter 8
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
*
|
||||
* http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
|
||||
* http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
|
@ -96,7 +102,11 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
|
||||
if( nbits % 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
|
||||
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
|
||||
|
||||
/*
|
||||
* find primes P and Q with Q < P so that:
|
||||
|
@ -106,15 +116,12 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
|
||||
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
|
||||
continue;
|
||||
|
||||
|
@ -122,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
|
||||
continue;
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
|
||||
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
|
||||
|
@ -359,6 +369,10 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
size_t olen;
|
||||
mbedtls_mpi T, T1, T2;
|
||||
|
||||
/* Make sure we have private key info, prevent possible misuse */
|
||||
if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
@ -461,8 +475,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
|
|||
|
||||
hlen = mbedtls_md_get_size( md_ctx->md_info );
|
||||
|
||||
// Generate and apply dbMask
|
||||
//
|
||||
/* Generate and apply dbMask */
|
||||
p = dst;
|
||||
|
||||
while( dlen > 0 )
|
||||
|
@ -519,22 +532,21 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
olen = ctx->len;
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
|
||||
if( olen < ilen + 2 * hlen + 2 )
|
||||
/* first comparison checks for overflow */
|
||||
if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
memset( output, 0, olen );
|
||||
|
||||
*p++ = 0;
|
||||
|
||||
// Generate a random octet string seed
|
||||
//
|
||||
/* Generate a random octet string seed */
|
||||
if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
|
||||
|
||||
p += hlen;
|
||||
|
||||
// Construct DB
|
||||
//
|
||||
/* Construct DB */
|
||||
mbedtls_md( md_info, label, label_len, p );
|
||||
p += hlen;
|
||||
p += olen - 2 * hlen - 2 - ilen;
|
||||
|
@ -542,15 +554,17 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
memcpy( p, input, ilen );
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
mbedtls_md_setup( &md_ctx, md_info, 0 );
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_md_free( &md_ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
// maskedDB: Apply dbMask to DB
|
||||
//
|
||||
/* maskedDB: Apply dbMask to DB */
|
||||
mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
|
||||
&md_ctx );
|
||||
|
||||
// maskedSeed: Apply seedMask to seed
|
||||
//
|
||||
/* maskedSeed: Apply seedMask to seed */
|
||||
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
|
||||
&md_ctx );
|
||||
|
||||
|
@ -580,12 +594,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( f_rng == NULL )
|
||||
// We don't check p_rng because it won't be dereferenced here
|
||||
if( f_rng == NULL || input == NULL || output == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
olen = ctx->len;
|
||||
|
||||
if( olen < ilen + 11 )
|
||||
/* first comparison checks for overflow */
|
||||
if( ilen + 11 < ilen || olen < ilen + 11 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
nb_pad = olen - 3 - ilen;
|
||||
|
@ -603,8 +619,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
ret = f_rng( p_rng, p, 1 );
|
||||
} while( *p == 0 && --rng_dl && ret == 0 );
|
||||
|
||||
// Check if RNG failed to generate data
|
||||
//
|
||||
/* Check if RNG failed to generate data */
|
||||
if( rng_dl == 0 || ret != 0 )
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
|
||||
|
||||
|
@ -695,6 +710,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
|
||||
// checking for integer underflow
|
||||
if( 2 * hlen + 2 > ilen )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
* RSA operation
|
||||
*/
|
||||
|
@ -708,10 +729,13 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
/*
|
||||
* Unmask data and generate lHash
|
||||
*/
|
||||
hlen = mbedtls_md_get_size( md_info );
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
mbedtls_md_setup( &md_ctx, md_info, 0 );
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_md_free( &md_ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
||||
/* Generate lHash */
|
||||
mbedtls_md( md_info, label, label_len, lhash );
|
||||
|
@ -844,6 +868,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
bad |= *p++; /* Must be zero */
|
||||
}
|
||||
|
||||
bad |= ( pad_count < 8 );
|
||||
|
||||
if( bad )
|
||||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||
|
||||
|
@ -920,8 +946,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
// Gather length of hash to sign
|
||||
//
|
||||
/* Gather length of hash to sign */
|
||||
md_info = mbedtls_md_info_from_type( md_alg );
|
||||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -941,13 +966,11 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
|
||||
memset( sig, 0, olen );
|
||||
|
||||
// Generate salt of length slen
|
||||
//
|
||||
/* Generate salt of length slen */
|
||||
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
|
||||
|
||||
// Note: EMSA-PSS encoding is over the length of N - 1 bits
|
||||
//
|
||||
/* Note: EMSA-PSS encoding is over the length of N - 1 bits */
|
||||
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
|
||||
p += olen - hlen * 2 - 2;
|
||||
*p++ = 0x01;
|
||||
|
@ -955,23 +978,24 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
p += slen;
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
mbedtls_md_setup( &md_ctx, md_info, 0 );
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_md_free( &md_ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
// Generate H = Hash( M' )
|
||||
//
|
||||
/* Generate H = Hash( M' ) */
|
||||
mbedtls_md_starts( &md_ctx );
|
||||
mbedtls_md_update( &md_ctx, p, 8 );
|
||||
mbedtls_md_update( &md_ctx, hash, hashlen );
|
||||
mbedtls_md_update( &md_ctx, salt, slen );
|
||||
mbedtls_md_finish( &md_ctx, p );
|
||||
|
||||
// Compensate for boundary condition when applying mask
|
||||
//
|
||||
/* Compensate for boundary condition when applying mask */
|
||||
if( msb % 8 == 0 )
|
||||
offset = 1;
|
||||
|
||||
// maskedDB: Apply dbMask to DB
|
||||
//
|
||||
/* maskedDB: Apply dbMask to DB */
|
||||
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
|
||||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
@ -1082,10 +1106,16 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
* temporary buffer and check it before returning it.
|
||||
*/
|
||||
sig_try = mbedtls_calloc( 1, ctx->len );
|
||||
verif = mbedtls_calloc( 1, ctx->len );
|
||||
if( sig_try == NULL || verif == NULL )
|
||||
if( sig_try == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
verif = mbedtls_calloc( 1, ctx->len );
|
||||
if( verif == NULL )
|
||||
{
|
||||
mbedtls_free( sig_try );
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
|
||||
|
||||
|
@ -1159,13 +1189,13 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
size_t siglen;
|
||||
unsigned char *p;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
unsigned char result[MBEDTLS_MD_MAX_SIZE];
|
||||
unsigned char zeros[8];
|
||||
unsigned int hlen;
|
||||
size_t slen, msb;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -1189,8 +1219,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
// Gather length of hash to sign
|
||||
//
|
||||
/* Gather length of hash to sign */
|
||||
md_info = mbedtls_md_info_from_type( md_alg );
|
||||
if( md_info == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -1207,12 +1236,12 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
|
||||
memset( zeros, 0, 8 );
|
||||
|
||||
// Note: EMSA-PSS verification is over the length of N - 1 bits
|
||||
//
|
||||
/*
|
||||
* Note: EMSA-PSS verification is over the length of N - 1 bits
|
||||
*/
|
||||
msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
|
||||
|
||||
// Compensate for boundary condition when applying mask
|
||||
//
|
||||
/* Compensate for boundary condition when applying mask */
|
||||
if( msb % 8 == 0 )
|
||||
{
|
||||
p++;
|
||||
|
@ -1222,7 +1251,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
mbedtls_md_setup( &md_ctx, md_info, 0 );
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
|
||||
{
|
||||
mbedtls_md_free( &md_ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
|
||||
|
||||
|
@ -1248,8 +1281,9 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
return( MBEDTLS_ERR_RSA_INVALID_PADDING );
|
||||
}
|
||||
|
||||
// Generate H = Hash( M' )
|
||||
//
|
||||
/*
|
||||
* Generate H = Hash( M' )
|
||||
*/
|
||||
mbedtls_md_starts( &md_ctx );
|
||||
mbedtls_md_update( &md_ctx, zeros, 8 );
|
||||
mbedtls_md_update( &md_ctx, hash, hashlen );
|
||||
|
@ -1304,10 +1338,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
int ret;
|
||||
size_t len, siglen, asn1_len;
|
||||
unsigned char *p, *end;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
mbedtls_md_type_t msg_md_alg;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_asn1_buf oid;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -1354,8 +1388,9 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
|
||||
end = p + len;
|
||||
|
||||
// Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
|
||||
//
|
||||
/*
|
||||
* Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
|
@ -1650,7 +1685,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "PKCS#1 data sign : " );
|
||||
mbedtls_printf( " PKCS#1 data sign : " );
|
||||
|
||||
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -41,7 +41,10 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
|
@ -389,10 +392,19 @@ static const unsigned char sha256_test_sum[6][32] =
|
|||
int mbedtls_sha256_self_test( int verbose )
|
||||
{
|
||||
int i, j, k, buflen, ret = 0;
|
||||
unsigned char buf[1024];
|
||||
unsigned char *buf;
|
||||
unsigned char sha256sum[32];
|
||||
mbedtls_sha256_context ctx;
|
||||
|
||||
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
|
||||
if( NULL == buf )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "Buffer allocation failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
mbedtls_sha256_init( &ctx );
|
||||
|
||||
for( i = 0; i < 6; i++ )
|
||||
|
@ -436,6 +448,7 @@ int mbedtls_sha256_self_test( int verbose )
|
|||
|
||||
exit:
|
||||
mbedtls_sha256_free( &ctx );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -47,7 +47,10 @@
|
|||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
|
@ -89,53 +92,6 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
}
|
||||
#endif /* PUT_UINT64_BE */
|
||||
|
||||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static const uint64_t K[80] =
|
||||
{
|
||||
UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
|
||||
UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
|
||||
UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
|
||||
UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
|
||||
UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
|
||||
UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
|
||||
UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
|
||||
UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
|
||||
UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
|
||||
UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
|
||||
UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
|
||||
UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
|
||||
UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
|
||||
UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
|
||||
UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
|
||||
UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
|
||||
UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
|
||||
UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
|
||||
UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
|
||||
UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
|
||||
UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
|
||||
UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
|
||||
UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
|
||||
UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
|
||||
UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
|
||||
UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
|
||||
UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
|
||||
UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
|
||||
UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
|
||||
UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
|
||||
UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
|
||||
UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
|
||||
UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
|
||||
UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
|
||||
UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
|
||||
UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
|
||||
UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
|
||||
UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
|
||||
UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
|
||||
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
|
||||
};
|
||||
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
|
||||
|
@ -192,6 +148,54 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
|
||||
|
||||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static const uint64_t K[80] =
|
||||
{
|
||||
UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
|
||||
UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
|
||||
UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
|
||||
UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
|
||||
UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
|
||||
UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
|
||||
UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
|
||||
UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
|
||||
UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
|
||||
UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
|
||||
UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
|
||||
UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
|
||||
UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
|
||||
UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
|
||||
UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
|
||||
UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
|
||||
UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
|
||||
UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
|
||||
UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
|
||||
UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
|
||||
UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
|
||||
UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
|
||||
UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
|
||||
UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
|
||||
UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
|
||||
UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
|
||||
UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
|
||||
UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
|
||||
UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
|
||||
UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
|
||||
UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
|
||||
UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
|
||||
UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
|
||||
UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
|
||||
UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
|
||||
UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
|
||||
UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
|
||||
UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
|
||||
UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
|
||||
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
|
||||
};
|
||||
|
||||
void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
|
||||
{
|
||||
int i;
|
||||
|
@ -444,10 +448,19 @@ static const unsigned char sha512_test_sum[6][64] =
|
|||
int mbedtls_sha512_self_test( int verbose )
|
||||
{
|
||||
int i, j, k, buflen, ret = 0;
|
||||
unsigned char buf[1024];
|
||||
unsigned char *buf;
|
||||
unsigned char sha512sum[64];
|
||||
mbedtls_sha512_context ctx;
|
||||
|
||||
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
|
||||
if( NULL == buf )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "Buffer allocation failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
mbedtls_sha512_init( &ctx );
|
||||
|
||||
for( i = 0; i < 6; i++ )
|
||||
|
@ -491,6 +504,7 @@ int mbedtls_sha512_self_test( int verbose )
|
|||
|
||||
exit:
|
||||
mbedtls_sha512_free( &ctx );
|
||||
mbedtls_free( buf );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -31,18 +31,18 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
|
||||
#include "mbedtls/ssl_cache.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_cache.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
|
||||
{
|
||||
memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
|
||||
|
@ -59,7 +59,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
|
|||
{
|
||||
int ret = 1;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t t = time( NULL );
|
||||
mbedtls_time_t t = mbedtls_time( NULL );
|
||||
#endif
|
||||
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
||||
mbedtls_ssl_cache_entry *cur, *entry;
|
||||
|
@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
|
|||
{
|
||||
int ret = 1;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t t = time( NULL ), oldest = 0;
|
||||
mbedtls_time_t t = time( NULL ), oldest = 0;
|
||||
mbedtls_ssl_cache_entry *old = NULL;
|
||||
#endif
|
||||
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
||||
|
|
|
@ -29,10 +29,15 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_ciphersuites.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
// #include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
/*
|
||||
|
@ -40,7 +45,7 @@
|
|||
*
|
||||
* Current rule (except rc4, weak and null which come last):
|
||||
* 1. By key exchange:
|
||||
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
|
||||
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
|
||||
* 2. By key length and cipher:
|
||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
|
||||
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
|
||||
|
@ -131,6 +136,9 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The ECJPAKE suite */
|
||||
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
|
||||
|
||||
/* All AES-256 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
|
||||
|
@ -1510,6 +1518,18 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_ARC4_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
{ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
|
|
|
@ -27,24 +27,24 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include <time.h>
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
@ -60,6 +60,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t hostname_len;
|
||||
|
||||
*olen = 0;
|
||||
|
@ -72,6 +73,12 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
hostname_len = strlen( ssl->hostname );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < hostname_len + 9 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* NameType name_type;
|
||||
|
@ -115,6 +122,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
|
@ -123,6 +131,12 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Secure renegotiation
|
||||
*/
|
||||
|
@ -149,6 +163,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t sig_alg_len = 0;
|
||||
const int *md;
|
||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
|
||||
|
@ -162,9 +177,27 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
||||
|
||||
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
sig_alg_len += 2;
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
sig_alg_len += 2;
|
||||
#endif
|
||||
}
|
||||
|
||||
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare signature_algorithms extension (TLS 1.2)
|
||||
*/
|
||||
sig_alg_len = 0;
|
||||
|
||||
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
|
@ -208,12 +241,14 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
unsigned char *elliptic_curve_list = p + 6;
|
||||
size_t elliptic_curve_len = 0;
|
||||
const mbedtls_ecp_curve_info *info;
|
||||
|
@ -235,7 +270,31 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
|
||||
{
|
||||
#endif
|
||||
if( info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
elliptic_curve_len += 2;
|
||||
}
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
elliptic_curve_len = 0;
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||
{
|
||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||
#else
|
||||
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
|
||||
{
|
||||
#endif
|
||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
|
||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
|
||||
}
|
||||
|
@ -260,12 +319,18 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
((void) ssl);
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 6 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
|
||||
|
||||
|
@ -277,7 +342,86 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t kkpp_len;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
/* Skip costly extension if we can't use EC J-PAKE anyway */
|
||||
if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
return;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) );
|
||||
|
||||
if( end - p < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
|
||||
|
||||
/*
|
||||
* We may need to send ClientHello multiple times for Hello verification.
|
||||
* We don't want to compute fresh values every time (both for performance
|
||||
* and consistency reasons), so cache the extension content.
|
||||
*/
|
||||
if( ssl->handshake->ecjpake_cache == NULL ||
|
||||
ssl->handshake->ecjpake_cache_len == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
|
||||
|
||||
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
p + 2, end - p - 2, &kkpp_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
|
||||
return;
|
||||
}
|
||||
|
||||
ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
|
||||
if( ssl->handshake->ecjpake_cache == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
|
||||
ssl->handshake->ecjpake_cache_len = kkpp_len;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
|
||||
|
||||
kkpp_len = ssl->handshake->ecjpake_cache_len;
|
||||
|
||||
if( (size_t)( end - p - 2 ) < kkpp_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
|
||||
|
||||
*olen = kkpp_len + 4;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
|
@ -285,14 +429,22 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 5 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
|
||||
|
||||
|
@ -310,15 +462,23 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
|
||||
|
||||
|
@ -334,17 +494,25 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
|
||||
"extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
|
||||
|
||||
|
@ -360,17 +528,25 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
|
||||
"extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
|
||||
|
||||
|
@ -386,16 +562,24 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t tlen = ssl->session_negotiate->ticket_len;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 4 + tlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
|
||||
|
||||
|
@ -404,8 +588,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*olen = 4;
|
||||
|
||||
if( ssl->session_negotiate->ticket == NULL ||
|
||||
ssl->session_negotiate->ticket_len == 0 )
|
||||
if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
@ -423,16 +606,28 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf, size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t alpnlen = 0;
|
||||
const char **cur;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->conf->alpn_list == NULL )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
|
||||
|
||||
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
|
||||
alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 6 + alpnlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
|
||||
|
||||
|
@ -474,7 +669,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
int ret;
|
||||
unsigned char *p = ssl->handshake->randbytes;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t t;
|
||||
mbedtls_time_t t;
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -489,7 +684,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
t = time( NULL );
|
||||
t = mbedtls_time( NULL );
|
||||
*p++ = (unsigned char)( t >> 24 );
|
||||
*p++ = (unsigned char)( t >> 16 );
|
||||
*p++ = (unsigned char)( t >> 8 );
|
||||
|
@ -680,8 +875,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
continue;
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||
ciphersuites[i] ) );
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
n++;
|
||||
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
|
||||
|
@ -771,7 +972,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
||||
|
@ -779,6 +981,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
@ -799,13 +1006,13 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
|
@ -986,7 +1193,8 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -1007,7 +1215,12 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
ssl->handshake->ecdh_ctx.point_format = p[0];
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl->handshake->ecjpake_ctx.point_format = p[0];
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -1019,7 +1232,38 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* If we got here, we no longer need our cached extension */
|
||||
mbedtls_free( ssl->handshake->ecjpake_cache );
|
||||
ssl->handshake->ecjpake_cache = NULL;
|
||||
ssl->handshake->ecjpake_cache_len = 0;
|
||||
|
||||
if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
buf, len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
|
@ -1111,6 +1355,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
cookie_len = *p++;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
|
||||
|
||||
if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "cookie length does not match incoming message size" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
mbedtls_free( ssl->handshake->verify_cookie );
|
||||
|
||||
ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
|
||||
|
@ -1348,7 +1601,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->state++;
|
||||
ssl->handshake->resume = 0;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
ssl->session_negotiate->start = time( NULL );
|
||||
ssl->session_negotiate->start = mbedtls_time( NULL );
|
||||
#endif
|
||||
ssl->session_negotiate->ciphersuite = i;
|
||||
ssl->session_negotiate->compression = comp;
|
||||
|
@ -1369,7 +1622,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||
ssl->handshake->resume ? "a" : "no" ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
|
||||
|
||||
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||
|
@ -1384,6 +1637,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
|
||||
|
||||
i = 0;
|
||||
while( 1 )
|
||||
{
|
||||
|
@ -1507,7 +1762,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
|
||||
|
||||
|
@ -1518,7 +1774,21 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
|
||||
|
||||
if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
|
||||
ext + 4, ext_size ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
|
@ -1725,8 +1995,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
// TODO: Retrieve PSK identity hint and callback to app
|
||||
//
|
||||
/*
|
||||
* Note: we currently ignore the PKS identity hint, as we only allow one
|
||||
* PSK to be provisionned on the client. This could be changed later if
|
||||
* someone needs that feature.
|
||||
*/
|
||||
*p += len;
|
||||
ret = 0;
|
||||
|
||||
|
@ -1813,7 +2086,9 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end,
|
||||
|
@ -1838,7 +2113,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported "
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
|
||||
"HashAlgorithm %d", *(p)[0] ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
@ -1848,7 +2123,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported "
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
|
||||
"SignatureAlgorithm %d", (*p)[1] ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
@ -1858,7 +2133,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm "
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
|
||||
"that was not offered" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
@ -1869,7 +2144,9 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
|
@ -2037,6 +2314,19 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
p, end - p );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -2230,7 +2520,9 @@ exit:
|
|||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -2241,7 +2533,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
|
||||
ssl->state++;
|
||||
|
@ -2255,8 +2548,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *buf, *p;
|
||||
size_t n = 0, m = 0;
|
||||
unsigned char *buf;
|
||||
size_t n = 0;
|
||||
size_t cert_type_len = 0, dn_len = 0;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
|
||||
|
||||
|
@ -2265,7 +2558,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
|
||||
ssl->state++;
|
||||
|
@ -2303,9 +2597,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
ssl->record_read = 0;
|
||||
|
||||
// TODO: handshake_failure alert for an anonymous server to request
|
||||
// client authentication
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* ClientCertificateType certificate_types<1..2^8-1>;
|
||||
|
@ -2313,11 +2604,26 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
* supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
|
||||
* DistinguishedName certificate_authorities<0..2^16-1>;
|
||||
* } CertificateRequest;
|
||||
*
|
||||
* Since we only support a single certificate on clients, let's just
|
||||
* ignore all the information that's supposed to help us pick a
|
||||
* certificate.
|
||||
*
|
||||
* We could check that our certificate matches the request, and bail out
|
||||
* if it doesn't, but it's simpler to just send the certificate anyway,
|
||||
* and give the server the opportunity to decide if it should terminate
|
||||
* the connection when it doesn't like our certificate.
|
||||
*
|
||||
* Same goes for the hash in TLS 1.2's signature_algorithms: at this
|
||||
* point we only have one hash available (see comments in
|
||||
* write_certificate_verify), so let's just use what we have.
|
||||
*
|
||||
* However, we still minimally parse the message to check it is at least
|
||||
* superficially sane.
|
||||
*/
|
||||
buf = ssl->in_msg;
|
||||
|
||||
// Retrieve cert types
|
||||
//
|
||||
/* certificate_types */
|
||||
cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
|
||||
n = cert_type_len;
|
||||
|
||||
|
@ -2327,45 +2633,23 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||
}
|
||||
|
||||
p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1;
|
||||
while( cert_type_len > 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN &&
|
||||
mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
|
||||
{
|
||||
ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
|
||||
break;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN &&
|
||||
mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
|
||||
{
|
||||
ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
|
||||
break;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
; /* Unsupported cert type, ignore */
|
||||
}
|
||||
|
||||
cert_type_len--;
|
||||
p++;
|
||||
}
|
||||
|
||||
/* supported_signature_algorithms */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* Ignored, see comments about hash in write_certificate_verify */
|
||||
// TODO: should check the signature part against our pk_key though
|
||||
size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
|
||||
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
|
||||
size_t i;
|
||||
|
||||
m += 2;
|
||||
n += sig_alg_len;
|
||||
for( i = 0; i < sig_alg_len; i += 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d,%d", sig_alg[i], sig_alg[i + 1] ) );
|
||||
}
|
||||
#endif
|
||||
|
||||
n += 2 + sig_alg_len;
|
||||
|
||||
if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
|
||||
{
|
||||
|
@ -2375,13 +2659,12 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* Ignore certificate_authorities, we only have one cert anyway */
|
||||
// TODO: should not send cert if no CA matches
|
||||
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] << 8 )
|
||||
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n] ) );
|
||||
/* certificate_authorities */
|
||||
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
|
||||
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
|
||||
|
||||
n += dn_len;
|
||||
if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n )
|
||||
if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
|
||||
|
@ -2394,7 +2677,9 @@ exit:
|
|||
}
|
||||
#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
|
@ -2645,6 +2930,31 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
i = 4;
|
||||
|
||||
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->out_msg + i, MBEDTLS_SSL_MAX_CONTENT_LEN - i, &n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
{
|
||||
((void) ciphersuite_info);
|
||||
|
@ -2671,7 +2981,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -2689,7 +3001,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
||||
ssl->state++;
|
||||
|
@ -2721,7 +3034,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
||||
ssl->state++;
|
||||
|
@ -2849,7 +3163,10 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
|
|
|
@ -31,16 +31,16 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_COOKIE_C)
|
||||
|
||||
#include "mbedtls/ssl_cookie.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_cookie.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
|
@ -172,7 +172,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
|
|||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
t = (unsigned long) time( NULL );
|
||||
t = (unsigned long) mbedtls_time( NULL );
|
||||
#else
|
||||
t = ctx->serial++;
|
||||
#endif
|
||||
|
@ -242,7 +242,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
|
|||
return( -1 );
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
cur_time = (unsigned long) time( NULL );
|
||||
cur_time = (unsigned long) mbedtls_time( NULL );
|
||||
#else
|
||||
cur_time = ctx->serial;
|
||||
#endif
|
||||
|
|
|
@ -27,6 +27,14 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
@ -37,16 +45,8 @@
|
|||
#include "mbedtls/ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include <time.h>
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
@ -232,7 +232,8 @@ have_sig_alg:
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -305,7 +306,12 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
|
|||
if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
|
||||
p[0] == MBEDTLS_ECP_PF_COMPRESSED )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
ssl->handshake->ecdh_ctx.point_format = p[0];
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl->handshake->ecjpake_ctx.point_format = p[0];
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -316,7 +322,35 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
buf, len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Only mark the extension as OK when we're sure it is */
|
||||
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
|
@ -707,6 +741,17 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
|
||||
"not configured or ext missing" ) );
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
|
||||
( ssl->handshake->curves == NULL ||
|
||||
|
@ -998,7 +1043,6 @@ have_ciphersuite_v2:
|
|||
|
||||
ssl->session_negotiate->ciphersuite = ciphersuites[i];
|
||||
ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
|
||||
mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
|
||||
|
||||
/*
|
||||
* SSLv2 Client Hello relevant renegotiation security checks
|
||||
|
@ -1460,180 +1504,200 @@ read_record_header:
|
|||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check the extension length
|
||||
*/
|
||||
ext_offset = comp_offset + 1 + comp_len;
|
||||
if( msg_len > ext_offset )
|
||||
/* Do not parse the extensions if the protocol is SSLv3 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
if( msg_len < ext_offset + 2 )
|
||||
#endif
|
||||
/*
|
||||
* Check the extension length
|
||||
*/
|
||||
ext_offset = comp_offset + 1 + comp_len;
|
||||
if( msg_len > ext_offset )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
if( msg_len < ext_offset + 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
ext_len = ( buf[ext_offset + 0] << 8 )
|
||||
| ( buf[ext_offset + 1] );
|
||||
|
||||
if( ( ext_len > 0 && ext_len < 4 ) ||
|
||||
msg_len != ext_offset + 2 + ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
else
|
||||
ext_len = 0;
|
||||
|
||||
ext_len = ( buf[ext_offset + 0] << 8 )
|
||||
| ( buf[ext_offset + 1] );
|
||||
ext = buf + ext_offset + 2;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
if( ( ext_len > 0 && ext_len < 4 ) ||
|
||||
msg_len != ext_offset + 2 + ext_len )
|
||||
while( ext_len != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
else
|
||||
ext_len = 0;
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
| ( ext[1] ) );
|
||||
unsigned int ext_size = ( ( ext[2] << 8 )
|
||||
| ( ext[3] ) );
|
||||
|
||||
ext = buf + ext_offset + 2;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
while( ext_len != 0 )
|
||||
{
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
| ( ext[1] ) );
|
||||
unsigned int ext_size = ( ( ext[2] << 8 )
|
||||
| ( ext[3] ) );
|
||||
|
||||
if( ext_size + 4 > ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
switch( ext_id )
|
||||
{
|
||||
if( ext_size + 4 > ext_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
switch( ext_id )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||
if( ssl->conf->f_sni == NULL )
|
||||
break;
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||
if( ssl->conf->f_sni == NULL )
|
||||
break;
|
||||
|
||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||
case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
renegotiation_info_seen = 1;
|
||||
renegotiation_info_seen = 1;
|
||||
#endif
|
||||
|
||||
ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||
break;
|
||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||
break;
|
||||
#endif
|
||||
|
||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
|
||||
|
||||
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
|
||||
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
|
||||
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
|
||||
ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
|
||||
|
||||
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
|
||||
|
||||
ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
|
||||
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
|
||||
|
||||
ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||
case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
|
||||
|
||||
ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
|
||||
case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
|
||||
|
||||
ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
|
||||
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
|
||||
|
||||
ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
case MBEDTLS_TLS_EXT_SESSION_TICKET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
|
||||
case MBEDTLS_TLS_EXT_SESSION_TICKET:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
|
||||
|
||||
ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||
case MBEDTLS_TLS_EXT_ALPN:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||
|
||||
ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||
ext_id ) );
|
||||
}
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
||||
ext_id ) );
|
||||
}
|
||||
|
||||
ext_len -= 4 + ext_size;
|
||||
ext += 4 + ext_size;
|
||||
ext_len -= 4 + ext_size;
|
||||
ext += 4 + ext_size;
|
||||
|
||||
if( ext_len > 0 && ext_len < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
if( ext_len > 0 && ext_len < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
|
||||
|
@ -1775,7 +1839,6 @@ have_ciphersuite:
|
|||
|
||||
ssl->session_negotiate->ciphersuite = ciphersuites[i];
|
||||
ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
|
||||
mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
|
||||
|
||||
ssl->state++;
|
||||
|
||||
|
@ -1976,7 +2039,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
|
@ -2004,7 +2068,51 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *p = buf;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
size_t kkpp_len;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
/* Skip costly computation if not needed */
|
||||
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
return;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
|
||||
|
||||
if( end - p < 4 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
|
||||
|
||||
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
p + 2, end - p - 2, &kkpp_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
|
||||
return;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
|
||||
|
||||
*olen = kkpp_len + 4;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN )
|
||||
static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
|
@ -2108,7 +2216,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
time_t t;
|
||||
mbedtls_time_t t;
|
||||
#endif
|
||||
int ret;
|
||||
size_t olen, ext_len = 0, n;
|
||||
|
@ -2151,7 +2259,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
buf[4], buf[5] ) );
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
t = time( NULL );
|
||||
t = mbedtls_time( NULL );
|
||||
*p++ = (unsigned char)( t >> 24 );
|
||||
*p++ = (unsigned char)( t >> 16 );
|
||||
*p++ = (unsigned char)( t >> 8 );
|
||||
|
@ -2200,7 +2308,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
ssl->session_negotiate->start = time( NULL );
|
||||
ssl->session_negotiate->start = mbedtls_time( NULL );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
@ -2259,6 +2367,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||
ssl->session_negotiate->compression ) );
|
||||
|
||||
/* Do not write the extensions if the protocol is SSLv3 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
#endif
|
||||
|
||||
/*
|
||||
* First write extensions, then the total length
|
||||
*/
|
||||
|
@ -2290,11 +2404,17 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
@ -2309,6 +2429,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
p += ext_len;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||
|
@ -2322,7 +2446,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -2333,7 +2459,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||
ssl->state++;
|
||||
|
@ -2351,6 +2478,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
size_t dn_size, total_dn_size; /* excluding length bytes */
|
||||
size_t ct_len, sa_len; /* including length bytes */
|
||||
unsigned char *buf, *p;
|
||||
const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
const mbedtls_x509_crt *crt;
|
||||
int authmode;
|
||||
|
||||
|
@ -2369,6 +2497,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
|
||||
authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||
|
@ -2425,29 +2554,27 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/*
|
||||
* Only use current running hash algorithm that is already required
|
||||
* for requested ciphersuite.
|
||||
*/
|
||||
ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA256;
|
||||
|
||||
if( ssl->transform_negotiate->ciphersuite_info->mac ==
|
||||
MBEDTLS_MD_SHA384 )
|
||||
{
|
||||
ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA384;
|
||||
}
|
||||
const int *cur;
|
||||
|
||||
/*
|
||||
* Supported signature algorithms
|
||||
*/
|
||||
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
|
||||
{
|
||||
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
|
||||
|
||||
if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
|
||||
continue;
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
|
||||
p[2 + sa_len++] = hash;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||
p[2 + sa_len++] = hash;
|
||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||
#endif
|
||||
}
|
||||
|
||||
p[0] = (unsigned char)( sa_len >> 8 );
|
||||
p[1] = (unsigned char)( sa_len );
|
||||
|
@ -2471,10 +2598,16 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
total_dn_size = 0;
|
||||
while( crt != NULL && crt->version != 0 )
|
||||
{
|
||||
if( p - buf > 4096 )
|
||||
break;
|
||||
|
||||
dn_size = crt->subject_raw.len;
|
||||
|
||||
if( end < p ||
|
||||
(size_t)( end - p ) < dn_size ||
|
||||
(size_t)( end - p ) < 2 + dn_size )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
|
||||
break;
|
||||
}
|
||||
|
||||
*p++ = (unsigned char)( dn_size >> 8 );
|
||||
*p++ = (unsigned char)( dn_size );
|
||||
memcpy( p, crt->subject_raw.p, dn_size );
|
||||
|
@ -2500,7 +2633,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
|
@ -2539,12 +2674,14 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
unsigned char *p = ssl->out_msg + 4;
|
||||
unsigned char *dig_signed = p;
|
||||
size_t dig_signed_len = 0, len;
|
||||
((void) dig_signed);
|
||||
((void) dig_signed_len);
|
||||
((void) len);
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||
|
@ -2575,12 +2712,32 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
size_t jlen;
|
||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||
|
||||
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
p, end - p, &jlen, ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p += jlen;
|
||||
n += jlen;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
{
|
||||
/* TODO: Support identity hints */
|
||||
/* Note: we don't support identity hints, until someone asks
|
||||
* for them. */
|
||||
*(p++) = 0x00;
|
||||
*(p++) = 0x00;
|
||||
|
||||
|
@ -3326,6 +3483,28 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
p, end - p );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -3346,7 +3525,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
|
||||
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -3357,7 +3538,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
|
@ -3387,6 +3569,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
|
||||
ssl->session_negotiate->peer_cert == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
|
@ -3394,17 +3577,28 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/* Needs to be done before read_record() to exclude current message */
|
||||
ssl->handshake->calc_verify( ssl, hash );
|
||||
/* Read the message without adding it to the checksum */
|
||||
do {
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_handle_message_type( ssl );
|
||||
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
|
||||
|
||||
if( 0 != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->state++;
|
||||
|
||||
/* Process the message contents */
|
||||
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
|
||||
{
|
||||
|
@ -3451,14 +3645,19 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Hash
|
||||
*/
|
||||
if( ssl->in_msg[i] != ssl->handshake->verify_sig_alg )
|
||||
md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
|
||||
|
||||
if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
|
||||
" for verify message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||
}
|
||||
|
||||
md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
|
||||
#if !defined(MBEDTLS_MD_SHA1)
|
||||
if( MBEDTLS_MD_SHA1 == md_alg )
|
||||
hash_start += 16;
|
||||
#endif
|
||||
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
@ -3509,6 +3708,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||
}
|
||||
|
||||
/* Calculate hash and verify signature */
|
||||
ssl->handshake->calc_verify( ssl, hash );
|
||||
|
||||
if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
|
||||
md_alg, hash_start, hashlen,
|
||||
ssl->in_msg + i, sig_len ) ) != 0 )
|
||||
|
@ -3517,13 +3719,18 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
mbedtls_ssl_update_handshake_status( ssl );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
|
||||
!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
|
|
|
@ -27,16 +27,16 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_TICKET_C)
|
||||
|
||||
#include "mbedtls/ssl_ticket.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/ssl_ticket.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
|
@ -69,7 +69,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
|||
mbedtls_ssl_ticket_key *key = ctx->keys + index;
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
key->generation_time = (uint32_t) time( NULL );
|
||||
key->generation_time = (uint32_t) mbedtls_time( NULL );
|
||||
#endif
|
||||
|
||||
if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
|
||||
|
@ -98,7 +98,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
|
|||
#else
|
||||
if( ctx->ticket_lifetime != 0 )
|
||||
{
|
||||
uint32_t current_time = (uint32_t) time( NULL );
|
||||
uint32_t current_time = (uint32_t) mbedtls_time( NULL );
|
||||
uint32_t key_time = ctx->keys[ctx->active].generation_time;
|
||||
|
||||
if( current_time > key_time &&
|
||||
|
@ -451,7 +451,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
|
|||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
{
|
||||
/* Check for expiration */
|
||||
time_t current_time = time( NULL );
|
||||
mbedtls_time_t current_time = mbedtls_time( NULL );
|
||||
|
||||
if( current_time < session->start ||
|
||||
(uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
|
||||
|
|
|
@ -35,25 +35,24 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/ssl_internal.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#include "mbedtls/oid.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
|
@ -862,6 +861,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
if( ssl->conf->f_export_keys != NULL )
|
||||
{
|
||||
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
|
||||
session->master, keyblk,
|
||||
transform->maclen, transform->keylen,
|
||||
iv_copy_len );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
|
||||
cipher_info ) ) != 0 )
|
||||
{
|
||||
|
@ -1095,11 +1104,16 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||
{
|
||||
if( end - p < 2 + (int) psk_len )
|
||||
if( end - p < 2 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memset( p, 0, psk_len );
|
||||
p += psk_len;
|
||||
}
|
||||
else
|
||||
|
@ -1167,11 +1181,15 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
}
|
||||
|
||||
/* opaque psk<0..2^16-1>; */
|
||||
if( end - p < 2 + (int) psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
if( end - p < 2 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
*(p++) = (unsigned char)( psk_len >> 8 );
|
||||
*(p++) = (unsigned char)( psk_len );
|
||||
|
||||
if( end < p || (size_t)( end - p ) < psk_len )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
memcpy( p, psk, psk_len );
|
||||
p += psk_len;
|
||||
|
||||
|
@ -1355,17 +1373,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
memcpy( ssl->out_iv,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
#else
|
||||
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
|
||||
{
|
||||
/* Reminder if we ever add an AEAD mode with a different size */
|
||||
|
@ -1376,7 +1383,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
|||
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->out_ctr, 8 );
|
||||
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
|
@ -2689,7 +2695,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret, done = 0;
|
||||
int ret, done = 0, out_msg_type;
|
||||
size_t len = ssl->out_msglen;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
|
||||
|
@ -2705,7 +2711,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
||||
out_msg_type = ssl->out_msg[0];
|
||||
|
||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
||||
ssl->handshake == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
|
@ -2732,7 +2740,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
|||
len += 8;
|
||||
|
||||
/* Write message_seq and update it, except for HelloRequest */
|
||||
if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||
{
|
||||
ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
|
||||
ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF;
|
||||
|
@ -2750,7 +2758,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||
if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
|
||||
ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
|
||||
}
|
||||
|
||||
|
@ -3062,7 +3070,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||
int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
||||
{
|
||||
|
@ -3144,6 +3152,12 @@ static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
||||
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
ssl->handshake != NULL )
|
||||
{
|
||||
|
@ -3158,8 +3172,6 @@ static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->in_msg_seq++;
|
||||
}
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -3446,6 +3458,18 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
|||
* uint16 epoch; // DTLS only
|
||||
* uint48 sequence_number; // DTLS only
|
||||
* uint16 length;
|
||||
*
|
||||
* Return 0 if header looks sane (and, for DTLS, the record is expected)
|
||||
* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
|
||||
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
|
||||
*
|
||||
* With DTLS, mbedtls_ssl_read_record() will:
|
||||
* 1. proceed with the record if this function returns 0
|
||||
* 2. drop only the current record if this function returns UNEXPECTED_RECORD
|
||||
* 3. return CLIENT_RECONNECT if this function return that value
|
||||
* 4. drop the whole datagram if this function returns anything else.
|
||||
* Point 2 is needed when the peer is resending, and we have already received
|
||||
* the first record from a datagram but are still waiting for the others.
|
||||
*/
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -3481,34 +3505,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
/* Drop unexpected ChangeCipherSpec messages */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/* Drop unexpected ApplicationData records,
|
||||
* except at the beginning of renegotiations */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
|
||||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Check version */
|
||||
if( major_ver != ssl->major_ver )
|
||||
{
|
||||
|
@ -3522,53 +3518,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/* Check epoch (and sequence number) with DTLS */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||
|
||||
if( rec_epoch != ssl->in_epoch )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||
"expected %d, received %d",
|
||||
ssl->in_epoch, rec_epoch ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/*
|
||||
* Check for an epoch 0 ClientHello. We can't use in_msg here to
|
||||
* access the first byte of record content (handshake type), as we
|
||||
* have an active transform (possibly iv_len != 0), so use the
|
||||
* fact that the record header len is 13 instead.
|
||||
*/
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
rec_epoch == 0 &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_left > 13 &&
|
||||
ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
|
||||
"from the same port" ) );
|
||||
return( ssl_handle_possible_reconnect( ssl ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
/* Replay detection only works for the current epoch */
|
||||
if( rec_epoch == ssl->in_epoch &&
|
||||
mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/* Check length against the size of our buffer */
|
||||
if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN
|
||||
- (size_t)( ssl->in_msg - ssl->in_buf ) )
|
||||
|
@ -3618,6 +3567,82 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* DTLS-related tests done last, because most of them may result in
|
||||
* silently dropping the record (but not the whole datagram), and we only
|
||||
* want to consider that after ensuring that the "basic" fields (type,
|
||||
* version, length) are sane.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||
|
||||
/* Drop unexpected ChangeCipherSpec messages */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
/* Drop unexpected ApplicationData records,
|
||||
* except at the beginning of renegotiations */
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
|
||||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
|
||||
#endif
|
||||
)
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
/* Check epoch (and sequence number) with DTLS */
|
||||
if( rec_epoch != ssl->in_epoch )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||
"expected %d, received %d",
|
||||
ssl->in_epoch, rec_epoch ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/*
|
||||
* Check for an epoch 0 ClientHello. We can't use in_msg here to
|
||||
* access the first byte of record content (handshake type), as we
|
||||
* have an active transform (possibly iv_len != 0), so use the
|
||||
* fact that the record header len is 13 instead.
|
||||
*/
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||
rec_epoch == 0 &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_left > 13 &&
|
||||
ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
|
||||
"from the same port" ) );
|
||||
return( ssl_handle_possible_reconnect( ssl ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
/* Replay detection only works for the current epoch */
|
||||
if( rec_epoch == ssl->in_epoch &&
|
||||
mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -3674,10 +3699,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
// TODO: what's the purpose of these lines? is in_len used?
|
||||
ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
|
||||
ssl->in_len[1] = (unsigned char)( ssl->in_msglen );
|
||||
}
|
||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||
|
||||
|
@ -3696,8 +3717,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
|
|||
/*
|
||||
* Read a record.
|
||||
*
|
||||
* For DTLS, silently ignore invalid records (RFC 4.1.2.7.)
|
||||
* and continue reading until a valid record is found.
|
||||
* Silently ignore non-fatal alert (and for DTLS, invalid records as well,
|
||||
* RFC 6347 4.1.2.7) and continue reading until a valid record is found.
|
||||
*
|
||||
*/
|
||||
int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -3705,6 +3727,38 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
|
||||
|
||||
do {
|
||||
|
||||
if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_handle_message_type( ssl );
|
||||
|
||||
} while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
|
||||
|
||||
if( 0 != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
mbedtls_ssl_update_handshake_status( ssl );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
|
||||
{
|
||||
/*
|
||||
|
@ -3718,9 +3772,6 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
|
||||
ssl->in_msg, ssl->in_msglen );
|
||||
|
||||
if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
@ -3732,6 +3783,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
read_record_header:
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||
|
@ -3744,13 +3796,26 @@ read_record_header:
|
|||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
|
||||
{
|
||||
/* Ignore bad record and get next one; drop the whole datagram
|
||||
* since current header cannot be trusted to find the next record
|
||||
* in current datagram */
|
||||
ssl->next_record_offset = 0;
|
||||
ssl->in_left = 0;
|
||||
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
|
||||
{
|
||||
/* Skip unexpected record (but not whole datagram) */
|
||||
ssl->next_record_offset = ssl->in_msglen
|
||||
+ mbedtls_ssl_hdr_len( ssl );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (header)" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
|
||||
"(header)" ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Skip invalid record and the rest of the datagram */
|
||||
ssl->next_record_offset = 0;
|
||||
ssl->in_left = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
|
||||
"(header)" ) );
|
||||
}
|
||||
|
||||
/* Get next record */
|
||||
goto read_record_header;
|
||||
}
|
||||
#endif
|
||||
|
@ -3872,13 +3937,22 @@ read_record_header:
|
|||
}
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
||||
/*
|
||||
* Handle particular types of records
|
||||
*/
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
||||
|
@ -3887,7 +3961,7 @@ read_record_header:
|
|||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||
|
||||
/*
|
||||
* Ignore non-fatal alerts, except close_notify
|
||||
* Ignore non-fatal alerts, except close_notify and no_renegotiation
|
||||
*/
|
||||
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
|
||||
{
|
||||
|
@ -3902,9 +3976,32 @@ read_record_header:
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
|
||||
return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
|
||||
}
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
|
||||
if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
|
||||
/* Will be handled when trying to parse ServerHello */
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
||||
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
|
||||
/* Will be handled in mbedtls_ssl_parse_certificate() */
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
/* Silently ignore: fetch new message */
|
||||
return MBEDTLS_ERR_SSL_NON_FATAL;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -3968,7 +4065,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||
ssl->state++;
|
||||
|
@ -3987,7 +4085,8 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||
ssl->state++;
|
||||
|
@ -4009,7 +4108,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||
ssl->state++;
|
||||
|
@ -4124,7 +4224,8 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||
ssl->state++;
|
||||
|
@ -4276,7 +4377,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
|
||||
ssl->in_msg + i, n );
|
||||
if( ret != 0 )
|
||||
if( 0 != ret && ( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND ) != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
|
||||
return( ret );
|
||||
|
@ -4942,7 +5043,12 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
|||
|
||||
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
|
||||
|
||||
// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
|
||||
/*
|
||||
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
|
||||
* may define some other value. Currently (early 2016), no defined
|
||||
* ciphersuite does this (and this is unlikely to change as activity has
|
||||
* moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
|
||||
*/
|
||||
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
|
@ -5146,6 +5252,13 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
|||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_init( &handshake->ecdh_ctx );
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
handshake->ecjpake_cache = NULL;
|
||||
handshake->ecjpake_cache_len = 0;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
|
||||
|
@ -5517,9 +5630,9 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
|
|||
|
||||
void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
|
||||
void *p_bio,
|
||||
int (*f_send)(void *, const unsigned char *, size_t),
|
||||
int (*f_recv)(void *, unsigned char *, size_t),
|
||||
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) )
|
||||
mbedtls_ssl_send_t *f_send,
|
||||
mbedtls_ssl_recv_t *f_recv,
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout )
|
||||
{
|
||||
ssl->p_bio = p_bio;
|
||||
ssl->f_send = f_send;
|
||||
|
@ -5534,8 +5647,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
|
|||
|
||||
void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
|
||||
void *p_timer,
|
||||
void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
|
||||
int (*f_get_timer)(void *) )
|
||||
mbedtls_ssl_set_timer_t *f_set_timer,
|
||||
mbedtls_ssl_get_timer_t *f_get_timer )
|
||||
{
|
||||
ssl->p_timer = p_timer;
|
||||
ssl->f_set_timer = f_set_timer;
|
||||
|
@ -5679,6 +5792,32 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* Set EC J-PAKE password for current handshake
|
||||
*/
|
||||
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *pw,
|
||||
size_t pw_len )
|
||||
{
|
||||
mbedtls_ecjpake_role role;
|
||||
|
||||
if( ssl->handshake == NULL || ssl->conf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
role = MBEDTLS_ECJPAKE_SERVER;
|
||||
else
|
||||
role = MBEDTLS_ECJPAKE_CLIENT;
|
||||
|
||||
return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
|
||||
role,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
pw, pw_len ) );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
||||
const unsigned char *psk, size_t psk_len,
|
||||
|
@ -5701,13 +5840,17 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
|||
{
|
||||
mbedtls_free( conf->psk );
|
||||
mbedtls_free( conf->psk_identity );
|
||||
conf->psk = NULL;
|
||||
conf->psk_identity = NULL;
|
||||
}
|
||||
|
||||
if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
|
||||
( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
|
||||
{
|
||||
mbedtls_free( conf->psk );
|
||||
mbedtls_free( conf->psk_identity );
|
||||
conf->psk = NULL;
|
||||
conf->psk_identity = NULL;
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
}
|
||||
|
||||
|
@ -5730,14 +5873,10 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( ssl->handshake->psk != NULL )
|
||||
mbedtls_free( ssl->conf->psk );
|
||||
mbedtls_free( ssl->handshake->psk );
|
||||
|
||||
if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
|
||||
{
|
||||
mbedtls_free( ssl->handshake->psk );
|
||||
ssl->handshake->psk = NULL;
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
}
|
||||
|
||||
ssl->handshake->psk_len = psk_len;
|
||||
memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
|
||||
|
@ -5798,7 +5937,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||
}
|
||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
/*
|
||||
* Set allowed/preferred hashes for handshake signatures
|
||||
*/
|
||||
|
@ -5833,6 +5972,9 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
|||
if( hostname_len + 1 == 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
|
||||
|
||||
if( ssl->hostname == NULL )
|
||||
|
@ -6001,6 +6143,16 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
|||
#endif
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_export_keys_t *f_export_keys,
|
||||
void *p_export_keys )
|
||||
{
|
||||
conf->f_export_keys = f_export_keys;
|
||||
conf->p_export_keys = p_export_keys;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SSL get accessors
|
||||
*/
|
||||
|
@ -6821,8 +6973,17 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
|
|||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_free( &handshake->ecdh_ctx );
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
mbedtls_free( handshake->ecjpake_cache );
|
||||
handshake->ecjpake_cache = NULL;
|
||||
handshake->ecjpake_cache_len = 0;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/* explicit void pointer cast for buggy MS compiler */
|
||||
mbedtls_free( (void *) handshake->curves );
|
||||
#endif
|
||||
|
@ -6970,13 +7131,30 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
|||
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static int ssl_preset_default_hashes[] = {
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
MBEDTLS_MD_SHA512,
|
||||
MBEDTLS_MD_SHA384,
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA224,
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
MBEDTLS_MD_SHA1,
|
||||
#endif
|
||||
MBEDTLS_MD_NONE
|
||||
};
|
||||
#endif
|
||||
|
||||
static int ssl_preset_suiteb_ciphersuites[] = {
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
0
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static int ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
|
@ -6993,7 +7171,7 @@ static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
|
|||
#endif
|
||||
|
||||
/*
|
||||
* Load default in mbetls_ssl_config
|
||||
* Load default in mbedtls_ssl_config
|
||||
*/
|
||||
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
int endpoint, int transport, int preset )
|
||||
|
@ -7092,7 +7270,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
||||
#endif
|
||||
|
||||
|
@ -7125,8 +7303,8 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
conf->sig_hashes = mbedtls_md_list();
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
conf->sig_hashes = ssl_preset_default_hashes;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
|
@ -7170,7 +7348,8 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
|||
mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
|
||||
/*
|
||||
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
||||
*/
|
||||
|
@ -7203,7 +7382,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
|
|||
return( MBEDTLS_PK_NONE );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
|
||||
|
||||
/*
|
||||
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
||||
|
@ -7289,7 +7468,7 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
|
|||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
/*
|
||||
* Check if a hash proposed by the peer is in our list.
|
||||
* Return 0 if we're willing to use it, -1 otherwise.
|
||||
|
@ -7308,7 +7487,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
|||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
|
@ -7359,6 +7538,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
|||
case MBEDTLS_KEY_EXCHANGE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
|
||||
usage = 0;
|
||||
}
|
||||
}
|
||||
|
@ -7453,4 +7633,47 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
|||
}
|
||||
}
|
||||
|
||||
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
|
||||
|
||||
switch( md )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
case MBEDTLS_SSL_HASH_MD5:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
case MBEDTLS_SSL_HASH_SHA1:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls;
|
||||
break;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
case MBEDTLS_SSL_HASH_SHA384:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_SSL_HASH_SHA256:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
|
||||
}
|
||||
|
||||
return 0;
|
||||
#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
(void) ssl;
|
||||
(void) md;
|
||||
|
||||
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
|
||||
{
|
||||
if( mutex == NULL )
|
||||
if( mutex == NULL || mutex->is_valid )
|
||||
return;
|
||||
|
||||
mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
|
||||
|
@ -40,10 +40,11 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
|
|||
|
||||
static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
|
||||
{
|
||||
if( mutex == NULL )
|
||||
if( mutex == NULL || !mutex->is_valid )
|
||||
return;
|
||||
|
||||
(void) pthread_mutex_destroy( &mutex->mutex );
|
||||
mutex->is_valid = 0;
|
||||
}
|
||||
|
||||
static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
|
||||
|
|
|
@ -38,6 +38,11 @@
|
|||
|
||||
#if !defined(MBEDTLS_TIMING_ALT)
|
||||
|
||||
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
|
||||
!defined(__APPLE__) && !defined(_WIN32)
|
||||
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
|
||||
#endif
|
||||
|
||||
#ifndef asm
|
||||
#define asm __asm
|
||||
#endif
|
||||
|
|
|
@ -54,6 +54,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
|
||||
"MBEDTLS_PLATFORM_EXIT_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
|
||||
"MBEDTLS_PLATFORM_TIME_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
|
||||
"MBEDTLS_PLATFORM_FPRINTF_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
|
||||
|
@ -63,6 +66,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
|
||||
"MBEDTLS_PLATFORM_SNPRINTF_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
|
||||
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
|
||||
"MBEDTLS_PLATFORM_NV_SEED_ALT",
|
||||
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
"MBEDTLS_DEPRECATED_WARNING",
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
|
@ -153,6 +159,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_AES_DECRYPT_ALT)
|
||||
"MBEDTLS_AES_DECRYPT_ALT",
|
||||
#endif /* MBEDTLS_AES_DECRYPT_ALT */
|
||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||
"MBEDTLS_TEST_NULL_ENTROPY",
|
||||
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
|
||||
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
|
||||
"MBEDTLS_ENTROPY_HARDWARE_ALT",
|
||||
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
|
@ -264,6 +273,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
|
||||
"MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED",
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
"MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED",
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
|
||||
"MBEDTLS_PK_PARSE_EC_EXTENDED",
|
||||
#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
|
||||
|
@ -285,6 +297,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
|
||||
"MBEDTLS_ENTROPY_FORCE_SHA256",
|
||||
#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
|
||||
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||
"MBEDTLS_ENTROPY_NV_SEED",
|
||||
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
"MBEDTLS_MEMORY_DEBUG",
|
||||
#endif /* MBEDTLS_MEMORY_DEBUG */
|
||||
|
@ -309,9 +324,6 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_SHA256_SMALLER)
|
||||
"MBEDTLS_SHA256_SMALLER",
|
||||
#endif /* MBEDTLS_SHA256_SMALLER */
|
||||
#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
|
||||
"MBEDTLS_SSL_AEAD_RANDOM_IV",
|
||||
#endif /* MBEDTLS_SSL_AEAD_RANDOM_IV */
|
||||
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
|
||||
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
|
||||
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
|
||||
|
@ -378,6 +390,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
"MBEDTLS_SSL_SESSION_TICKETS",
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
"MBEDTLS_SSL_EXPORT_KEYS",
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
"MBEDTLS_SSL_SERVER_NAME_INDICATION",
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
@ -447,6 +462,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_CIPHER_C)
|
||||
"MBEDTLS_CIPHER_C",
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
"MBEDTLS_CMAC_C",
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
"MBEDTLS_CTR_DRBG_C",
|
||||
#endif /* MBEDTLS_CTR_DRBG_C */
|
||||
|
@ -465,6 +483,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_ECDSA_C)
|
||||
"MBEDTLS_ECDSA_C",
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
"MBEDTLS_ECJPAKE_C",
|
||||
#endif /* MBEDTLS_ECJPAKE_C */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
"MBEDTLS_ECP_C",
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
|
|
@ -53,10 +53,15 @@
|
|||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_free free
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#define mbedtls_printf printf
|
||||
#define mbedtls_snprintf snprintf
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
|
@ -75,6 +80,7 @@
|
|||
#endif
|
||||
|
||||
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
|
||||
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
|
||||
|
||||
/*
|
||||
* CertificateSerialNumber ::= INTEGER
|
||||
|
@ -484,6 +490,33 @@ static int x509_parse_int(unsigned char **p, unsigned n, int *res){
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int x509_date_is_valid(const mbedtls_x509_time *time)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
|
||||
|
||||
CHECK_RANGE( 0, 9999, time->year );
|
||||
CHECK_RANGE( 0, 23, time->hour );
|
||||
CHECK_RANGE( 0, 59, time->min );
|
||||
CHECK_RANGE( 0, 59, time->sec );
|
||||
|
||||
switch( time->mon )
|
||||
{
|
||||
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
|
||||
CHECK_RANGE( 1, 31, time->day );
|
||||
break;
|
||||
case 4: case 6: case 9: case 11:
|
||||
CHECK_RANGE( 1, 30, time->day );
|
||||
break;
|
||||
case 2:
|
||||
CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
|
||||
break;
|
||||
default:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Time ::= CHOICE {
|
||||
* utcTime UTCTime,
|
||||
|
@ -523,6 +556,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
|||
time->year += 100 * ( time->year < 50 );
|
||||
time->year += 1900;
|
||||
|
||||
CHECK( x509_date_is_valid( time ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
|
||||
|
@ -543,6 +578,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
|||
if( len > 14 && *(*p)++ != 'Z' )
|
||||
return( MBEDTLS_ERR_X509_INVALID_DATE );
|
||||
|
||||
CHECK( x509_date_is_valid( time ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
else
|
||||
|
@ -554,16 +591,18 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x
|
|||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
int tag_type;
|
||||
|
||||
if( ( end - *p ) < 1 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
|
||||
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
sig->tag = **p;
|
||||
tag_type = **p;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
|
||||
|
||||
sig->tag = tag_type;
|
||||
sig->len = len;
|
||||
sig->p = *p;
|
||||
|
||||
|
@ -843,7 +882,7 @@ static int x509_get_current_time( mbedtls_x509_time *now )
|
|||
static int x509_get_current_time( mbedtls_x509_time *now )
|
||||
{
|
||||
struct tm *lt;
|
||||
time_t tt;
|
||||
mbedtls_time_t tt;
|
||||
int ret = 0;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
@ -851,7 +890,7 @@ static int x509_get_current_time( mbedtls_x509_time *now )
|
|||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
tt = time( NULL );
|
||||
tt = mbedtls_time( NULL );
|
||||
lt = gmtime( &tt );
|
||||
|
||||
if( lt == NULL )
|
||||
|
|
|
@ -259,13 +259,16 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
|
|||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
if( *p - start < (int) size + 1 )
|
||||
if( *p < start || (size_t)( *p - start ) < size )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size;
|
||||
(*p) -= len;
|
||||
memcpy( *p, sig, len );
|
||||
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = 0;
|
||||
len += 1;
|
||||
|
||||
|
|
|
@ -502,14 +502,15 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
|
|||
{
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
// Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
|
||||
// string
|
||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
|
|
|
@ -186,8 +186,10 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA )
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA ||
|
||||
pk_alg == MBEDTLS_PK_ECKEY ||
|
||||
pk_alg == MBEDTLS_PK_ECKEY_DH )
|
||||
{
|
||||
mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
|
||||
|
||||
|
@ -514,9 +516,6 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||
/*
|
||||
* X.509 v3 extensions
|
||||
*
|
||||
* TODO: Perform all of the basic constraints tests required by the RFC
|
||||
* TODO: Set values for undetected extensions to a sane default?
|
||||
*
|
||||
*/
|
||||
static int x509_get_crt_ext( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
|
@ -678,14 +677,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
|
|||
if( crt == NULL || buf == NULL )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
p = mbedtls_calloc( 1, len = buflen );
|
||||
if( p == NULL )
|
||||
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
crt->raw.p = p;
|
||||
crt->raw.len = len;
|
||||
// Use the original buffer until we figure out actual length
|
||||
p = (unsigned char*) buf;
|
||||
len = buflen;
|
||||
end = p + len;
|
||||
|
||||
/*
|
||||
|
@ -709,6 +703,18 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
|
|||
}
|
||||
crt_end = p + len;
|
||||
|
||||
// Create and populate a new buffer for the raw field
|
||||
crt->raw.len = crt_end - buf;
|
||||
crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
|
||||
if( p == NULL )
|
||||
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, crt->raw.len );
|
||||
|
||||
// Direct pointers to the new buffer
|
||||
p += crt->raw.len - len;
|
||||
end = crt_end = p + len;
|
||||
|
||||
/*
|
||||
* TBSCertificate ::= SEQUENCE {
|
||||
*/
|
||||
|
@ -964,7 +970,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *bu
|
|||
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int success = 0, first_error = 0, total_failed = 0;
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
int buf_format = MBEDTLS_X509_FORMAT_DER;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
|
@ -982,10 +990,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||
{
|
||||
buf_format = MBEDTLS_X509_FORMAT_PEM;
|
||||
}
|
||||
#endif
|
||||
|
||||
if( buf_format == MBEDTLS_X509_FORMAT_DER )
|
||||
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
||||
#else
|
||||
return mbedtls_x509_crt_parse_der( chain, buf, buflen );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
if( buf_format == MBEDTLS_X509_FORMAT_PEM )
|
||||
|
@ -1058,7 +1068,6 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||
success = 1;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
|
||||
if( success )
|
||||
return( total_failed );
|
||||
|
@ -1066,6 +1075,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
|
|||
return( first_error );
|
||||
else
|
||||
return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
|
||||
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
|
@ -1097,7 +1107,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
WCHAR szDir[MAX_PATH];
|
||||
char filename[MAX_PATH];
|
||||
char *p;
|
||||
int len = (int) strlen( path );
|
||||
size_t len = strlen( path );
|
||||
|
||||
WIN32_FIND_DATAW file_data;
|
||||
HANDLE hFind;
|
||||
|
@ -1131,7 +1141,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
|
||||
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
||||
lstrlenW( file_data.cFileName ),
|
||||
p, len - 1,
|
||||
p, (int) len - 1,
|
||||
NULL, NULL );
|
||||
if( w_ret == 0 )
|
||||
return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
||||
|
@ -1150,9 +1160,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
FindClose( hFind );
|
||||
#else /* _WIN32 */
|
||||
int t_ret;
|
||||
int snp_ret;
|
||||
struct stat sb;
|
||||
struct dirent *entry;
|
||||
char entry_name[255];
|
||||
char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
|
||||
DIR *dir = opendir( path );
|
||||
|
||||
if( dir == NULL )
|
||||
|
@ -1168,11 +1179,16 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
|
||||
while( ( entry = readdir( dir ) ) != NULL )
|
||||
{
|
||||
mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
|
||||
snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
|
||||
"%s/%s", path, entry->d_name );
|
||||
|
||||
if( stat( entry_name, &sb ) == -1 )
|
||||
if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
|
||||
{
|
||||
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
|
||||
goto cleanup;
|
||||
}
|
||||
else if( stat( entry_name, &sb ) == -1 )
|
||||
{
|
||||
closedir( dir );
|
||||
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
@ -1188,9 +1204,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|||
else
|
||||
ret += t_ret;
|
||||
}
|
||||
closedir( dir );
|
||||
|
||||
cleanup:
|
||||
closedir( dir );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
|
||||
ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
|
||||
|
@ -1347,6 +1364,14 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
|
|||
p = buf;
|
||||
n = size;
|
||||
|
||||
if( NULL == crt )
|
||||
{
|
||||
ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
return( (int) ( size - n ) );
|
||||
}
|
||||
|
||||
ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
|
||||
prefix, crt->version );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
@ -1598,7 +1623,8 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509
|
|||
}
|
||||
|
||||
/*
|
||||
* Check that the given certificate is valid according to the CRL.
|
||||
* Check that the given certificate is not revoked according to the CRL.
|
||||
* Skip validation is no CRL for the given CA is present.
|
||||
*/
|
||||
static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
||||
mbedtls_x509_crl *crl_list,
|
||||
|
@ -1611,12 +1637,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
|||
if( ca == NULL )
|
||||
return( flags );
|
||||
|
||||
/*
|
||||
* TODO: What happens if no CRL is present?
|
||||
* Suggestion: Revocation state should be unknown if no CRL is present.
|
||||
* For backwards compatibility this is not yet implemented.
|
||||
*/
|
||||
|
||||
while( crl_list != NULL )
|
||||
{
|
||||
if( crl_list->version == 0 ||
|
||||
|
@ -1875,7 +1895,7 @@ static int x509_crt_verify_top(
|
|||
mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
|
||||
mbedtls_x509_crl *ca_crl,
|
||||
const mbedtls_x509_crt_profile *profile,
|
||||
int path_cnt, uint32_t *flags,
|
||||
int path_cnt, int self_cnt, uint32_t *flags,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
|
@ -1931,8 +1951,19 @@ static int x509_crt_verify_top(
|
|||
check_path_cnt--;
|
||||
}
|
||||
|
||||
/* Self signed certificates do not count towards the limit */
|
||||
if( trust_ca->max_pathlen > 0 &&
|
||||
trust_ca->max_pathlen < check_path_cnt )
|
||||
trust_ca->max_pathlen < check_path_cnt - self_cnt )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
@ -1972,12 +2003,6 @@ static int x509_crt_verify_top(
|
|||
((void) ca_crl);
|
||||
#endif
|
||||
|
||||
if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
|
||||
ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
|
||||
|
||||
if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
|
||||
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
|
||||
|
||||
if( NULL != f_vrfy )
|
||||
{
|
||||
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
|
||||
|
@ -2004,7 +2029,7 @@ static int x509_crt_verify_child(
|
|||
mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
|
||||
mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
|
||||
const mbedtls_x509_crt_profile *profile,
|
||||
int path_cnt, uint32_t *flags,
|
||||
int path_cnt, int self_cnt, uint32_t *flags,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
|
@ -2014,6 +2039,10 @@ static int x509_crt_verify_child(
|
|||
mbedtls_x509_crt *grandparent;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
||||
/* Counting intermediate self signed certificates */
|
||||
if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
|
||||
self_cnt++;
|
||||
|
||||
/* path_cnt is 0 for the first intermediate CA */
|
||||
if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
|
||||
{
|
||||
|
@ -2074,7 +2103,7 @@ static int x509_crt_verify_child(
|
|||
if( grandparent != NULL )
|
||||
{
|
||||
ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
|
||||
path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
|
||||
path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
@ -2085,6 +2114,15 @@ static int x509_crt_verify_child(
|
|||
grandparent != NULL;
|
||||
grandparent = grandparent->next )
|
||||
{
|
||||
/* +2 because the current step is not yet accounted for
|
||||
* and because max_pathlen is one higher than it should be.
|
||||
* Also self signed certificates do not count to the limit. */
|
||||
if( grandparent->max_pathlen > 0 &&
|
||||
grandparent->max_pathlen < 2 + path_cnt - self_cnt )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if( x509_crt_check_parent( parent, grandparent,
|
||||
0, path_cnt == 0 ) == 0 )
|
||||
break;
|
||||
|
@ -2094,7 +2132,7 @@ static int x509_crt_verify_child(
|
|||
if( grandparent != NULL )
|
||||
{
|
||||
ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
|
||||
profile, path_cnt + 1, &parent_flags,
|
||||
profile, path_cnt + 1, self_cnt, &parent_flags,
|
||||
f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -2102,7 +2140,7 @@ static int x509_crt_verify_child(
|
|||
else
|
||||
{
|
||||
ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
|
||||
path_cnt + 1, &parent_flags,
|
||||
path_cnt + 1, self_cnt, &parent_flags,
|
||||
f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -2147,10 +2185,11 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||
{
|
||||
size_t cn_len;
|
||||
int ret;
|
||||
int pathlen = 0;
|
||||
int pathlen = 0, selfsigned = 0;
|
||||
mbedtls_x509_crt *parent;
|
||||
mbedtls_x509_name *name;
|
||||
mbedtls_x509_sequence *cur = NULL;
|
||||
mbedtls_pk_type_t pk_type;
|
||||
|
||||
if( profile == NULL )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
@ -2209,6 +2248,15 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||
}
|
||||
}
|
||||
|
||||
/* Check the type and size of the key */
|
||||
pk_type = mbedtls_pk_get_type( &crt->pk );
|
||||
|
||||
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
|
||||
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
|
||||
|
||||
if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
|
||||
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
||||
|
||||
/* Look for a parent in trusted CAs */
|
||||
for( parent = trust_ca; parent != NULL; parent = parent->next )
|
||||
{
|
||||
|
@ -2219,7 +2267,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||
if( parent != NULL )
|
||||
{
|
||||
ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
|
||||
pathlen, flags, f_vrfy, p_vrfy );
|
||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
@ -2227,23 +2275,21 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||
{
|
||||
/* Look for a parent upwards the chain */
|
||||
for( parent = crt->next; parent != NULL; parent = parent->next )
|
||||
{
|
||||
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
|
||||
break;
|
||||
}
|
||||
|
||||
/* Are we part of the chain or at the top? */
|
||||
if( parent != NULL )
|
||||
{
|
||||
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
|
||||
pathlen, flags, f_vrfy, p_vrfy );
|
||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
|
||||
pathlen, flags, f_vrfy, p_vrfy );
|
||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -104,7 +104,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
|||
/*
|
||||
* Check for valid input
|
||||
*/
|
||||
if( csr == NULL || buf == NULL )
|
||||
if( csr == NULL || buf == NULL || buflen == 0 )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_x509_csr_init( csr );
|
||||
|
@ -207,6 +207,13 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
|||
|
||||
/*
|
||||
* attributes [0] Attributes
|
||||
*
|
||||
* The list of possible attributes is open-ended, though RFC 2985
|
||||
* (PKCS#9) defines a few in section 5.4. We currently don't support any,
|
||||
* so we just ignore them. This is a safe thing to do as the worst thing
|
||||
* that could happen is that we issue a certificate that does not match
|
||||
* the requester's expectations - this cannot cause a violation of our
|
||||
* signature policies.
|
||||
*/
|
||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
|
||||
|
@ -214,7 +221,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
|
|||
mbedtls_x509_csr_free( csr );
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
|
||||
}
|
||||
// TODO Parse Attributes / extension requests
|
||||
|
||||
p += len;
|
||||
|
||||
|
@ -268,14 +274,14 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
|
|||
/*
|
||||
* Check for valid input
|
||||
*/
|
||||
if( csr == NULL || buf == NULL )
|
||||
if( csr == NULL || buf == NULL || buflen == 0 )
|
||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||
mbedtls_pem_init( &pem );
|
||||
|
||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||
if( buf[buflen - 1] != '\0' )
|
||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||
else
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue