Add missing f_rng/p_rng arguments to x509write_crt
This commit is contained in:
parent
53c642504e
commit
31e59400d2
5 changed files with 85 additions and 28 deletions
|
@ -373,11 +373,20 @@ void x509write_crt_free( x509write_cert *ctx );
|
|||
* \param crt certificate to write away
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
* \param f_rng RNG function (for signature, see note)
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return length of data written if successful, or a specific
|
||||
* error code
|
||||
*
|
||||
* \note f_rng may be NULL if RSA is used for signature and the
|
||||
* signature is made offline (otherwise f_rng is desirable
|
||||
* for countermeasures against timing attacks).
|
||||
* ECDSA signatures always require a non-NULL f_rng.
|
||||
*/
|
||||
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size );
|
||||
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Write a public key to a DER structure
|
||||
|
@ -441,10 +450,19 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
|
|||
* \param crt certificate to write away
|
||||
* \param buf buffer to write to
|
||||
* \param size size of the buffer
|
||||
* \param f_rng RNG function (for signature, see note)
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 successful, or a specific error code
|
||||
*
|
||||
* \note f_rng may be NULL if RSA is used for signature and the
|
||||
* signature is made offline (otherwise f_rng is desirable
|
||||
* for countermeasures against timing attacks).
|
||||
* ECDSA signatures always require a non-NULL f_rng.
|
||||
*/
|
||||
int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size );
|
||||
int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Write a public key to a PEM string
|
||||
|
|
|
@ -905,7 +905,9 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
|
|||
return( len );
|
||||
}
|
||||
|
||||
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size )
|
||||
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
const char *sig_oid;
|
||||
|
@ -1007,7 +1009,7 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size )
|
|||
md( md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||
|
||||
if( ( ret = pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
|
||||
NULL, NULL ) ) != 0 )
|
||||
f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
@ -1083,13 +1085,15 @@ static int x509write_pemify( const char *begin_str, const char *end_str,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
int x509write_crt_pem( x509write_cert *crt, unsigned char *buf, size_t size )
|
||||
int x509write_crt_pem( x509write_cert *crt, unsigned char *buf, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
unsigned char output_buf[4096];
|
||||
|
||||
if( ( ret = x509write_crt_der( crt, output_buf,
|
||||
sizeof(output_buf) ) ) < 0 )
|
||||
if( ( ret = x509write_crt_der( crt, output_buf, sizeof(output_buf),
|
||||
f_rng, p_rng ) ) < 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -34,19 +34,21 @@
|
|||
#include "polarssl/config.h"
|
||||
|
||||
#include "polarssl/x509write.h"
|
||||
#include "polarssl/error.h"
|
||||
#include "polarssl/entropy.h"
|
||||
#include "polarssl/ctr_drbg.h"
|
||||
#include "polarssl/error.h"
|
||||
|
||||
#if !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
|
||||
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
|
||||
#if !defined(POLARSSL_X509_WRITE_C) || !defined(POLARSSL_X509_PARSE_C) || \
|
||||
!defined(POLARSSL_FS_IO) || \
|
||||
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
|
||||
!defined(POLARSSL_ERROR_C)
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
((void) argc);
|
||||
((void) argv);
|
||||
|
||||
printf( "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
|
||||
printf( "POLARSSL_X509_WRITE_C and/or POLARSSL_X509_PARSE_C and/or "
|
||||
"POLARSSL_FS_IO and/or "
|
||||
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
|
||||
"POLARSSL_ERROR_C not defined.\n");
|
||||
return( 0 );
|
||||
|
@ -333,6 +335,6 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
|
||||
#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
|
||||
POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
|
||||
POLARSSL_ERROR_C */
|
||||
|
|
|
@ -33,24 +33,24 @@
|
|||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#include "polarssl/error.h"
|
||||
#include "polarssl/rsa.h"
|
||||
#include "polarssl/x509.h"
|
||||
#include "polarssl/base64.h"
|
||||
#include "polarssl/x509write.h"
|
||||
#include "polarssl/oid.h"
|
||||
#include "polarssl/entropy.h"
|
||||
#include "polarssl/ctr_drbg.h"
|
||||
#include "polarssl/error.h"
|
||||
|
||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
|
||||
!defined(POLARSSL_X509_WRITE_C) || !defined(POLARSSL_FS_IO) || \
|
||||
#if !defined(POLARSSL_X509_WRITE_C) || !defined(POLARSSL_X509_PARSE_C) || \
|
||||
!defined(POLARSSL_FS_IO) || \
|
||||
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
|
||||
!defined(POLARSSL_ERROR_C)
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
((void) argc);
|
||||
((void) argv);
|
||||
|
||||
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
|
||||
"POLARSSL_X509_WRITE_C and/or POLARSSL_FS_IO and/or "
|
||||
"POLARSSL_ERROR_C not defined.\n");
|
||||
printf( "POLARSSL_X509_WRITE_C and/or POLARSSL_X509_PARSE_C and/or "
|
||||
"POLARSSL_FS_IO and/or "
|
||||
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
|
||||
"POLARSSL_ERROR_C not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
@ -97,7 +97,9 @@ struct options
|
|||
unsigned char ns_cert_type; /* NS cert type */
|
||||
} opt;
|
||||
|
||||
int write_certificate( x509write_cert *crt, char *output_file )
|
||||
int write_certificate( x509write_cert *crt, char *output_file,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret;
|
||||
FILE *f;
|
||||
|
@ -105,7 +107,7 @@ int write_certificate( x509write_cert *crt, char *output_file )
|
|||
size_t len = 0;
|
||||
|
||||
memset( output_buf, 0, 4096 );
|
||||
if( ( ret = x509write_crt_pem( crt, output_buf, 4096 ) ) < 0 )
|
||||
if( ( ret = x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 )
|
||||
return( ret );
|
||||
|
||||
len = strlen( (char *) output_buf );
|
||||
|
@ -183,6 +185,9 @@ int main( int argc, char *argv[] )
|
|||
x509_csr csr;
|
||||
x509write_cert crt;
|
||||
mpi serial;
|
||||
entropy_context entropy;
|
||||
ctr_drbg_context ctr_drbg;
|
||||
const char *pers = "crt example app";
|
||||
|
||||
/*
|
||||
* Set to sane values
|
||||
|
@ -350,8 +355,29 @@ int main( int argc, char *argv[] )
|
|||
|
||||
printf("\n");
|
||||
|
||||
/*
|
||||
* 0. Seed the PRNG
|
||||
*/
|
||||
printf( " . Seeding the random number generator..." );
|
||||
fflush( stdout );
|
||||
|
||||
entropy_init( &entropy );
|
||||
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
error_strerror( ret, buf, 1024 );
|
||||
printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
// Parse serial to MPI
|
||||
//
|
||||
printf( " . Reading serial number..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
|
||||
{
|
||||
error_strerror( ret, buf, 1024 );
|
||||
|
@ -359,6 +385,8 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
// Parse issuer certificate if present
|
||||
//
|
||||
if( !opt.selfsign && strlen( opt.issuer_crt ) )
|
||||
|
@ -597,7 +625,8 @@ int main( int argc, char *argv[] )
|
|||
printf( " . Writing the certificate..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = write_certificate( &crt, opt.output_file ) ) != 0 )
|
||||
if( ( ret = write_certificate( &crt, opt.output_file,
|
||||
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
error_strerror( ret, buf, 1024 );
|
||||
printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
|
||||
|
@ -619,5 +648,6 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C &&
|
||||
POLARSSet_serial_X509_WRITE_C && POLARSSL_FS_IO */
|
||||
#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
|
||||
POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
|
||||
POLARSSL_ERROR_C */
|
||||
|
|
|
@ -76,7 +76,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
int ret;
|
||||
size_t olen = sizeof( check_buf );
|
||||
FILE *f;
|
||||
rnd_pseudo_info rnd_info;
|
||||
|
||||
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
||||
mpi_init( &serial );
|
||||
pk_init( &subject_key );
|
||||
pk_init( &issuer_key );
|
||||
|
@ -101,7 +103,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
||||
TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||
|
||||
ret = x509write_crt_der( &crt, buf, sizeof(buf) );
|
||||
ret = x509write_crt_der( &crt, buf, sizeof(buf),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret >= 0 );
|
||||
|
||||
c = buf + sizeof( buf ) - ret;
|
||||
|
|
Loading…
Reference in a new issue