Merge branch 'development' into mbedtls_private_with_python
Conflicts: include/mbedtls/ssl.h Conflicts resolved by using code from development branch and manually re-applying MBEDTLS_PRIVATE wrapping.
This commit is contained in:
commit
e7dce558c9
49 changed files with 405 additions and 2447 deletions
5
ChangeLog.d/aria-alt.txt
Normal file
5
ChangeLog.d/aria-alt.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
|
||||
directive in a header and a missing initialization in the self-test.
|
||||
* Fix a missing initialization in the Camellia self-test, affecting
|
||||
MBEDTLS_CAMELLIA_ALT implementations.
|
11
ChangeLog.d/issue4286.txt
Normal file
11
ChangeLog.d/issue4286.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
Removals
|
||||
* Remove the TLS 1.0, TLS 1.1 and DTLS 1.0 support by removing the following
|
||||
deprecated library constants: MBEDTLS_SSL_PROTO_TLS1,
|
||||
MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING,
|
||||
MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED,
|
||||
MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_RECORD_CHECKING,
|
||||
MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE,
|
||||
MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions:
|
||||
mbedtls_ssl_conf_cbc_record_splitting(),
|
||||
mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback().
|
||||
Fixes #4286.
|
2
ChangeLog.d/issue4403.txt
Normal file
2
ChangeLog.d/issue4403.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Removals
|
||||
* Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403.
|
5
ChangeLog.d/psa-without-genprime-fix.txt
Normal file
5
ChangeLog.d/psa-without-genprime-fix.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Restore the ability to configure PSA via Mbed TLS options to support RSA
|
||||
key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
|
||||
is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
|
||||
Fixes #4512.
|
9
ChangeLog.d/remove-rsa-mode-parameter.txt
Normal file
9
ChangeLog.d/remove-rsa-mode-parameter.txt
Normal file
|
@ -0,0 +1,9 @@
|
|||
Removals
|
||||
* The RSA module no longer supports private-key operations with the public
|
||||
key and vice versa.
|
||||
API changes
|
||||
* Remove the mode parameter from RSA operation functions. Signature and
|
||||
decryption functions now always use the private key and verification and
|
||||
encryption use the public key. Verification functions also no longer have
|
||||
RNG parameters.
|
||||
* The RNG is now mandatory for all private-key RSA operations.
|
|
@ -1,79 +0,0 @@
|
|||
/**
|
||||
* \file config-mini-tls1_1.h
|
||||
*
|
||||
* \brief Minimal configuration for TLS 1.1 (RFC 4346)
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
|
||||
* required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* See README.txt for usage instructions.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_H
|
||||
#define MBEDTLS_CONFIG_H
|
||||
|
||||
/* System support */
|
||||
#define MBEDTLS_HAVE_ASM
|
||||
#define MBEDTLS_HAVE_TIME
|
||||
|
||||
/* mbed TLS feature support */
|
||||
#define MBEDTLS_CIPHER_MODE_CBC
|
||||
#define MBEDTLS_PKCS1_V15
|
||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_1
|
||||
|
||||
/* mbed TLS modules */
|
||||
#define MBEDTLS_AES_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_CIPHER_C
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#define MBEDTLS_DES_C
|
||||
#define MBEDTLS_ENTROPY_C
|
||||
#define MBEDTLS_MD_C
|
||||
#define MBEDTLS_MD5_C
|
||||
#define MBEDTLS_NET_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_SHA1_C
|
||||
/* The library does not currently support enabling SHA-224 without SHA-256.
|
||||
* A future version of the library will have this option disabled
|
||||
* by default. */
|
||||
#define MBEDTLS_SHA224_C
|
||||
#define MBEDTLS_SHA256_C
|
||||
#define MBEDTLS_SSL_CLI_C
|
||||
#define MBEDTLS_SSL_SRV_C
|
||||
#define MBEDTLS_SSL_TLS_C
|
||||
#define MBEDTLS_X509_CRT_PARSE_C
|
||||
#define MBEDTLS_X509_USE_C
|
||||
|
||||
/* For test certificates */
|
||||
#define MBEDTLS_BASE64_C
|
||||
#define MBEDTLS_PEM_PARSE_C
|
||||
|
||||
/* For testing with compat.sh */
|
||||
#define MBEDTLS_FS_IO
|
||||
|
||||
#include "mbedtls/check_config.h"
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
29
docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
Normal file
29
docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
Normal file
|
@ -0,0 +1,29 @@
|
|||
Remove the mode parameter from RSA functions
|
||||
--------------------------------------------
|
||||
|
||||
This affects all users who use the RSA encryption, decryption, sign and
|
||||
verify APIs.
|
||||
|
||||
The RSA module no longer supports private-key operations with the public key or
|
||||
vice versa. As a consequence, RSA operation functions no longer have a mode
|
||||
parameter. If you were calling RSA operations with the normal mode (public key
|
||||
for verification or encryption, private key for signature or decryption), remove
|
||||
the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling
|
||||
RSA operations with the wrong mode, which rarely makes sense from a security
|
||||
perspective, this is no longer supported.
|
||||
|
||||
Remove the RNG parameter from RSA verify functions
|
||||
--------------------------------------------------
|
||||
|
||||
RSA verification functions also no longer take random generator arguments (this
|
||||
was only needed when using a private key). This affects all applications using
|
||||
the RSA verify functions.
|
||||
|
||||
RNG is now mandatory in all RSA private key operations
|
||||
------------------------------------------------------
|
||||
|
||||
The random generator is now mandatory for blinding in all RSA private-key
|
||||
operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
|
||||
`mbedtls_rsa_xxx_decrypt`) as well as for encryption
|
||||
(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
|
||||
supported.
|
|
@ -0,0 +1,11 @@
|
|||
Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
|
||||
-------------------------------------------
|
||||
|
||||
This change does not affect users who used the default `config.h`, as the option
|
||||
MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
|
||||
|
||||
This option was a trade-off between functionality and code size: it allowed
|
||||
users who didn't need that feature to avoid paying the cost in code size, by
|
||||
disabling it.
|
||||
|
||||
This option is no longer present, but its functionality is now always enabled.
|
|
@ -0,0 +1,11 @@
|
|||
Remove suport for TLS 1.0, 1.1 and DTLS 1.0
|
||||
-------------------------------------------
|
||||
|
||||
This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols.
|
||||
|
||||
The versions of (D)TLS that are being removed are not as secure as the latest
|
||||
versions. Keeping them in the library creates opportunities for misconfiguration
|
||||
and possibly downgrade attacks. More generally, more code means a larger attack
|
||||
surface, even if the code is supposedly not used.
|
||||
|
||||
The migration path is to adopt the latest versions of the protocol.
|
|
@ -52,14 +52,14 @@
|
|||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
|
||||
#if !defined(MBEDTLS_ARIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ARIA_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief The ARIA context-type definition.
|
||||
*/
|
||||
|
|
|
@ -621,16 +621,6 @@
|
|||
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) || \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) && \
|
||||
!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
|
||||
|
@ -641,8 +631,7 @@
|
|||
#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) ||\
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
|
@ -659,7 +648,6 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -677,16 +665,10 @@
|
|||
#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
|
||||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -718,21 +700,12 @@
|
|||
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
|
||||
( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
|
||||
#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
|
||||
#endif
|
||||
|
@ -741,10 +714,6 @@
|
|||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && !defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||
|
@ -859,6 +828,13 @@
|
|||
#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1 (TLS v1.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) //no-check-names
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
|
|
|
@ -1530,9 +1530,7 @@
|
|||
*
|
||||
* This only affects CBC ciphersuites, and is useless if none is defined.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for Encrypt-then-MAC
|
||||
*/
|
||||
|
@ -1548,32 +1546,12 @@
|
|||
* renegotiation), since it actually fixes a more fundamental issue in the
|
||||
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_1 or
|
||||
* MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for Extended Master Secret.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_FALLBACK_SCSV
|
||||
*
|
||||
* Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
|
||||
* for Preventing Protocol Downgrade Attacks.
|
||||
*
|
||||
* For servers, it is recommended to always enable this, unless you support
|
||||
* only one version of TLS, or know for sure that none of your clients
|
||||
* implements a fallback strategy.
|
||||
*
|
||||
* For clients, you only need this if you're using a fallback strategy, which
|
||||
* is not recommended in the first place, unless you absolutely need it to
|
||||
* interoperate with buggy (version-intolerant) servers.
|
||||
*
|
||||
* Comment this macro to disable support for FALLBACK_SCSV
|
||||
*/
|
||||
#define MBEDTLS_SSL_FALLBACK_SCSV
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
*
|
||||
|
@ -1596,18 +1574,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
*
|
||||
* Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
|
||||
*
|
||||
* This is a countermeasure to the BEAST attack, which also minimizes the risk
|
||||
* of interoperability issues compared to sending 0-length records.
|
||||
*
|
||||
* Comment this macro to disable 1/n-1 record splitting.
|
||||
*/
|
||||
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_RENEGOTIATION
|
||||
*
|
||||
|
@ -1649,30 +1615,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||
*
|
||||
* Enable support for TLS 1.0.
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.0
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROTO_TLS1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_1
|
||||
*
|
||||
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
|
||||
*
|
||||
* Requires: MBEDTLS_MD5_C
|
||||
* MBEDTLS_SHA1_C
|
||||
*
|
||||
* Comment this macro to disable support for TLS 1.1 / DTLS 1.0
|
||||
*/
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_1
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
|
@ -1709,11 +1651,9 @@
|
|||
*
|
||||
* Enable support for DTLS (all available versions).
|
||||
*
|
||||
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
|
||||
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
|
||||
* Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
|
||||
* or MBEDTLS_SSL_PROTO_TLS1_2
|
||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||
*
|
||||
* Comment this macro to disable support for DTLS
|
||||
*/
|
||||
|
@ -1808,17 +1748,6 @@
|
|||
*/
|
||||
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
||||
*
|
||||
* Enable support for a limit of records with bad MAC.
|
||||
*
|
||||
* See mbedtls_ssl_conf_dtls_badmac_limit().
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_DTLS
|
||||
*/
|
||||
#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_SESSION_TICKETS
|
||||
*
|
||||
|
@ -2738,10 +2667,9 @@
|
|||
* library/pem.c
|
||||
* library/ssl_tls.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
|
||||
* depending on the handshake parameters. Further, it is used for checking
|
||||
* MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
|
||||
* encrypted keys.
|
||||
* This module is required for TLS 1.2 depending on the handshake parameters.
|
||||
* Further, it is used for checking MD5-signed certificates, and for PBKDF1
|
||||
* when decrypting PEM-encoded encrypted keys.
|
||||
*
|
||||
* \warning MD5 is considered a weak message digest and its use constitutes a
|
||||
* security risk. If possible, we recommend avoiding dependencies on
|
||||
|
@ -3061,8 +2989,8 @@
|
|||
* library/ssl_tls.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
* This module is required for TLS 1.2 depending on the handshake parameters,
|
||||
* and for SHA1-signed certificates.
|
||||
*
|
||||
* \warning SHA-1 is considered a weak message digest and its use constitutes
|
||||
* a security risk. If possible, we recommend avoiding dependencies
|
||||
|
|
|
@ -235,7 +235,7 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
|
|||
size_t output_max_len );
|
||||
typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig );
|
||||
typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
|
||||
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
||||
|
|
|
@ -58,8 +58,6 @@
|
|||
/*
|
||||
* RSA constants
|
||||
*/
|
||||
#define MBEDTLS_RSA_PUBLIC 0 /**< Request private key operation. */
|
||||
#define MBEDTLS_RSA_PRIVATE 1 /**< Request public key operation. */
|
||||
|
||||
#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */
|
||||
#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */
|
||||
|
@ -424,7 +422,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
|
|||
*
|
||||
* \param ctx The initialized RSA context used to hold the key.
|
||||
* \param f_rng The RNG function to be used for key generation.
|
||||
* This must not be \c NULL.
|
||||
* This is mandatory and must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng.
|
||||
* This may be \c NULL if \p f_rng doesn't need a context.
|
||||
* \param nbits The size of the public key in bits.
|
||||
|
@ -545,11 +543,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
* of a PRNG.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function, used for blinding. It is discouraged
|
||||
* and deprecated to pass \c NULL here, in which case
|
||||
* blinding will be omitted.
|
||||
* \param f_rng The RNG function, used for blinding. It is mandatory.
|
||||
* \param p_rng The RNG context to pass to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
|
||||
* if \p f_rng doesn't need a context.
|
||||
* \param input The input buffer. This must be a readable buffer
|
||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||
* for an 2048-bit RSA modulus.
|
||||
|
@ -572,29 +568,13 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* operation.
|
||||
*
|
||||
* It is the generic wrapper for performing a PKCS#1 encryption
|
||||
* operation using the \p mode from the context.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
* operation.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
|
||||
* encoding, and for PKCS#1 v1.5 padding encoding when used
|
||||
* with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
|
||||
* padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
|
||||
* it is used for blinding and should be provided in this
|
||||
* case; see mbedtls_rsa_private() for more.
|
||||
* \param f_rng The RNG to use. It is used for padding generation
|
||||
* and it is mandatory.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. May be
|
||||
* \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
|
||||
* need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \c NULL if \p f_rng doesn't need a context argument.
|
||||
* \param ilen The length of the plaintext in Bytes.
|
||||
* \param input The input data to encrypt. This must be a readable
|
||||
* buffer of size \p ilen Bytes. It may be \c NULL if
|
||||
|
@ -609,7 +589,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode, size_t ilen,
|
||||
size_t ilen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
|
@ -617,25 +597,11 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 encryption operation
|
||||
* (RSAES-PKCS1-v1_5-ENCRYPT).
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. It is needed for padding generation
|
||||
* if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
|
||||
* #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
|
||||
* blinding and should be provided; see mbedtls_rsa_private().
|
||||
* \param f_rng The RNG function to use. It is mandatory and used for
|
||||
* padding generation.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng is \c NULL or if \p f_rng
|
||||
* doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
* \param ilen The length of the plaintext in Bytes.
|
||||
* \param input The input data to encrypt. This must be a readable
|
||||
* buffer of size \p ilen Bytes. It may be \c NULL if
|
||||
|
@ -650,7 +616,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode, size_t ilen,
|
||||
size_t ilen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
|
@ -661,22 +627,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
* \note The output buffer must be as large as the size
|
||||
* of ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initnialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. This is needed for padding
|
||||
* generation and must be provided.
|
||||
* generation and is mandatory.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may
|
||||
* be \c NULL if \p f_rng doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param label The buffer holding the custom label to use.
|
||||
* This must be a readable buffer of length \p label_len
|
||||
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||
|
@ -695,7 +650,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
const unsigned char *label, size_t label_len,
|
||||
size_t ilen,
|
||||
const unsigned char *input,
|
||||
|
@ -716,10 +670,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
* the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. This is used for blinding and should
|
||||
* be provided; see mbedtls_rsa_private() for more.
|
||||
* \param f_rng The RNG function. This is used for blinding and is
|
||||
* mandatory; see mbedtls_rsa_private() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \c NULL if \p f_rng doesn't need a context.
|
||||
* \param olen The address at which to store the length of
|
||||
* the plaintext. This must not be \c NULL.
|
||||
* \param input The ciphertext buffer. This must be a readable buffer
|
||||
|
@ -752,10 +706,10 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
* the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. This is used for blinding and should
|
||||
* be provided; see mbedtls_rsa_private() for more.
|
||||
* \param f_rng The RNG function. This is used for blinding and is
|
||||
* mandatory; see mbedtls_rsa_private() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \c NULL if \p f_rng doesn't need a context.
|
||||
* \param olen The address at which to store the length of
|
||||
* the plaintext. This must not be \c NULL.
|
||||
* \param input The ciphertext buffer. This must be a readable buffer
|
||||
|
@ -790,10 +744,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. This is used for blinding and should
|
||||
* be provided; see mbedtls_rsa_private() for more.
|
||||
* \param f_rng The RNG function. This is used for blinding and is
|
||||
* mandatory.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \c NULL if \p f_rng doesn't need a context.
|
||||
* \param label The buffer holding the custom label to use.
|
||||
* This must be a readable buffer of length \p label_len
|
||||
* Bytes. It may be \c NULL if \p label_len is \c 0.
|
||||
|
@ -824,7 +778,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
* a message digest using PKCS#1.
|
||||
*
|
||||
* It is the generic wrapper for performing a PKCS#1
|
||||
* signature using the \p mode from the context.
|
||||
* signature.
|
||||
*
|
||||
* \note The \p sig buffer must be as large as the size
|
||||
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
|
||||
|
@ -833,25 +787,11 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
* mbedtls_rsa_rsassa_pss_sign() for details on
|
||||
* \p md_alg and \p hash_id.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PRIVATE.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
|
||||
* this must be provided. If the padding mode is PKCS#1 v1.5 and
|
||||
* \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
|
||||
* and should be provided; see mbedtls_rsa_private() for more
|
||||
* more. It is ignored otherwise.
|
||||
* \param f_rng The RNG function to use. This is mandatory and
|
||||
* must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -872,7 +812,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -882,24 +821,11 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 signature
|
||||
* operation (RSASSA-PKCS1-v1_5-SIGN).
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PRIVATE.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. If \p mode is
|
||||
* #MBEDTLS_RSA_PUBLIC, it is ignored.
|
||||
* \param f_rng The RNG function. This is used for blinding and is
|
||||
* mandatory; see mbedtls_rsa_private() for more.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng is \c NULL or doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -920,7 +846,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -945,7 +870,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. It must not be \c NULL.
|
||||
* \param f_rng The RNG function. It is mandatory and must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
|
@ -1000,21 +925,10 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
|||
* the key size in bytes), this function returns
|
||||
* #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PRIVATE.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA context to use.
|
||||
* \param f_rng The RNG function. It must not be \c NULL.
|
||||
* \param f_rng The RNG function. It is mandatory and must not be \c NULL.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
|
||||
* if \p f_rng doesn't need a context argument.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -1035,7 +949,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -1046,29 +959,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
* the message digest.
|
||||
*
|
||||
* This is the generic wrapper for performing a PKCS#1
|
||||
* verification using the mode from the context.
|
||||
* verification.
|
||||
*
|
||||
* \note For PKCS#1 v2.1 encoding, see comments on
|
||||
* mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
|
||||
* \p hash_id.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -1086,9 +983,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -1098,23 +992,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
* \brief This function performs a PKCS#1 v1.5 verification
|
||||
* operation (RSASSA-PKCS1-v1_5-VERIFY).
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -1132,9 +1010,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -1155,23 +1030,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
* same. If \p hash_id in the RSA context is unset,
|
||||
* the \p md_alg from the function call is used.
|
||||
*
|
||||
* \deprecated It is deprecated and discouraged to call this function
|
||||
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
|
||||
* are likely to remove the \p mode argument and have it
|
||||
* implicitly set to #MBEDTLS_RSA_PUBLIC.
|
||||
*
|
||||
* \note Alternative implementations of RSA need not support
|
||||
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
|
||||
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
|
||||
*
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -1189,9 +1048,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -1210,13 +1066,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
* \note The \p hash_id in the RSA context is ignored.
|
||||
*
|
||||
* \param ctx The initialized RSA public key context to use.
|
||||
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
|
||||
* this is used for blinding and should be provided; see
|
||||
* mbedtls_rsa_private() for more. Otherwise, it is ignored.
|
||||
* \param p_rng The RNG context to be passed to \p f_rng. This may be
|
||||
* \c NULL if \p f_rng is \c NULL or doesn't need a context.
|
||||
* \param mode The mode of operation. This must be either
|
||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
|
||||
* \param md_alg The message-digest algorithm used to hash the original data.
|
||||
* Use #MBEDTLS_MD_NONE for signing raw data.
|
||||
* \param hashlen The length of the message digest.
|
||||
|
@ -1237,9 +1086,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
|
|
@ -132,8 +132,8 @@
|
|||
* - RFC 8446: see section 4.2.1
|
||||
*/
|
||||
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 deprecated */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 deprecated */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
|
||||
|
||||
|
@ -157,9 +157,6 @@
|
|||
#define MBEDTLS_SSL_IS_CLIENT 0
|
||||
#define MBEDTLS_SSL_IS_SERVER 1
|
||||
|
||||
#define MBEDTLS_SSL_IS_NOT_FALLBACK 0
|
||||
#define MBEDTLS_SSL_IS_FALLBACK 1
|
||||
|
||||
#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
|
||||
#define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
|
||||
|
||||
|
@ -199,9 +196,6 @@
|
|||
#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
|
||||
#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
|
||||
|
||||
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
|
||||
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
|
||||
|
||||
#define MBEDTLS_SSL_PRESET_DEFAULT 0
|
||||
#define MBEDTLS_SSL_PRESET_SUITEB 2
|
||||
|
||||
|
@ -283,7 +277,6 @@
|
|||
* Signaling ciphersuite values (SCSV)
|
||||
*/
|
||||
#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
|
||||
#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */
|
||||
|
||||
/*
|
||||
* Supported Signature and Hash algorithms (For TLS 1.2)
|
||||
|
@ -1159,9 +1152,7 @@ struct mbedtls_ssl_config
|
|||
that triggers renegotiation */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
|
||||
|
@ -1193,9 +1184,6 @@ struct mbedtls_ssl_config
|
|||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
|
||||
#endif
|
||||
|
@ -1205,9 +1193,6 @@ struct mbedtls_ssl_config
|
|||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
|
||||
Certificate Request messages? */
|
||||
|
@ -1240,10 +1225,7 @@ struct mbedtls_ssl_context
|
|||
|
||||
int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
||||
int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/** Callback to customize X.509 certificate chain verification */
|
||||
|
@ -1357,10 +1339,6 @@ struct mbedtls_ssl_context
|
|||
uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
/*
|
||||
* PKI layer
|
||||
*/
|
||||
|
@ -2279,7 +2257,6 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
|||
void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
/**
|
||||
* \brief Set a limit on the number of records with a bad MAC
|
||||
* before terminating the connection.
|
||||
|
@ -2304,7 +2281,6 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
|
|||
* many bogus packets.
|
||||
*/
|
||||
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
||||
|
@ -2599,12 +2575,10 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
|
|||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
* supported)
|
||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_2,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||
* \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3
|
||||
* supported)
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
|
||||
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*/
|
||||
void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites,
|
||||
|
@ -3254,8 +3228,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
|
|||
*
|
||||
* \note This ignores ciphersuites from higher versions.
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
|
@ -3266,13 +3239,12 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
|
|||
|
||||
/**
|
||||
* \brief Set the minimum accepted SSL/TLS protocol version
|
||||
* (Default: TLS 1.0)
|
||||
* (Default: TLS 1.2)
|
||||
*
|
||||
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
|
||||
* SSL_MIN_XXXXX_VERSION range is ignored.
|
||||
*
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
|
@ -3282,29 +3254,6 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
|
|||
*/
|
||||
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Set the fallback flag (client-side only).
|
||||
* (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
|
||||
*
|
||||
* \note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
|
||||
* connection, that is a connection with max_version set to a
|
||||
* lower value than the value you're willing to use. Such
|
||||
* fallback connections are not recommended but are sometimes
|
||||
* necessary to interoperate with buggy (version-intolerant)
|
||||
* servers.
|
||||
*
|
||||
* \warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
|
||||
* non-fallback connections! This would appear to work for a
|
||||
* while, then cause failures when the server is upgraded to
|
||||
* support a newer TLS version.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
|
||||
*/
|
||||
void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
|
||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
/**
|
||||
* \brief Enable or disable Encrypt-then-MAC
|
||||
|
@ -3399,21 +3348,6 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c
|
|||
void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
/**
|
||||
* \brief Enable / Disable 1/n-1 record splitting
|
||||
* (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
|
||||
*
|
||||
* \note Only affects TLS 1.0, not higher versions.
|
||||
* Does not affect non-CBC ciphersuites in any version.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
|
||||
* MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Enable / Disable session tickets (client only).
|
||||
|
|
|
@ -921,7 +921,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
|
|||
{ \
|
||||
if( verbose ) \
|
||||
mbedtls_printf( "failed\n" ); \
|
||||
return( 1 ); \
|
||||
goto exit; \
|
||||
} else { \
|
||||
if( verbose ) \
|
||||
mbedtls_printf( "passed\n" ); \
|
||||
|
@ -935,6 +935,7 @@ int mbedtls_aria_self_test( int verbose )
|
|||
int i;
|
||||
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
|
||||
mbedtls_aria_context ctx;
|
||||
int ret = 1;
|
||||
|
||||
#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR))
|
||||
size_t j;
|
||||
|
@ -946,6 +947,8 @@ int mbedtls_aria_self_test( int verbose )
|
|||
uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
|
||||
#endif
|
||||
|
||||
mbedtls_aria_init( &ctx );
|
||||
|
||||
/*
|
||||
* Test set 1
|
||||
*/
|
||||
|
@ -1065,7 +1068,11 @@ int mbedtls_aria_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
return( 0 );
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_aria_free( &ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -942,9 +942,11 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
unsigned char nonce_counter[16];
|
||||
unsigned char stream_block[16];
|
||||
#endif
|
||||
int ret = 1;
|
||||
|
||||
mbedtls_camellia_context ctx;
|
||||
|
||||
mbedtls_camellia_init( &ctx );
|
||||
memset( key, 0, 32 );
|
||||
|
||||
for( j = 0; j < 6; j++ ) {
|
||||
|
@ -974,8 +976,7 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1027,8 +1028,7 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1071,8 +1071,7 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
@ -1087,8 +1086,7 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1100,7 +1098,11 @@ int mbedtls_camellia_self_test( int verbose )
|
|||
mbedtls_printf( "\n" );
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
return( 0 );
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
mbedtls_camellia_free( &ctx );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
|
|
@ -367,11 +367,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
|
||||
ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
|
||||
NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
md_alg, (unsigned int) hash_len, hash,
|
||||
pss_opts->mgf1_hash_id,
|
||||
pss_opts->expected_salt_len,
|
||||
sig );
|
||||
md_alg, (unsigned int) hash_len, hash,
|
||||
pss_opts->mgf1_hash_id,
|
||||
pss_opts->expected_salt_len,
|
||||
sig );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
|
@ -90,9 +90,9 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
if( sig_len < rsa_len )
|
||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
|
||||
MBEDTLS_RSA_PUBLIC, md_alg,
|
||||
(unsigned int) hash_len, hash, sig ) ) != 0 )
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg,
|
||||
(unsigned int) hash_len,
|
||||
hash, sig ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* The buffer contains a valid signature followed by extra data.
|
||||
|
@ -120,8 +120,9 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
|
||||
*sig_len = mbedtls_rsa_get_len( rsa );
|
||||
|
||||
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
||||
md_alg, (unsigned int) hash_len, hash, sig ) );
|
||||
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng,
|
||||
md_alg, (unsigned int) hash_len,
|
||||
hash, sig ) );
|
||||
}
|
||||
|
||||
static int rsa_decrypt_wrap( void *ctx,
|
||||
|
@ -149,7 +150,7 @@ static int rsa_encrypt_wrap( void *ctx,
|
|||
if( *olen > osize )
|
||||
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
|
||||
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
|
||||
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
|
||||
ilen, input, output ) );
|
||||
}
|
||||
|
||||
|
@ -770,7 +771,7 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||
if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
||||
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng,
|
||||
md_alg, (unsigned int) hash_len, hash, sig ) );
|
||||
}
|
||||
|
||||
|
|
|
@ -2918,7 +2918,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
|
|||
mbedtls_rsa_pkcs1_encrypt( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PUBLIC,
|
||||
input_length,
|
||||
input,
|
||||
output ) );
|
||||
|
@ -2933,7 +2932,6 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
|
|||
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PUBLIC,
|
||||
salt, salt_length,
|
||||
input_length,
|
||||
input,
|
||||
|
@ -4820,7 +4818,8 @@ psa_status_t psa_generate_key_internal(
|
|||
}
|
||||
else
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||
{
|
||||
return( mbedtls_psa_rsa_generate_key( attributes,
|
||||
|
@ -4829,7 +4828,8 @@ psa_status_t psa_generate_key_internal(
|
|||
key_buffer_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
|
||||
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
|
||||
|
|
|
@ -274,7 +274,8 @@ static psa_status_t rsa_export_public_key(
|
|||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
||||
|
||||
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
|
||||
size_t domain_parameters_size,
|
||||
int *exponent )
|
||||
|
@ -332,7 +333,8 @@ static psa_status_t rsa_generate_key(
|
|||
|
||||
return( status );
|
||||
}
|
||||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
/****************************************************************/
|
||||
/* Sign/verify hashes */
|
||||
|
@ -419,7 +421,6 @@ static psa_status_t rsa_sign_hash(
|
|||
ret = mbedtls_rsa_pkcs1_sign( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PRIVATE,
|
||||
md_alg,
|
||||
(unsigned int) hash_length,
|
||||
hash,
|
||||
|
@ -434,7 +435,6 @@ static psa_status_t rsa_sign_hash(
|
|||
ret = mbedtls_rsa_rsassa_pss_sign( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PRIVATE,
|
||||
MBEDTLS_MD_NONE,
|
||||
(unsigned int) hash_length,
|
||||
hash,
|
||||
|
@ -492,9 +492,6 @@ static psa_status_t rsa_verify_hash(
|
|||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
|
||||
MBEDTLS_MD_NONE );
|
||||
ret = mbedtls_rsa_pkcs1_verify( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PUBLIC,
|
||||
md_alg,
|
||||
(unsigned int) hash_length,
|
||||
hash,
|
||||
|
@ -507,9 +504,6 @@ static psa_status_t rsa_verify_hash(
|
|||
{
|
||||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
||||
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
MBEDTLS_RSA_PUBLIC,
|
||||
MBEDTLS_MD_NONE,
|
||||
(unsigned int) hash_length,
|
||||
hash,
|
||||
|
@ -565,7 +559,8 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
|||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
|
||||
defined(MBEDTLS_GENPRIME)
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
|
||||
|
@ -573,7 +568,8 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
|||
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
|
||||
key_buffer_length ) );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
|
||||
* defined(MBEDTLS_GENPRIME) */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
|
|
171
library/rsa.c
171
library/rsa.c
|
@ -1156,7 +1156,6 @@ exit:
|
|||
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
const unsigned char *label, size_t label_len,
|
||||
size_t ilen,
|
||||
const unsigned char *input,
|
||||
|
@ -1170,15 +1169,10 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
mbedtls_md_context_t md_ctx;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1232,9 +1226,7 @@ exit:
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( ( mode == MBEDTLS_RSA_PUBLIC )
|
||||
? mbedtls_rsa_public( ctx, output, output )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
|
||||
return( mbedtls_rsa_public( ctx, output, output ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
||||
|
@ -1244,8 +1236,7 @@ exit:
|
|||
*/
|
||||
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode, size_t ilen,
|
||||
void *p_rng, size_t ilen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
|
@ -1254,14 +1245,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
unsigned char *p = output;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
olen = ctx->len;
|
||||
|
||||
/* first comparison checks for overflow */
|
||||
|
@ -1271,43 +1257,32 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
nb_pad = olen - 3 - ilen;
|
||||
|
||||
*p++ = 0;
|
||||
if( mode == MBEDTLS_RSA_PUBLIC )
|
||||
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
*p++ = MBEDTLS_RSA_CRYPT;
|
||||
|
||||
while( nb_pad-- > 0 )
|
||||
{
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
int rng_dl = 100;
|
||||
|
||||
*p++ = MBEDTLS_RSA_CRYPT;
|
||||
do {
|
||||
ret = f_rng( p_rng, p, 1 );
|
||||
} while( *p == 0 && --rng_dl && ret == 0 );
|
||||
|
||||
while( nb_pad-- > 0 )
|
||||
{
|
||||
int rng_dl = 100;
|
||||
/* Check if RNG failed to generate data */
|
||||
if( rng_dl == 0 || ret != 0 )
|
||||
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
|
||||
|
||||
do {
|
||||
ret = f_rng( p_rng, p, 1 );
|
||||
} while( *p == 0 && --rng_dl && ret == 0 );
|
||||
|
||||
/* Check if RNG failed to generate data */
|
||||
if( rng_dl == 0 || ret != 0 )
|
||||
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
|
||||
|
||||
p++;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
*p++ = MBEDTLS_RSA_SIGN;
|
||||
|
||||
while( nb_pad-- > 0 )
|
||||
*p++ = 0xFF;
|
||||
p++;
|
||||
}
|
||||
|
||||
*p++ = 0;
|
||||
if( ilen != 0 )
|
||||
memcpy( p, input, ilen );
|
||||
|
||||
return( ( mode == MBEDTLS_RSA_PUBLIC )
|
||||
? mbedtls_rsa_public( ctx, output, output )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
|
||||
return( mbedtls_rsa_public( ctx, output, output ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
|
||||
|
@ -1317,13 +1292,11 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode, size_t ilen,
|
||||
size_t ilen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
|
@ -1331,14 +1304,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
case MBEDTLS_RSA_PKCS_V15:
|
||||
return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
|
||||
input, output );
|
||||
return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
|
||||
ilen, input, output );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
case MBEDTLS_RSA_PKCS_V21:
|
||||
return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
|
||||
ilen, input, output );
|
||||
return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0,
|
||||
ilen, input, output );
|
||||
#endif
|
||||
|
||||
default:
|
||||
|
@ -1771,7 +1744,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -1787,14 +1759,12 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( f_rng == NULL )
|
||||
|
@ -1895,9 +1865,7 @@ exit:
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( ( mode == MBEDTLS_RSA_PUBLIC )
|
||||
? mbedtls_rsa_public( ctx, sig, sig )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
|
||||
return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1913,7 +1881,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
|||
int saltlen,
|
||||
unsigned char *sig )
|
||||
{
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
|
||||
hashlen, hash, saltlen, sig );
|
||||
}
|
||||
|
||||
|
@ -1924,13 +1892,12 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig )
|
||||
{
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
|
||||
return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
|
||||
hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
@ -2076,7 +2043,6 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
|
|||
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -2086,14 +2052,12 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
unsigned char *sig_try = NULL, *verif = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
|
@ -2104,16 +2068,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
ctx->len, sig ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/*
|
||||
* Call respective RSA primitive
|
||||
*/
|
||||
|
||||
if( mode == MBEDTLS_RSA_PUBLIC )
|
||||
{
|
||||
/* Skip verification on a public key operation */
|
||||
return( mbedtls_rsa_public( ctx, sig, sig ) );
|
||||
}
|
||||
|
||||
/* Private key operation
|
||||
*
|
||||
* In order to prevent Lenstra's attack, make the signature in a
|
||||
|
@ -2156,15 +2110,12 @@ cleanup:
|
|||
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
@ -2174,14 +2125,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
case MBEDTLS_RSA_PKCS_V15:
|
||||
return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
|
||||
hashlen, hash, sig );
|
||||
return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng,
|
||||
md_alg, hashlen, hash, sig );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
case MBEDTLS_RSA_PKCS_V21:
|
||||
return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
|
||||
hashlen, hash, sig );
|
||||
return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
|
||||
hashlen, hash, sig );
|
||||
#endif
|
||||
|
||||
default:
|
||||
|
@ -2194,9 +2145,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -2217,24 +2165,17 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
siglen = ctx->len;
|
||||
|
||||
if( siglen < 16 || siglen > sizeof( buf ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
ret = ( mode == MBEDTLS_RSA_PUBLIC )
|
||||
? mbedtls_rsa_public( ctx, sig, buf )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
|
||||
ret = mbedtls_rsa_public( ctx, sig, buf );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -2344,9 +2285,6 @@ exit:
|
|||
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -2354,8 +2292,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
mbedtls_md_type_t mgf1_hash_id;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
|
@ -2365,10 +2301,11 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
? (mbedtls_md_type_t) ctx->hash_id
|
||||
: md_alg;
|
||||
|
||||
return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
|
||||
md_alg, hashlen, hash,
|
||||
mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
sig ) );
|
||||
return( mbedtls_rsa_rsassa_pss_verify_ext( ctx,
|
||||
md_alg, hashlen, hash,
|
||||
mgf1_hash_id,
|
||||
MBEDTLS_RSA_SALT_LEN_ANY,
|
||||
sig ) );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
@ -2378,9 +2315,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
* Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
|
||||
*/
|
||||
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
|
@ -2391,8 +2325,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
|
@ -2400,9 +2332,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
|
||||
sig_len = ctx->len;
|
||||
|
||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
/*
|
||||
* Prepare expected PKCS1 v1.5 encoding of hash.
|
||||
*/
|
||||
|
@ -2422,9 +2351,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
* Apply RSA primitive to get what should be PKCS1 encoded hash.
|
||||
*/
|
||||
|
||||
ret = ( mode == MBEDTLS_RSA_PUBLIC )
|
||||
? mbedtls_rsa_public( ctx, sig, encoded )
|
||||
: mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
|
||||
ret = mbedtls_rsa_public( ctx, sig, encoded );
|
||||
if( ret != 0 )
|
||||
goto cleanup;
|
||||
|
||||
|
@ -2461,17 +2388,12 @@ cleanup:
|
|||
* Do an RSA operation and check the message digest
|
||||
*/
|
||||
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng,
|
||||
int mode,
|
||||
mbedtls_md_type_t md_alg,
|
||||
unsigned int hashlen,
|
||||
const unsigned char *hash,
|
||||
const unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||
mode == MBEDTLS_RSA_PUBLIC );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
|
@ -2481,14 +2403,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
case MBEDTLS_RSA_PKCS_V15:
|
||||
return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
|
||||
hashlen, hash, sig );
|
||||
return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
|
||||
hashlen, hash, sig );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
case MBEDTLS_RSA_PKCS_V21:
|
||||
return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
|
||||
hashlen, hash, sig );
|
||||
return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
|
||||
hashlen, hash, sig );
|
||||
#endif
|
||||
|
||||
default:
|
||||
|
@ -2691,7 +2613,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
|
||||
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
|
||||
|
||||
if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL,
|
||||
PT_LEN, rsa_plaintext,
|
||||
rsa_ciphertext ) != 0 )
|
||||
{
|
||||
|
@ -2741,7 +2663,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
}
|
||||
|
||||
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
|
||||
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
|
||||
MBEDTLS_MD_SHA1, 0,
|
||||
sha1sum, rsa_ciphertext ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
|
@ -2754,8 +2676,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
|
||||
|
||||
if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
|
||||
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
|
||||
if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0,
|
||||
sha1sum, rsa_ciphertext ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
|
|
|
@ -1206,19 +1206,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
n++;
|
||||
}
|
||||
|
||||
/* Some versions of OpenSSL don't handle it correctly if not at end */
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
|
||||
n++;
|
||||
}
|
||||
#endif
|
||||
|
||||
*q++ = (unsigned char)( n >> 7 );
|
||||
*q++ = (unsigned char)( n << 1 );
|
||||
|
||||
|
@ -2843,8 +2830,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( len_bytes == 2 )
|
||||
{
|
||||
ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
|
||||
|
@ -3238,17 +3224,6 @@ start_processing:
|
|||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||
|
||||
/* Default hash for ECDSA is SHA-1 */
|
||||
if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -3285,19 +3260,7 @@ start_processing:
|
|||
/*
|
||||
* Compute the hash that has been signed
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
hashlen = 36;
|
||||
ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
|
||||
params_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
|
||||
|
@ -3307,8 +3270,7 @@ start_processing:
|
|||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -4113,35 +4075,6 @@ sign:
|
|||
|
||||
ssl->handshake->calc_verify( ssl, hash, &hashlen );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
* opaque md5_hash[16];
|
||||
* opaque sha_hash[20];
|
||||
* };
|
||||
*
|
||||
* md5_hash
|
||||
* MD5(handshake_messages);
|
||||
*
|
||||
* sha_hash
|
||||
* SHA(handshake_messages);
|
||||
*/
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
|
||||
/*
|
||||
* For ECDSA, default hash is SHA-1 only
|
||||
*/
|
||||
if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
|
||||
{
|
||||
hash_start += 16;
|
||||
hashlen -= 16;
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
|
|
|
@ -41,8 +41,7 @@
|
|||
|
||||
/*
|
||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
||||
* available. Try SHA-256 first, 512 wastes resources since we need to stay
|
||||
* with max 32 bytes of cookie for DTLS 1.0
|
||||
* available. Try SHA-256 first, 512 wastes resources
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define COOKIE_MD MBEDTLS_MD_SHA224
|
||||
|
|
|
@ -68,19 +68,11 @@
|
|||
/* Determine minimum supported version */
|
||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
/* Determine maximum supported version */
|
||||
|
@ -88,15 +80,6 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2
|
||||
#else
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* Shorthand for restartable ECC */
|
||||
|
@ -130,13 +113,7 @@
|
|||
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
||||
/* This macro determines whether CBC is supported. */
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
|
||||
|
@ -153,11 +130,9 @@
|
|||
#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
|
||||
#endif
|
||||
|
||||
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
|
||||
/* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
||||
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
|
||||
#endif
|
||||
|
||||
|
@ -166,7 +141,7 @@
|
|||
#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
/* Ciphersuites using HMAC */
|
||||
|
@ -550,10 +525,6 @@ struct mbedtls_ssl_handshake_params
|
|||
/*
|
||||
* Checksum contexts
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_context fin_md5;
|
||||
mbedtls_sha1_context fin_sha1;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -1202,21 +1173,13 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t
|
|||
return( diff );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
mbedtls_md_type_t md_alg );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -519,9 +519,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
#endif
|
||||
|
||||
/* The PRNG is used for dynamic IV generation that's used
|
||||
* for CBC transformations in TLS 1.1 and TLS 1.2. */
|
||||
* for CBC transformations in TLS 1.2. */
|
||||
#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
|
||||
( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) )
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
#endif
|
||||
|
@ -644,8 +644,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
|
@ -835,12 +834,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
rec->data_len += padlen + 1;
|
||||
post_avail -= padlen + 1;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Prepend per-record IV for block cipher in TLS v1.1 and up as per
|
||||
* Prepend per-record IV for block cipher in TLS v1.2 as per
|
||||
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
if( f_rng == NULL )
|
||||
{
|
||||
|
@ -865,7 +864,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
transform->ivlen );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||
"including %" MBEDTLS_PRINTF_SIZET
|
||||
|
@ -889,22 +888,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
/*
|
||||
* Save IV in TLS1
|
||||
*/
|
||||
memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv,
|
||||
transform->ivlen );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
data -= transform->ivlen;
|
||||
rec->data_offset -= transform->ivlen;
|
||||
rec->data_len += transform->ivlen;
|
||||
}
|
||||
data -= transform->ivlen;
|
||||
rec->data_offset -= transform->ivlen;
|
||||
rec->data_len += transform->ivlen;
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( auth_done == 0 )
|
||||
|
@ -1381,8 +1367,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
/*
|
||||
* Check immediate ciphertext sanity
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* The ciphertext is prefixed with the CBC IV. */
|
||||
minlen += transform->ivlen;
|
||||
|
@ -1487,11 +1473,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Initialize for prepended IV for block cipher in TLS v1.1 and up
|
||||
* Initialize for prepended IV for block cipher in TLS v1.2
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
|
||||
memcpy( transform->iv_dec, data, transform->ivlen );
|
||||
|
@ -1500,7 +1486,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
rec->data_offset += transform->ivlen;
|
||||
rec->data_len -= transform->ivlen;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
|
||||
|
||||
|
@ -1519,20 +1505,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
/*
|
||||
* Save IV in TLS1, where CBC decryption of consecutive
|
||||
* records is equivalent to CBC decryption of the concatenation
|
||||
* of the records; in other words, IVs are maintained across
|
||||
* record decryptions.
|
||||
*/
|
||||
memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv,
|
||||
transform->ivlen );
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Safe since data_len >= minlen + maclen + 1, so after having
|
||||
* subtracted at most minlen and maclen up to this point,
|
||||
* data_len > 0 (because of data_len % ivlen == 0, it's actually
|
||||
|
@ -1573,8 +1545,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
/* Regardless of the validity of the padding,
|
||||
* we have data_len >= padlen here. */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The padding check involves a series of up to 256
|
||||
* consecutive memory reads at the end of the record
|
||||
* plaintext buffer. In order to hide the length and
|
||||
|
@ -1609,8 +1580,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
#endif
|
||||
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* If the padding was found to be invalid, padlen == 0
|
||||
* and the subtraction is safe. If the padding was found valid,
|
||||
|
@ -1657,8 +1627,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||
transform->minor_ver );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* The next two sizes are the minimum and maximum values of
|
||||
* data_len over all padlen values.
|
||||
|
@ -1686,8 +1655,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||
rec->data_len,
|
||||
min_len, max_len,
|
||||
transform->maclen );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
|
||||
|
@ -4531,14 +4499,12 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
if( ssl->conf->badmac_limit != 0 &&
|
||||
++ssl->badmac_seen >= ssl->conf->badmac_limit )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
#endif
|
||||
|
||||
/* As above, invalid records cause
|
||||
* dismissal of the whole datagram. */
|
||||
|
@ -4843,7 +4809,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
|||
static size_t ssl_transform_get_explicit_iv_len(
|
||||
mbedtls_ssl_transform const *transform )
|
||||
{
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
return( 0 );
|
||||
|
||||
return( transform->ivlen - transform->fixed_ivlen );
|
||||
|
@ -5056,12 +5022,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
|||
* more than the block size of the underlying cipher. */
|
||||
transform_expansion += block_size;
|
||||
|
||||
/* For TLS 1.1 or higher, an explicit IV is added
|
||||
/* For TLS 1.2 or higher, an explicit IV is added
|
||||
* after the record header. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
transform_expansion += block_size;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
break;
|
||||
|
||||
|
@ -5201,8 +5167,7 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
|
@ -5213,8 +5178,7 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -5509,44 +5473,6 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||
return( (int) len );
|
||||
}
|
||||
|
||||
/*
|
||||
* Write application data, doing 1/n-1 splitting if necessary.
|
||||
*
|
||||
* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
|
||||
* then the caller will call us again with the same arguments, so
|
||||
* remember whether we already did the split or not.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
static int ssl_write_split( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( ssl->conf->cbc_record_splitting ==
|
||||
MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
|
||||
len <= 1 ||
|
||||
ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
|
||||
mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
|
||||
!= MBEDTLS_MODE_CBC )
|
||||
{
|
||||
return( ssl_write_real( ssl, buf, len ) );
|
||||
}
|
||||
|
||||
if( ssl->split_done == 0 )
|
||||
{
|
||||
if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
|
||||
return( ret );
|
||||
ssl->split_done = 1;
|
||||
}
|
||||
|
||||
if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
|
||||
return( ret );
|
||||
ssl->split_done = 0;
|
||||
|
||||
return( ret + 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
/*
|
||||
* Write application data (public-facing wrapper)
|
||||
*/
|
||||
|
@ -5576,11 +5502,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
ret = ssl_write_split( ssl, buf, len );
|
||||
#else
|
||||
ret = ssl_write_real( ssl, buf, len );
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
|
||||
|
||||
|
|
|
@ -1781,29 +1781,6 @@ read_record_header:
|
|||
ext += 4 + ext_size;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
|
||||
{
|
||||
if( p[0] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
|
||||
p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) & 0xff ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
|
||||
|
||||
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
|
||||
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
|
@ -3171,11 +3148,8 @@ curve_matching_done:
|
|||
|
||||
/*
|
||||
* 2.1: Choose hash algorithm:
|
||||
* A: For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* to choose appropriate hash.
|
||||
* B: For TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
|
||||
* (RFC 4492, Sec. 5.4)
|
||||
* C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
|
||||
* For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* to choose appropriate hash.
|
||||
*/
|
||||
|
||||
mbedtls_md_type_t md_alg;
|
||||
|
@ -3185,7 +3159,7 @@ curve_matching_done:
|
|||
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* A: For TLS 1.2, obey signature-hash-algorithm extension
|
||||
/* For TLS 1.2, obey signature-hash-algorithm extension
|
||||
* (RFC 5246, Sec. 7.4.1.4.1). */
|
||||
if( sig_alg == MBEDTLS_PK_NONE ||
|
||||
( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
|
||||
|
@ -3198,39 +3172,18 @@ curve_matching_done:
|
|||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
{
|
||||
/* B: Default hash SHA1 */
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
{
|
||||
/* C: MD5 + SHA1 */
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
|
||||
|
||||
/*
|
||||
* 2.2: Compute the hash to be signed
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
hashlen = 36;
|
||||
ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
|
||||
dig_signed,
|
||||
dig_signed_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
{
|
||||
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
|
||||
|
@ -3241,8 +3194,7 @@ curve_matching_done:
|
|||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -3556,8 +3508,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Prepare to decrypt the premaster using own private RSA key
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if ( p + 2 > end ) {
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
|
@ -4177,22 +4128,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
* opaque signature<0..2^16-1>;
|
||||
* } DigitallySigned;
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
md_alg = MBEDTLS_MD_NONE;
|
||||
hashlen = 36;
|
||||
|
||||
/* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
|
||||
if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) )
|
||||
{
|
||||
hash_start += 16;
|
||||
hashlen -= 16;
|
||||
md_alg = MBEDTLS_MD_SHA1;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
|
|
|
@ -324,122 +324,6 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static int tls1_prf( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
unsigned char *dstbuf, size_t dlen )
|
||||
{
|
||||
size_t nb, hs;
|
||||
size_t i, j, k;
|
||||
const unsigned char *S1, *S2;
|
||||
unsigned char *tmp;
|
||||
size_t tmp_len = 0;
|
||||
unsigned char h_i[20];
|
||||
const mbedtls_md_info_t *md_info;
|
||||
mbedtls_md_context_t md_ctx;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_md_init( &md_ctx );
|
||||
|
||||
tmp_len = 20 + strlen( label ) + rlen;
|
||||
tmp = mbedtls_calloc( 1, tmp_len );
|
||||
if( tmp == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
hs = ( slen + 1 ) / 2;
|
||||
S1 = secret;
|
||||
S2 = secret + slen - hs;
|
||||
|
||||
nb = strlen( label );
|
||||
memcpy( tmp + 20, label, nb );
|
||||
memcpy( tmp + 20 + nb, random, rlen );
|
||||
nb += rlen;
|
||||
|
||||
/*
|
||||
* First compute P_md5(secret,label+random)[0..dlen]
|
||||
*/
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S1, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
|
||||
for( i = 0; i < dlen; i += 16 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
|
||||
|
||||
k = ( i + 16 > dlen ) ? dlen % 16 : 16;
|
||||
|
||||
for( j = 0; j < k; j++ )
|
||||
dstbuf[i + j] = h_i[j];
|
||||
}
|
||||
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
/*
|
||||
* XOR out with P_sha1(secret,label+random)[0..dlen]
|
||||
*/
|
||||
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_md_hmac_starts( &md_ctx, S2, hs );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
|
||||
for( i = 0; i < dlen; i += 20 )
|
||||
{
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
|
||||
mbedtls_md_hmac_finish( &md_ctx, h_i );
|
||||
|
||||
mbedtls_md_hmac_reset ( &md_ctx );
|
||||
mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
|
||||
mbedtls_md_hmac_finish( &md_ctx, tmp );
|
||||
|
||||
k = ( i + 20 > dlen ) ? dlen % 20 : 20;
|
||||
|
||||
for( j = 0; j < k; j++ )
|
||||
dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_md_free( &md_ctx );
|
||||
|
||||
mbedtls_platform_zeroize( tmp, tmp_len );
|
||||
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||
|
||||
mbedtls_free( tmp );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
|
@ -667,15 +551,6 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
|||
|
||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
||||
static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
|
@ -715,13 +590,6 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
|||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( tls_prf == tls1_prf )
|
||||
{
|
||||
return( MBEDTLS_SSL_TLS_PRF_TLS1 );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( tls_prf == tls_prf_sha384 )
|
||||
|
@ -752,12 +620,6 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
|||
|
||||
switch( prf )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
case MBEDTLS_SSL_TLS_PRF_TLS1:
|
||||
tls_prf = tls1_prf;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
case MBEDTLS_SSL_TLS_PRF_SHA384:
|
||||
|
@ -1023,14 +885,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
- transform->maclen % cipher_info->block_size;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
; /* No need to adjust minlen */
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
transform->minlen += transform->ivlen;
|
||||
}
|
||||
|
@ -1106,8 +962,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
{
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
|
@ -1280,7 +1135,7 @@ end:
|
|||
}
|
||||
|
||||
/*
|
||||
* Set appropriate PRF function and other SSL / TLS 1.0/1.1 / TLS1.2 functions
|
||||
* Set appropriate PRF function and other SSL / TLS1.2 functions
|
||||
*
|
||||
* Inputs:
|
||||
* - SSL/TLS minor version
|
||||
|
@ -1297,15 +1152,6 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
|||
(void) hash;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
handshake->tls_prf = tls1_prf;
|
||||
handshake->calc_verify = ssl_calc_verify_tls;
|
||||
handshake->calc_finished = ssl_calc_finished_tls;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||
|
@ -1546,37 +1392,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash,
|
||||
size_t *hlen )
|
||||
{
|
||||
mbedtls_md5_context md5;
|
||||
mbedtls_sha1_context sha1;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
|
||||
|
||||
mbedtls_md5_init( &md5 );
|
||||
mbedtls_sha1_init( &sha1 );
|
||||
|
||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
||||
|
||||
mbedtls_md5_finish_ret( &md5, hash );
|
||||
mbedtls_sha1_finish_ret( &sha1, hash + 16 );
|
||||
|
||||
*hlen = 36;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
|
||||
|
||||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
return;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
||||
|
@ -2203,8 +2018,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
|||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||
return( -1 );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
|
||||
|
@ -2215,8 +2029,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
return( -1 );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
|
@ -2651,11 +2464,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
((void) ciphersuite_info);
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
|
@ -2676,10 +2484,6 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
|||
|
||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -2703,10 +2507,6 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
|||
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -2725,15 +2525,6 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
|
||||
mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
||||
|
@ -2760,65 +2551,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
|||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
static void ssl_calc_finished_tls(
|
||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||
{
|
||||
int len = 12;
|
||||
const char *sender;
|
||||
mbedtls_md5_context md5;
|
||||
mbedtls_sha1_context sha1;
|
||||
unsigned char padbuf[36];
|
||||
|
||||
mbedtls_ssl_session *session = ssl->session_negotiate;
|
||||
if( !session )
|
||||
session = ssl->session;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) );
|
||||
|
||||
mbedtls_md5_init( &md5 );
|
||||
mbedtls_sha1_init( &sha1 );
|
||||
|
||||
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
|
||||
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
|
||||
|
||||
/*
|
||||
* TLSv1:
|
||||
* hash = PRF( master, finished_label,
|
||||
* MD5( handshake ) + SHA1( handshake ) )[0..11]
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_MD5_ALT)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
|
||||
md5.state, sizeof( md5.state ) );
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SHA1_ALT)
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
|
||||
sha1.state, sizeof( sha1.state ) );
|
||||
#endif
|
||||
|
||||
sender = ( from == MBEDTLS_SSL_IS_CLIENT )
|
||||
? "client finished"
|
||||
: "server finished";
|
||||
|
||||
mbedtls_md5_finish_ret( &md5, padbuf );
|
||||
mbedtls_sha1_finish_ret( &sha1, padbuf + 16 );
|
||||
|
||||
ssl->handshake->tls_prf( session->master, 48, sender,
|
||||
padbuf, 36, buf, len );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
|
||||
|
||||
mbedtls_md5_free( &md5 );
|
||||
mbedtls_sha1_free( &sha1 );
|
||||
|
||||
mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
static void ssl_calc_finished_tls_sha256(
|
||||
|
@ -3249,12 +2981,6 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
|||
{
|
||||
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_init( &handshake->fin_md5 );
|
||||
mbedtls_sha1_init( &handshake->fin_sha1 );
|
||||
mbedtls_md5_starts_ret( &handshake->fin_md5 );
|
||||
mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -3581,10 +3307,6 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
|
|||
ssl->out_msgtype = 0;
|
||||
ssl->out_msglen = 0;
|
||||
ssl->out_left = 0;
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
|
||||
ssl->split_done = 0;
|
||||
#endif
|
||||
|
||||
memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
|
||||
|
||||
|
@ -3668,12 +3390,10 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
|
||||
{
|
||||
conf->badmac_limit = limit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
||||
|
@ -3857,7 +3577,7 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
|||
if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
|
||||
return;
|
||||
|
||||
if( minor < MBEDTLS_SSL_MINOR_VERSION_1 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( minor != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
return;
|
||||
|
||||
set_protocol_version_ciphersuites(conf, minor, ciphersuites);
|
||||
|
@ -4425,13 +4145,6 @@ void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int mino
|
|||
conf->min_minor_ver = minor;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
|
||||
{
|
||||
conf->fallback = fallback;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
||||
char cert_req_ca_list )
|
||||
|
@ -4476,13 +4189,6 @@ void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
|
||||
{
|
||||
conf->cbc_record_splitting = split;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
|
||||
{
|
||||
conf->allow_legacy_renegotiation = allow_legacy;
|
||||
|
@ -5583,10 +5289,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
mbedtls_md5_free( &handshake->fin_md5 );
|
||||
mbedtls_sha1_free( &handshake->fin_sha1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -5714,11 +5416,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
|
|||
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
|
||||
#else
|
||||
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 0u
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
|
||||
|
@ -5935,7 +5633,6 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Saved fields from top-level ssl_context structure
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
used += 4;
|
||||
if( used <= buf_len )
|
||||
{
|
||||
|
@ -5944,7 +5641,6 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
|
|||
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
used += 16;
|
||||
|
@ -6200,7 +5896,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
/*
|
||||
* Saved fields from top-level ssl_context structure
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
if( (size_t)( end - p ) < 4 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -6209,7 +5904,6 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
( (uint32_t) p[2] << 8 ) |
|
||||
( (uint32_t) p[3] );
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
if( (size_t)( end - p ) < 16 )
|
||||
|
@ -6512,10 +6206,6 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
conf->f_cookie_write = ssl_cookie_write_dummy;
|
||||
conf->f_cookie_check = ssl_cookie_check_dummy;
|
||||
|
@ -6608,7 +6298,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
#endif
|
||||
const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
|
||||
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
|
@ -6985,17 +6675,6 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
|||
|
||||
switch( md )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
case MBEDTLS_SSL_HASH_MD5:
|
||||
return( -1 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
case MBEDTLS_SSL_HASH_SHA1:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls;
|
||||
break;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
case MBEDTLS_SSL_HASH_SHA384:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||
|
@ -7019,92 +6698,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
unsigned char *data, size_t data_len )
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_md5_context mbedtls_md5;
|
||||
mbedtls_sha1_context mbedtls_sha1;
|
||||
|
||||
mbedtls_md5_init( &mbedtls_md5 );
|
||||
mbedtls_sha1_init( &mbedtls_sha1 );
|
||||
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
* opaque md5_hash[16];
|
||||
* opaque sha_hash[20];
|
||||
* };
|
||||
*
|
||||
* md5_hash
|
||||
* MD5(ClientHello.random + ServerHello.random
|
||||
* + ServerParams);
|
||||
* sha_hash
|
||||
* SHA(ClientHello.random + ServerHello.random
|
||||
* + ServerParams);
|
||||
*/
|
||||
if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5,
|
||||
ssl->handshake->randbytes, 64 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1,
|
||||
ssl->handshake->randbytes, 64 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data,
|
||||
data_len ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1,
|
||||
output + 16 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_md5_free( &mbedtls_md5 );
|
||||
mbedtls_sha1_free( &mbedtls_sha1 );
|
||||
|
||||
if( ret != 0 )
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||
|
||||
return( ret );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
|
@ -7227,7 +6821,6 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
|
|
@ -111,9 +111,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
|||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
|
||||
#endif
|
||||
|
|
|
@ -220,8 +220,8 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
|
||||
0, hash, p ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
|
|
@ -229,7 +229,7 @@ int main( void )
|
|||
buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
|
||||
buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
|
||||
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
|
||||
0, hash, buf + n + 2 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
|
||||
|
|
|
@ -143,8 +143,7 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout );
|
||||
|
||||
ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
|
||||
&ctr_drbg, MBEDTLS_RSA_PUBLIC,
|
||||
strlen( argv[1] ), input, buf );
|
||||
&ctr_drbg, strlen( argv[1] ), input, buf );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
|
||||
|
|
|
@ -146,7 +146,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
|
||||
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
|
||||
20, hash, buf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
|
||||
|
|
|
@ -140,8 +140,8 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
|
||||
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
|
||||
20, hash, buf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
|
|
|
@ -250,13 +250,6 @@ int main( void )
|
|||
#define USAGE_MAX_FRAG_LEN ""
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
#define USAGE_RECSPLIT \
|
||||
" recsplit=0/1 default: (library default: on)\n"
|
||||
#else
|
||||
#define USAGE_RECSPLIT
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
#define USAGE_DHMLEN \
|
||||
" dhmlen=%%d default: (library default: 1024 bits)\n"
|
||||
|
@ -296,13 +289,6 @@ int main( void )
|
|||
#define USAGE_DTLS ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
#define USAGE_FALLBACK \
|
||||
" fallback=0/1 default: (library default: off)\n"
|
||||
#else
|
||||
#define USAGE_FALLBACK ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
#define USAGE_EMS \
|
||||
" extended_ms=0/1 default: (library default: on)\n"
|
||||
|
@ -411,20 +397,18 @@ int main( void )
|
|||
USAGE_TRUNC_HMAC \
|
||||
USAGE_CONTEXT_CRT_CB \
|
||||
USAGE_ALPN \
|
||||
USAGE_FALLBACK \
|
||||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
USAGE_REPRODUCIBLE \
|
||||
USAGE_CURVES \
|
||||
USAGE_RECSPLIT \
|
||||
USAGE_DHMLEN \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
" min_version=%%s default: (library default: tls1_2)\n" \
|
||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
" options: tls1_2, dtls1_2\n" \
|
||||
"\n" \
|
||||
" force_ciphersuite=<name> default: all enabled\n"\
|
||||
" query_config=<name> return 0 if the specified\n" \
|
||||
|
@ -1065,15 +1049,6 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
opt.alpn_string = q;
|
||||
}
|
||||
else if( strcmp( p, "fallback" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
|
||||
case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "extended_ms" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
|
@ -1100,12 +1075,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
|
@ -1113,12 +1083,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "max_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
|
@ -1135,27 +1100,11 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
}
|
||||
else if( strcmp( q, "tls1_1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
}
|
||||
else if( strcmp( q, "tls1_2" ) == 0 )
|
||||
if( strcmp( q, "tls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
else if( strcmp( q, "dtls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
else if( strcmp( q, "dtls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
|
@ -1377,10 +1326,10 @@ int main( int argc, char *argv[] )
|
|||
if( opt.min_version < ciphersuite_info->min_minor_ver )
|
||||
{
|
||||
opt.min_version = ciphersuite_info->min_minor_ver;
|
||||
/* DTLS starts with TLS 1.1 */
|
||||
/* DTLS starts with TLS 1.2 */
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -1808,13 +1757,6 @@ int main( int argc, char *argv[] )
|
|||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
if( opt.recsplit != DFL_RECSPLIT )
|
||||
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
|
||||
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
|
||||
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
if( opt.dhmlen != DFL_DHMLEN )
|
||||
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
|
||||
|
@ -1937,11 +1879,6 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
opt.max_version );
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
if( opt.fallback != DFL_FALLBACK )
|
||||
mbedtls_ssl_conf_fallback( &conf, opt.fallback );
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
|
||||
|
|
|
@ -874,7 +874,6 @@ void print_deserialized_ssl_context( const uint8_t *ssl, size_t len )
|
|||
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
|
||||
|
||||
print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
|
||||
print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
|
||||
print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
|
||||
print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
|
||||
|
||||
|
|
|
@ -365,12 +365,8 @@ int main( void )
|
|||
#define USAGE_ANTI_REPLAY ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
#define USAGE_BADMAC_LIMIT \
|
||||
" badmac_limit=%%d default: (library default: disabled)\n"
|
||||
#else
|
||||
#define USAGE_BADMAC_LIMIT ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#define USAGE_DTLS \
|
||||
|
@ -502,10 +498,10 @@ int main( void )
|
|||
USAGE_SSL_ASYNC \
|
||||
USAGE_SNI \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
" min_version=%%s default: (library default: tls1_2)\n" \
|
||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||
" force_version=%%s default: \"\" (none)\n" \
|
||||
" options: tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
|
||||
" options: tls1_2, dtls1_2\n" \
|
||||
"\n" \
|
||||
" version_suites=a,b,c per-version ciphersuites\n" \
|
||||
" in order from tls1 to tls1_2\n" \
|
||||
|
@ -1728,12 +1724,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "min_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
|
@ -1741,12 +1732,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "max_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
else if( strcmp( q, "tls1_1" ) == 0 ||
|
||||
strcmp( q, "dtls1" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
else if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
if( strcmp( q, "tls1_2" ) == 0 ||
|
||||
strcmp( q, "dtls1_2" ) == 0 )
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
else
|
||||
|
@ -1763,27 +1749,11 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "force_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "tls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
|
||||
}
|
||||
else if( strcmp( q, "tls1_1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
}
|
||||
else if( strcmp( q, "tls1_2" ) == 0 )
|
||||
if( strcmp( q, "tls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
}
|
||||
else if( strcmp( q, "dtls1" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
}
|
||||
else if( strcmp( q, "dtls1_2" ) == 0 )
|
||||
{
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
|
||||
|
@ -2713,10 +2683,8 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
|
||||
mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ else
|
|||
fi
|
||||
|
||||
# default values for options
|
||||
MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
|
||||
MODES="tls1_2 dtls1_2"
|
||||
VERIFIES="NO YES"
|
||||
TYPES="ECDSA RSA PSK"
|
||||
FILTER=""
|
||||
|
@ -155,19 +155,13 @@ log() {
|
|||
# is_dtls <mode>
|
||||
is_dtls()
|
||||
{
|
||||
test "$1" = "dtls1" -o "$1" = "dtls1_2"
|
||||
test "$1" = "dtls1_2"
|
||||
}
|
||||
|
||||
# minor_ver <mode>
|
||||
minor_ver()
|
||||
{
|
||||
case "$1" in
|
||||
tls1)
|
||||
echo 1
|
||||
;;
|
||||
tls1_1|dtls1)
|
||||
echo 2
|
||||
;;
|
||||
tls1_2|dtls1_2)
|
||||
echo 3
|
||||
;;
|
||||
|
@ -841,19 +835,9 @@ setup_arguments()
|
|||
{
|
||||
G_MODE=""
|
||||
case "$MODE" in
|
||||
"tls1")
|
||||
G_PRIO_MODE="+VERS-TLS1.0"
|
||||
;;
|
||||
"tls1_1")
|
||||
G_PRIO_MODE="+VERS-TLS1.1"
|
||||
;;
|
||||
"tls1_2")
|
||||
G_PRIO_MODE="+VERS-TLS1.2"
|
||||
;;
|
||||
"dtls1")
|
||||
G_PRIO_MODE="+VERS-DTLS1.0"
|
||||
G_MODE="-u"
|
||||
;;
|
||||
"dtls1_2")
|
||||
G_PRIO_MODE="+VERS-DTLS1.2"
|
||||
G_MODE="-u"
|
||||
|
|
|
@ -214,7 +214,6 @@ run_test "Default configuration, server" \
|
|||
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-u "MBEDTLS_SSL_ALPN$" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
|
@ -238,7 +237,6 @@ run_test "Default configuration, client" \
|
|||
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-u "MBEDTLS_SSL_ALPN$" \
|
||||
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
|
||||
|
@ -345,7 +343,6 @@ run_test "Minimal configuration, server" \
|
|||
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-n "MBEDTLS_SSL_ALPN$" \
|
||||
|
||||
|
@ -357,7 +354,6 @@ run_test "Minimal configuration, client" \
|
|||
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
|
||||
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
|
||||
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
|
||||
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
|
||||
-n "MBEDTLS_SSL_ALPN$" \
|
||||
|
||||
|
|
|
@ -828,6 +828,15 @@ component_test_psa_crypto_client () {
|
|||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_rsa_no_genprime() {
|
||||
msg "build: default config minus MBEDTLS_GENPRIME"
|
||||
scripts/config.py unset MBEDTLS_GENPRIME
|
||||
make
|
||||
|
||||
msg "test: default config minus MBEDTLS_GENPRIME"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_ref_configs () {
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
|
@ -2043,24 +2052,6 @@ component_test_variable_ssl_in_out_buffer_len_CID () {
|
|||
if_build_succeeded tests/compat.sh
|
||||
}
|
||||
|
||||
component_test_variable_ssl_in_out_buffer_len_record_splitting () {
|
||||
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)"
|
||||
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING
|
||||
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING"
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
|
||||
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
|
||||
if_build_succeeded tests/compat.sh
|
||||
}
|
||||
|
||||
component_test_ssl_alloc_buffer_and_mfl () {
|
||||
msg "build: default config with memory buffer allocator and MFL extension"
|
||||
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
|
|
|
@ -115,7 +115,7 @@ echo
|
|||
echo '################ compat.sh ################'
|
||||
{
|
||||
echo '#### compat.sh: Default versions'
|
||||
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||
sh compat.sh -m 'tls1_2 dtls1_2'
|
||||
echo
|
||||
|
||||
echo '#### compat.sh: legacy (null, DES, RC4)'
|
||||
|
|
|
@ -31,9 +31,6 @@ my %configs = (
|
|||
'config-ccm-psk-tls1_2.h' => {
|
||||
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
|
||||
},
|
||||
'config-mini-tls1_1.h' => {
|
||||
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #'
|
||||
},
|
||||
'config-no-entropy.h' => {
|
||||
},
|
||||
'config-suite-b.h' => {
|
||||
|
|
788
tests/ssl-opt.sh
788
tests/ssl-opt.sh
File diff suppressed because it is too large
Load diff
|
@ -70,13 +70,13 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
|
|||
}
|
||||
int mbedtls_rsa_sign_func( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
|
||||
mbedtls_test_rnd_std_rand, NULL, mode,
|
||||
mbedtls_test_rnd_std_rand, NULL,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
}
|
||||
size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
|
|
|
@ -36,8 +36,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
|
|||
message_str->x = NULL;
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
|
||||
&mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PUBLIC,
|
||||
message_str->len, message_str->x,
|
||||
&info, message_str->len,
|
||||
message_str->x,
|
||||
output ) == result );
|
||||
|
||||
if( result == 0 )
|
||||
|
@ -293,8 +293,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
|
|||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PRIVATE, digest,
|
||||
0, hash_result, output ) == result );
|
||||
&info, digest, 0, hash_result,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
||||
|
@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
|
|||
if( mbedtls_md_info_from_type( digest ) != NULL )
|
||||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
||||
|
|
|
@ -35,8 +35,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
|
|||
message_str->x = NULL;
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
|
||||
&mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PUBLIC,
|
||||
message_str->len, message_str->x,
|
||||
&info, message_str->len,
|
||||
message_str->x,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
@ -148,8 +148,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
|
|||
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
|
||||
{
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
|
||||
&info, MBEDTLS_RSA_PRIVATE, digest, 0,
|
||||
hash_result, output ) == result );
|
||||
&info, digest, 0,hash_result,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
|
||||
|
@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E,
|
|||
if( mbedtls_md_info_from_type( digest ) != NULL )
|
||||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
||||
|
@ -244,14 +244,13 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E,
|
|||
hash_len = message_str->len;
|
||||
}
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
msg_digest_id, hash_len, hash_result,
|
||||
result_str->x ) == result_simple );
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id,
|
||||
hash_len, hash_result,
|
||||
result_str->x ) == result_simple );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
||||
msg_digest_id, hash_len, hash_result,
|
||||
mgf_hash, salt_len,
|
||||
result_str->x ) == result_full );
|
||||
TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, msg_digest_id, hash_len,
|
||||
hash_result, mgf_hash, salt_len,
|
||||
result_str->x ) == result_full );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
||||
|
|
|
@ -3369,7 +3369,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTL
|
|||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 0 bits: invalid
|
||||
|
|
|
@ -23,8 +23,6 @@ void rsa_invalid_param( )
|
|||
mbedtls_rsa_context ctx;
|
||||
const int valid_padding = MBEDTLS_RSA_PKCS_V21;
|
||||
const int invalid_padding = 42;
|
||||
const int valid_mode = MBEDTLS_RSA_PRIVATE;
|
||||
const int invalid_mode = 42;
|
||||
unsigned char buf[42] = { 0 };
|
||||
size_t olen;
|
||||
|
||||
|
@ -103,77 +101,47 @@ void rsa_invalid_param( )
|
|||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
NULL, sizeof( buf ),
|
||||
buf, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||
NULL,
|
||||
invalid_mode,
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
NULL, sizeof( buf ),
|
||||
NULL, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
NULL, sizeof( buf ),
|
||||
buf, NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
buf, sizeof( buf ),
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
buf, sizeof( buf ),
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
NULL, sizeof( buf ),
|
||||
sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
buf, sizeof( buf ),
|
||||
sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
buf, sizeof( buf ),
|
||||
sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
|
@ -235,81 +203,54 @@ void rsa_invalid_param( )
|
|||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
@ -337,119 +278,76 @@ void rsa_invalid_param( )
|
|||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_pkcs1_verify( NULL,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx,
|
||||
0, sizeof( buf ), NULL,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx,
|
||||
0, sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_pkcs1_verify( &ctx,
|
||||
MBEDTLS_MD_SHA1, 0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||
NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ), buf,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
|
||||
0, sizeof( buf ),
|
||||
NULL, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
|
||||
0, sizeof( buf ), buf,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, NULL,
|
||||
NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify( NULL,
|
||||
0, sizeof( buf ),
|
||||
buf, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ),
|
||||
buf, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx,
|
||||
0, sizeof( buf ),
|
||||
NULL, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx,
|
||||
0, sizeof( buf ),
|
||||
buf, NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify( &ctx,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
buf ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( NULL, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( NULL,
|
||||
0, sizeof( buf ),
|
||||
buf,
|
||||
0, 0,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||
invalid_mode,
|
||||
0, sizeof( buf ),
|
||||
buf,
|
||||
0, 0,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
|
||||
0, sizeof( buf ),
|
||||
NULL, 0, 0,
|
||||
buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
|
||||
0, sizeof( buf ),
|
||||
buf, 0, 0,
|
||||
NULL ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL,
|
||||
valid_mode,
|
||||
mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
|
||||
MBEDTLS_MD_SHA1,
|
||||
0, NULL,
|
||||
0, 0,
|
||||
|
@ -524,8 +422,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
|
|||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
|
||||
&rnd_info, MBEDTLS_RSA_PRIVATE, digest,
|
||||
0, hash_result, output ) == result );
|
||||
&rnd_info, digest, 0, hash_result,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
||||
|
@ -565,7 +463,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
|
|||
if( mbedtls_md_info_from_type( digest ) != NULL )
|
||||
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
||||
|
@ -605,42 +503,14 @@ void rsa_pkcs1_sign_raw( data_t * hash_result,
|
|||
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
|
||||
&rnd_info, MBEDTLS_RSA_PRIVATE,
|
||||
MBEDTLS_MD_NONE, hash_result->len,
|
||||
&rnd_info, MBEDTLS_MD_NONE,
|
||||
hash_result->len,
|
||||
hash_result->x, output ) == 0 );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
|
||||
ctx.len, result_str->len ) == 0 );
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
|
||||
if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
|
||||
{
|
||||
int res;
|
||||
memset( output, 0x00, sizeof( output) );
|
||||
|
||||
res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
|
||||
&mbedtls_test_rnd_pseudo_rand, &rnd_info,
|
||||
MBEDTLS_RSA_PRIVATE, hash_result->len,
|
||||
hash_result->x, output );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
TEST_ASSERT( res == 0 );
|
||||
#else
|
||||
TEST_ASSERT( ( res == 0 ) ||
|
||||
( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) );
|
||||
#endif
|
||||
|
||||
if( res == 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x,
|
||||
ctx.len,
|
||||
result_str->len ) == 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PKCS1_V15 */
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
|
||||
mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
|
||||
|
@ -672,7 +542,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result,
|
|||
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
|
||||
|
@ -708,8 +578,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
|
|||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
|
||||
&mbedtls_test_rnd_pseudo_rand,
|
||||
&rnd_info, MBEDTLS_RSA_PUBLIC,
|
||||
message_str->len, message_str->x,
|
||||
&rnd_info, message_str->len,
|
||||
message_str->x,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
@ -748,8 +618,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
|
|||
|
||||
|
||||
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
|
||||
NULL, MBEDTLS_RSA_PUBLIC,
|
||||
message_str->len, message_str->x,
|
||||
NULL, message_str->len,
|
||||
message_str->x,
|
||||
output ) == result );
|
||||
if( result == 0 )
|
||||
{
|
||||
|
|
|
@ -16,11 +16,11 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
|
|||
}
|
||||
int mbedtls_rsa_sign_func( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
}
|
||||
size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue