arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

Update to latest BearSSL library version, fixes #4898 (#4900)

Browse Source 
* Update to latest BearSSL library version, fixes #4898

* Actually install the updated BearSSL lib/headers
This commit is contained in:
Earle F. Philhower, III 2018-07-09 06:05:40 -07:00 committed by GitHub
parent 89d2f42153
commit 00c35be985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 314 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/sdk/include/bearssl/bearssl_aead.h
View File

@ -877,7 +877,7 @@ extern const br_aead_class br_eax_vtable;
* can still be provided by chunks, but the total size must match * can still be provided by chunks, but the total size must match
* the value provided upon initialisation. * the value provided upon initialisation.
* *
* - The nonce length is constrained betwen 7 and 13 bytes (inclusive). * - The nonce length is constrained between 7 and 13 bytes (inclusive).
* Furthermore, the plaintext length, when encoded, must fit over * Furthermore, the plaintext length, when encoded, must fit over
* 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then * 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
* the plaintext length cannot exceed 65535 bytes. * the plaintext length cannot exceed 65535 bytes.

2
tools/sdk/include/bearssl/bearssl_git.h
View File

@ -1,2 +1,2 @@
// Do not edit -- Automatically generated by tools/sdk/ssl/bearssl/Makefile // Do not edit -- Automatically generated by tools/sdk/ssl/bearssl/Makefile
#define BEARSSL_GIT 94e9704 #define BEARSSL_GIT 6d1cefc

2
tools/sdk/include/bearssl/bearssl_hash.h
View File

@ -93,7 +93,7 @@ extern "C" {
* - `br_xxx_out(const br_xxx_context *ctx, void *out)` * - `br_xxx_out(const br_xxx_context *ctx, void *out)`
* *
* Complete the hash computation and write the result in the provided * Complete the hash computation and write the result in the provided
* buffer. The output buffer MUST be large enough to accomodate the * buffer. The output buffer MUST be large enough to accommodate the
* result. The context is NOT modified by this operation, so this * result. The context is NOT modified by this operation, so this
* function can be used to get a "partial hash" while still keeping * function can be used to get a "partial hash" while still keeping
* the possibility of adding more bytes to the input. * the possibility of adding more bytes to the input.

2
tools/sdk/include/bearssl/bearssl_hmac.h
View File

@ -155,7 +155,7 @@ void br_hmac_update(br_hmac_context *ctx, const void *data, size_t len);
/** /**
* \brief Compute the HMAC output. * \brief Compute the HMAC output.
* *
* The destination buffer MUST be large enough to accomodate the result; * The destination buffer MUST be large enough to accommodate the result;
* its length is at most the "natural length" of HMAC (i.e. the output * its length is at most the "natural length" of HMAC (i.e. the output
* length of the underlying hash function). The context is NOT modified; * length of the underlying hash function). The context is NOT modified;
* further bytes may be processed. Thus, "partial HMAC" values can be * further bytes may be processed. Thus, "partial HMAC" values can be

2
tools/sdk/include/bearssl/bearssl_prf.h
View File

@ -37,7 +37,7 @@ extern "C" {
* # The TLS PRF * # The TLS PRF
* *
* The "PRF" is the pseudorandom function used internally during the * The "PRF" is the pseudorandom function used internally during the
* SSL/TLS handshake, notably to expand negociated shared secrets into * SSL/TLS handshake, notably to expand negotiated shared secrets into
* the symmetric encryption keys that will be used to process the * the symmetric encryption keys that will be used to process the
* application data. * application data.
* *

2
tools/sdk/include/bearssl/bearssl_rand.h
View File

@ -279,7 +279,7 @@ typedef int (*br_prng_seeder)(const br_prng_class **ctx);
* is returned. * is returned.
* *
* If `name` is not `NULL`, then `*name` is set to a symbolic string * If `name` is not `NULL`, then `*name` is set to a symbolic string
* that identifies the seeder implemention. If no seeder is returned * that identifies the seeder implementation. If no seeder is returned
* and `name` is not `NULL`, then `*name` is set to a pointer to the * and `name` is not `NULL`, then `*name` is set to a pointer to the
* constant string `"none"`. * constant string `"none"`.
* *

304
tools/sdk/include/bearssl/bearssl_rsa.h
View File

@ -277,6 +277,57 @@ typedef uint32_t (*br_rsa_pkcs1_vrfy)(const unsigned char *x, size_t xlen,
const unsigned char *hash_oid, size_t hash_len, const unsigned char *hash_oid, size_t hash_len,
const br_rsa_public_key *pk, unsigned char *hash_out); const br_rsa_public_key *pk, unsigned char *hash_out);
/**
* \brief Type for a RSA encryption engine (OAEP).
*
* Parameters are:
*
* - A source of random bytes. The source must be already initialized.
*
* - A hash function, used internally with the mask generation function
* (MGF1).
*
* - A label. The `label` pointer may be `NULL` if `label_len` is zero
* (an empty label, which is the default in PKCS#1 v2.2).
*
* - The public key.
*
* - The destination buffer. Its maximum length (in bytes) is provided;
* if that length is lower than the public key length, then an error
* is reported.
*
* - The source message.
*
* The encrypted message output has exactly the same length as the modulus
* (mathematical length, in bytes, not counting extra leading zeros in the
* modulus representation in the public key).
*
* The source message (`src`, length `src_len`) may overlap with the
* destination buffer (`dst`, length `dst_max_len`).
*
* This function returns the actual encrypted message length, in bytes;
* on error, zero is returned. An error is reported if the output buffer
* is not large enough, or the public is invalid, or the public key
* modulus exceeds the maximum supported RSA size.
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
typedef size_t (*br_rsa_oaep_encrypt)(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/** /**
* \brief Type for a RSA private key engine. * \brief Type for a RSA private key engine.
* *
@ -362,6 +413,47 @@ typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid,
#define BR_HASH_OID_SHA512 \ #define BR_HASH_OID_SHA512 \
((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03") ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03")
/**
* \brief Type for a RSA decryption engine (OAEP).
*
* Parameters are:
*
* - A hash function, used internally with the mask generation function
* (MGF1).
*
* - A label. The `label` pointer may be `NULL` if `label_len` is zero
* (an empty label, which is the default in PKCS#1 v2.2).
*
* - The private key.
*
* - The source and destination buffer. The buffer initially contains
* the encrypted message; the buffer contents are altered, and the
* decrypted message is written at the start of that buffer
* (decrypted message is always shorter than the encrypted message).
*
* If decryption fails in any way, then `*len` is unmodified, and the
* function returns 0. Otherwise, `*len` is set to the decrypted message
* length, and 1 is returned. The implementation is responsible for
* checking that the input message length matches the key modulus length,
* and that the padding is correct.
*
* Implementations MUST use constant-time check of the validity of the
* OAEP padding, at least until the leading byte and hash value have
* been checked. Whether overall decryption worked, and the length of
* the decrypted message, may leak.
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_oaep_decrypt)(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/* /*
* RSA "i32" engine. Integers are internally represented as arrays of * RSA "i32" engine. Integers are internally represented as arrays of
* 32-bit integers, and the core multiplication primitive is the * 32-bit integers, and the core multiplication primitive is the
@ -501,7 +593,7 @@ uint32_t br_rsa_i31_pkcs1_sign(const unsigned char *hash_oid,
* *
* This function is defined only on architecture that offer a 64x64->128 * This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_public_get()` to dynamically obtain a pointer * opcode. Use `br_rsa_i62_public_get()` to dynamically obtain a pointer
* to that functiom. * to that function.
* *
* \see br_rsa_public * \see br_rsa_public
* *
@ -518,7 +610,7 @@ uint32_t br_rsa_i62_public(unsigned char *x, size_t xlen,
* *
* This function is defined only on architecture that offer a 64x64->128 * This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pkcs1_vrfy_get()` to dynamically obtain a pointer * opcode. Use `br_rsa_i62_pkcs1_vrfy_get()` to dynamically obtain a pointer
* to that functiom. * to that function.
* *
* \see br_rsa_pkcs1_vrfy * \see br_rsa_pkcs1_vrfy
* *
@ -539,7 +631,7 @@ uint32_t br_rsa_i62_pkcs1_vrfy(const unsigned char *x, size_t xlen,
* *
* This function is defined only on architecture that offer a 64x64->128 * This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_private_get()` to dynamically obtain a pointer * opcode. Use `br_rsa_i62_private_get()` to dynamically obtain a pointer
* to that functiom. * to that function.
* *
* \see br_rsa_private * \see br_rsa_private
* *
@ -555,7 +647,7 @@ uint32_t br_rsa_i62_private(unsigned char *x,
* *
* This function is defined only on architecture that offer a 64x64->128 * This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer * opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer
* to that functiom. * to that function.
* *
* \see br_rsa_pkcs1_sign * \see br_rsa_pkcs1_sign
* *
@ -602,6 +694,22 @@ br_rsa_private br_rsa_i62_private_get(void);
*/ */
br_rsa_pkcs1_sign br_rsa_i62_pkcs1_sign_get(void); br_rsa_pkcs1_sign br_rsa_i62_pkcs1_sign_get(void);
/**
* \brief Get the RSA "i62" implementation (OAEP encryption),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_oaep_encrypt br_rsa_i62_oaep_encrypt_get(void);
/**
* \brief Get the RSA "i62" implementation (OAEP decryption),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_oaep_decrypt br_rsa_i62_oaep_decrypt_get(void);
/* /*
* RSA "i15" engine. Integers are represented as 15-bit integers, so * RSA "i15" engine. Integers are represented as 15-bit integers, so
* the code uses only 32-bit multiplication (no 64-bit result), which * the code uses only 32-bit multiplication (no 64-bit result), which
@ -706,6 +814,26 @@ br_rsa_pkcs1_vrfy br_rsa_pkcs1_vrfy_get_default(void);
*/ */
br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void); br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void);
/**
* \brief Get "default" RSA implementation (OAEP encryption).
*
* This returns the preferred implementation of RSA (OAEP encryption)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_oaep_encrypt br_rsa_oaep_encrypt_get_default(void);
/**
* \brief Get "default" RSA implementation (OAEP decryption).
*
* This returns the preferred implementation of RSA (OAEP decryption)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_oaep_decrypt br_rsa_oaep_decrypt_get_default(void);
/** /**
* \brief RSA decryption helper, for SSL/TLS. * \brief RSA decryption helper, for SSL/TLS.
* *
@ -736,6 +864,174 @@ br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void);
uint32_t br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk, uint32_t br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk,
unsigned char *data, size_t len); unsigned char *data, size_t len);
/**
* \brief RSA encryption (OAEP) with the "i15" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i15_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i15" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i31" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i31_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i31" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i32" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i32_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i32" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_oaep_encrypt_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i62_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_oaep_decrypt_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

12
tools/sdk/include/bearssl/bearssl_ssl.h
View File

@ -1278,7 +1278,7 @@ br_ssl_engine_get_hash(br_ssl_engine_context *ctx, int id)
/** /**
* \brief Set the PRF implementation (for TLS 1.0 and 1.1). * \brief Set the PRF implementation (for TLS 1.0 and 1.1).
* *
* This function sets (or removes, if `impl` is `NULL`) the implemenation * This function sets (or removes, if `impl` is `NULL`) the implementation
* for the PRF used in TLS 1.0 and 1.1. * for the PRF used in TLS 1.0 and 1.1.
* *
* \param cc SSL engine context. * \param cc SSL engine context.
@ -1293,7 +1293,7 @@ br_ssl_engine_set_prf10(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/** /**
* \brief Set the PRF implementation with SHA-256 (for TLS 1.2). * \brief Set the PRF implementation with SHA-256 (for TLS 1.2).
* *
* This function sets (or removes, if `impl` is `NULL`) the implemenation * This function sets (or removes, if `impl` is `NULL`) the implementation
* for the SHA-256 variant of the PRF used in TLS 1.2. * for the SHA-256 variant of the PRF used in TLS 1.2.
* *
* \param cc SSL engine context. * \param cc SSL engine context.
@ -1308,7 +1308,7 @@ br_ssl_engine_set_prf_sha256(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/** /**
* \brief Set the PRF implementation with SHA-384 (for TLS 1.2). * \brief Set the PRF implementation with SHA-384 (for TLS 1.2).
* *
* This function sets (or removes, if `impl` is `NULL`) the implemenation * This function sets (or removes, if `impl` is `NULL`) the implementation
* for the SHA-384 variant of the PRF used in TLS 1.2. * for the SHA-384 variant of the PRF used in TLS 1.2.
* *
* \param cc SSL engine context. * \param cc SSL engine context.
@ -1916,7 +1916,7 @@ br_ssl_engine_last_error(const br_ssl_engine_context *cc)
* Informs the engine that 'len' bytes have been read from the buffer * Informs the engine that 'len' bytes have been read from the buffer
* (extract operation) or written to the buffer (inject operation). * (extract operation) or written to the buffer (inject operation).
* The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed * The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed
* that which was obtained from a preceeding br_ssl_engine_xxx_buf() * that which was obtained from a preceding br_ssl_engine_xxx_buf()
* call. * call.
*/ */
@ -2517,7 +2517,7 @@ struct br_ssl_client_context_ {
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family). * or 2 to 6 for the SHA family).
* *
* - If ECDSA is suported with hash function of ID `x`, then bit `8+x` * - If ECDSA is supported with hash function of ID `x`, then bit `8+x`
* is set. * is set.
* *
* - Newer algorithms are symbolic 16-bit identifiers that do not * - Newer algorithms are symbolic 16-bit identifiers that do not
@ -3564,7 +3564,7 @@ br_ssl_server_get_client_suites(const br_ssl_server_context *cc, size_t *num)
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1, * then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family). * or 2 to 6 for the SHA family).
* *
* - If ECDSA is suported with hash function of ID `x`, then bit `8+x` * - If ECDSA is supported with hash function of ID `x`, then bit `8+x`
* is set. * is set.
* *
* - Newer algorithms are symbolic 16-bit identifiers that do not * - Newer algorithms are symbolic 16-bit identifiers that do not

2
tools/sdk/include/bearssl/bearssl_x509.h
View File

@ -360,7 +360,7 @@ typedef struct {
* - `end_chain()` is called when the last certificate in the chain * - `end_chain()` is called when the last certificate in the chain
* was processed. * was processed.
* - `get_pkey()` is called after chain processing, if the chain * - `get_pkey()` is called after chain processing, if the chain
* validation was succesfull. * validation was successful.
* *
* A context structure may be reused; the `start_chain()` method shall * A context structure may be reused; the `start_chain()` method shall
* ensure (re)initialisation. * ensure (re)initialisation.

BIN
tools/sdk/lib/libbearssl.a
View File

Binary file not shown.

2
tools/sdk/ssl/bearssl

@ -1 +1 @@
Subproject commit 94e97043bbdebed43ecd9372bd7fd21d45bd789f Subproject commit 6d1cefcf70fcfefb4628047b7376a7147f2130cf