arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

Update to latest BearSSL library version, fixes #4898 (#4900)

Browse Source 
* Update to latest BearSSL library version, fixes #4898

* Actually install the updated BearSSL lib/headers
This commit is contained in:
Earle F. Philhower, III 2018-07-09 06:05:40 -07:00 committed by GitHub
parent 89d2f42153
commit 00c35be985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 314 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/sdk/include/bearssl/bearssl_aead.h
View File

@ -877,7 +877,7 @@ extern const br_aead_class br_eax_vtable;
* can still be provided by chunks, but the total size must match
* the value provided upon initialisation.
*
* - The nonce length is constrained betwen 7 and 13 bytes (inclusive).
* - The nonce length is constrained between 7 and 13 bytes (inclusive).
* Furthermore, the plaintext length, when encoded, must fit over
* 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
* the plaintext length cannot exceed 65535 bytes.

2
tools/sdk/include/bearssl/bearssl_git.h
View File

@ -1,2 +1,2 @@
// Do not edit -- Automatically generated by tools/sdk/ssl/bearssl/Makefile
#define BEARSSL_GIT 94e9704
#define BEARSSL_GIT 6d1cefc

2
tools/sdk/include/bearssl/bearssl_hash.h
View File

@ -93,7 +93,7 @@ extern "C" {
* - `br_xxx_out(const br_xxx_context *ctx, void *out)`
*
* Complete the hash computation and write the result in the provided
* buffer. The output buffer MUST be large enough to accomodate the
* buffer. The output buffer MUST be large enough to accommodate the
* result. The context is NOT modified by this operation, so this
* function can be used to get a "partial hash" while still keeping
* the possibility of adding more bytes to the input.

2
tools/sdk/include/bearssl/bearssl_hmac.h
View File

@ -155,7 +155,7 @@ void br_hmac_update(br_hmac_context *ctx, const void *data, size_t len);
/**
* \brief Compute the HMAC output.
*
* The destination buffer MUST be large enough to accomodate the result;
* The destination buffer MUST be large enough to accommodate the result;
* its length is at most the "natural length" of HMAC (i.e. the output
* length of the underlying hash function). The context is NOT modified;
* further bytes may be processed. Thus, "partial HMAC" values can be

2
tools/sdk/include/bearssl/bearssl_prf.h
View File

@ -37,7 +37,7 @@ extern "C" {
* # The TLS PRF
*
* The "PRF" is the pseudorandom function used internally during the
* SSL/TLS handshake, notably to expand negociated shared secrets into
* SSL/TLS handshake, notably to expand negotiated shared secrets into
* the symmetric encryption keys that will be used to process the
* application data.
*

2
tools/sdk/include/bearssl/bearssl_rand.h
View File

@ -279,7 +279,7 @@ typedef int (*br_prng_seeder)(const br_prng_class **ctx);
* is returned.
*
* If `name` is not `NULL`, then `*name` is set to a symbolic string
* that identifies the seeder implemention. If no seeder is returned
* that identifies the seeder implementation. If no seeder is returned
* and `name` is not `NULL`, then `*name` is set to a pointer to the
* constant string `"none"`.
*

304
tools/sdk/include/bearssl/bearssl_rsa.h
View File

@ -277,6 +277,57 @@ typedef uint32_t (*br_rsa_pkcs1_vrfy)(const unsigned char *x, size_t xlen,
const unsigned char *hash_oid, size_t hash_len,
const br_rsa_public_key *pk, unsigned char *hash_out);
/**
* \brief Type for a RSA encryption engine (OAEP).
*
* Parameters are:
*
* - A source of random bytes. The source must be already initialized.
*
* - A hash function, used internally with the mask generation function
* (MGF1).
*
* - A label. The `label` pointer may be `NULL` if `label_len` is zero
* (an empty label, which is the default in PKCS#1 v2.2).
*
* - The public key.
*
* - The destination buffer. Its maximum length (in bytes) is provided;
* if that length is lower than the public key length, then an error
* is reported.
*
* - The source message.
*
* The encrypted message output has exactly the same length as the modulus
* (mathematical length, in bytes, not counting extra leading zeros in the
* modulus representation in the public key).
*
* The source message (`src`, length `src_len`) may overlap with the
* destination buffer (`dst`, length `dst_max_len`).
*
* This function returns the actual encrypted message length, in bytes;
* on error, zero is returned. An error is reported if the output buffer
* is not large enough, or the public is invalid, or the public key
* modulus exceeds the maximum supported RSA size.
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
typedef size_t (*br_rsa_oaep_encrypt)(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief Type for a RSA private key engine.
*
@ -362,6 +413,47 @@ typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid,
#define BR_HASH_OID_SHA512 \
((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03")
/**
* \brief Type for a RSA decryption engine (OAEP).
*
* Parameters are:
*
* - A hash function, used internally with the mask generation function
* (MGF1).
*
* - A label. The `label` pointer may be `NULL` if `label_len` is zero
* (an empty label, which is the default in PKCS#1 v2.2).
*
* - The private key.
*
* - The source and destination buffer. The buffer initially contains
* the encrypted message; the buffer contents are altered, and the
* decrypted message is written at the start of that buffer
* (decrypted message is always shorter than the encrypted message).
*
* If decryption fails in any way, then `*len` is unmodified, and the
* function returns 0. Otherwise, `*len` is set to the decrypted message
* length, and 1 is returned. The implementation is responsible for
* checking that the input message length matches the key modulus length,
* and that the padding is correct.
*
* Implementations MUST use constant-time check of the validity of the
* OAEP padding, at least until the leading byte and hash value have
* been checked. Whether overall decryption worked, and the length of
* the decrypted message, may leak.
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_oaep_decrypt)(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/*
* RSA "i32" engine. Integers are internally represented as arrays of
* 32-bit integers, and the core multiplication primitive is the
@ -501,7 +593,7 @@ uint32_t br_rsa_i31_pkcs1_sign(const unsigned char *hash_oid,
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_public_get()` to dynamically obtain a pointer
* to that functiom.
* to that function.
*
* \see br_rsa_public
*
@ -518,7 +610,7 @@ uint32_t br_rsa_i62_public(unsigned char *x, size_t xlen,
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pkcs1_vrfy_get()` to dynamically obtain a pointer
* to that functiom.
* to that function.
*
* \see br_rsa_pkcs1_vrfy
*
@ -539,7 +631,7 @@ uint32_t br_rsa_i62_pkcs1_vrfy(const unsigned char *x, size_t xlen,
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_private_get()` to dynamically obtain a pointer
* to that functiom.
* to that function.
*
* \see br_rsa_private
*
@ -555,7 +647,7 @@ uint32_t br_rsa_i62_private(unsigned char *x,
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer
* to that functiom.
* to that function.
*
* \see br_rsa_pkcs1_sign
*
@ -602,6 +694,22 @@ br_rsa_private br_rsa_i62_private_get(void);
*/
br_rsa_pkcs1_sign br_rsa_i62_pkcs1_sign_get(void);
/**
* \brief Get the RSA "i62" implementation (OAEP encryption),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_oaep_encrypt br_rsa_i62_oaep_encrypt_get(void);
/**
* \brief Get the RSA "i62" implementation (OAEP decryption),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_oaep_decrypt br_rsa_i62_oaep_decrypt_get(void);
/*
* RSA "i15" engine. Integers are represented as 15-bit integers, so
* the code uses only 32-bit multiplication (no 64-bit result), which
@ -706,6 +814,26 @@ br_rsa_pkcs1_vrfy br_rsa_pkcs1_vrfy_get_default(void);
*/
br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void);
/**
* \brief Get "default" RSA implementation (OAEP encryption).
*
* This returns the preferred implementation of RSA (OAEP encryption)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_oaep_encrypt br_rsa_oaep_encrypt_get_default(void);
/**
* \brief Get "default" RSA implementation (OAEP decryption).
*
* This returns the preferred implementation of RSA (OAEP decryption)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_oaep_decrypt br_rsa_oaep_decrypt_get_default(void);
/**
* \brief RSA decryption helper, for SSL/TLS.
*
@ -736,6 +864,174 @@ br_rsa_pkcs1_sign br_rsa_pkcs1_sign_get_default(void);
uint32_t br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk,
unsigned char *data, size_t len);
/**
* \brief RSA encryption (OAEP) with the "i15" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i15_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i15" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i31" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i31_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i31" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i32" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i32_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i32" engine.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_oaep_encrypt_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param pk RSA public key.
* \param dst destination buffer.
* \param dst_max_len destination buffer length (maximum encrypted data size).
* \param src message to encrypt.
* \param src_len source message length (in bytes).
* \return encrypted message length (in bytes), or 0 on error.
*/
size_t br_rsa_i62_oaep_encrypt(
const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_public_key *pk,
void *dst, size_t dst_max_len,
const void *src, size_t src_len);
/**
* \brief RSA decryption (OAEP) with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_oaep_decrypt_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_oaep_decrypt
*
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
#ifdef __cplusplus
}
#endif

12
tools/sdk/include/bearssl/bearssl_ssl.h
View File

@ -1278,7 +1278,7 @@ br_ssl_engine_get_hash(br_ssl_engine_context *ctx, int id)
/**
* \brief Set the PRF implementation (for TLS 1.0 and 1.1).
*
* This function sets (or removes, if `impl` is `NULL`) the implemenation
* This function sets (or removes, if `impl` is `NULL`) the implementation
* for the PRF used in TLS 1.0 and 1.1.
*
* \param cc SSL engine context.
@ -1293,7 +1293,7 @@ br_ssl_engine_set_prf10(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/**
* \brief Set the PRF implementation with SHA-256 (for TLS 1.2).
*
* This function sets (or removes, if `impl` is `NULL`) the implemenation
* This function sets (or removes, if `impl` is `NULL`) the implementation
* for the SHA-256 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
@ -1308,7 +1308,7 @@ br_ssl_engine_set_prf_sha256(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/**
* \brief Set the PRF implementation with SHA-384 (for TLS 1.2).
*
* This function sets (or removes, if `impl` is `NULL`) the implemenation
* This function sets (or removes, if `impl` is `NULL`) the implementation
* for the SHA-384 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
@ -1916,7 +1916,7 @@ br_ssl_engine_last_error(const br_ssl_engine_context *cc)
* Informs the engine that 'len' bytes have been read from the buffer
* (extract operation) or written to the buffer (inject operation).
* The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed
* that which was obtained from a preceeding br_ssl_engine_xxx_buf()
* that which was obtained from a preceding br_ssl_engine_xxx_buf()
* call.
*/
@ -2517,7 +2517,7 @@ struct br_ssl_client_context_ {
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
* - If ECDSA is suported with hash function of ID `x`, then bit `8+x`
* - If ECDSA is supported with hash function of ID `x`, then bit `8+x`
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not
@ -3564,7 +3564,7 @@ br_ssl_server_get_client_suites(const br_ssl_server_context *cc, size_t *num)
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
* - If ECDSA is suported with hash function of ID `x`, then bit `8+x`
* - If ECDSA is supported with hash function of ID `x`, then bit `8+x`
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not

2
tools/sdk/include/bearssl/bearssl_x509.h
View File

@ -360,7 +360,7 @@ typedef struct {
* - `end_chain()` is called when the last certificate in the chain
* was processed.
* - `get_pkey()` is called after chain processing, if the chain
* validation was succesfull.
* validation was successful.
*
* A context structure may be reused; the `start_chain()` method shall
* ensure (re)initialisation.

BIN
tools/sdk/lib/libbearssl.a
View File

Binary file not shown.

2
tools/sdk/ssl/bearssl

@ -1 +1 @@
Subproject commit 94e97043bbdebed43ecd9372bd7fd21d45bd789f
Subproject commit 6d1cefcf70fcfefb4628047b7376a7147f2130cf