arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

Merge branch upstream into axtls-upgrade

Browse Source
This commit is contained in:
Jens Mueller
2016-05-13 23:40:49 +02:00
parent 6209eaca16 d1bcdc5f97
commit 36e8b497ba
21 changed files with 932 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
ssl/asn1.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -40,22 +40,42 @@
#include "crypto.h"
#include "crypto_misc.h"
#define SIG_OID_PREFIX_SIZE 8
#define SIG_IIS6_OID_SIZE 5
#define SIG_SUBJECT_ALT_NAME_SIZE 3
/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
/* 1.2.840.113549.1.1 OID prefix - handle the following */
/* md5WithRSAEncryption(4) */
/* sha1WithRSAEncryption(5) */
/* sha256WithRSAEncryption (11) */
/* sha384WithRSAEncryption (12) */
/* sha512WithRSAEncryption (13) */
static const uint8_t sig_oid_prefix[] =
{
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
};
static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
/* 1.3.14.3.2.29 SHA1 with RSA signature */
static const uint8_t sig_sha1WithRSAEncrypt[] =
{
0x2b, 0x0e, 0x03, 0x02, 0x1d
};
static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
/* 2.16.840.1.101.3.4.2.1 SHA-256 */
static const uint8_t sig_sha256[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
};
/* 2.16.840.1.101.3.4.2.2 SHA-384 */
static const uint8_t sig_sha384[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
};
/* 2.16.840.1.101.3.4.2.3 SHA-512 */
static const uint8_t sig_sha512[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
};
static const uint8_t sig_subject_alt_name[] =
{
0x55, 0x1d, 0x11
};
@ -63,9 +83,10 @@ static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
/* CN, O, OU */
static const uint8_t g_dn_types[] = { 3, 10, 11 };
int get_asn1_length(const uint8_t *buf, int *offset)
uint32_t get_asn1_length(const uint8_t *buf, int *offset)
{
int len, i;
int i;
uint32_t len;
if (!(buf[*offset] & 0x80)) /* short form */
{
@ -74,6 +95,9 @@ int get_asn1_length(const uint8_t *buf, int *offset)
else /* long form */
{
int length_bytes = buf[(*offset)++]&0x7f;
if (length_bytes > 4) /* limit number of bytes */
return 0;
len = 0;
for (i = 0; i < length_bytes; i++)
{
@ -205,30 +229,64 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
*/
static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
{
int ret = X509_NOT_OK, len, t_offset;
int ret = X509_NOT_OK, len, t_offset, abs_year;
struct tm tm;
if (buf[(*offset)++] != ASN1_UTC_TIME)
goto end_utc_time;
len = get_asn1_length(buf, offset);
t_offset = *offset;
memset(&tm, 0, sizeof(struct tm));
tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
if (tm.tm_year <= 50) /* 1951-2050 thing */
/* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */
if (buf[*offset] == ASN1_UTC_TIME)
{
tm.tm_year += 100;
(*offset)++;
len = get_asn1_length(buf, offset);
t_offset = *offset;
memset(&tm, 0, sizeof(struct tm));
tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
if (tm.tm_year <= 50) /* 1951-2050 thing */
{
tm.tm_year += 100;
}
tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
*t = mktime(&tm);
*offset += len;
ret = X509_OK;
}
else if (buf[*offset] == ASN1_GENERALIZED_TIME)
{
(*offset)++;
len = get_asn1_length(buf, offset);
t_offset = *offset;
memset(&tm, 0, sizeof(struct tm));
abs_year = ((buf[t_offset] - '0')*1000 +
(buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 +
(buf[t_offset+3] - '0'));
if (abs_year <= 1901)
{
tm.tm_year = 1;
tm.tm_mon = 0;
tm.tm_mday = 1;
}
else
{
tm.tm_year = abs_year - 1900;
tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
*t = mktime(&tm);
}
*offset += len;
ret = X509_OK;
}
tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
*t = mktime(&tm);
*offset += len;
ret = X509_OK;
end_utc_time:
return ret;
}
@ -519,7 +577,7 @@ int asn1_find_oid(const uint8_t* cert, int* offset,
int asn1_find_subjectaltname(const uint8_t* cert, int offset)
{
if (asn1_find_oid(cert, &offset, sig_subject_alt_name,
SIG_SUBJECT_ALT_NAME_SIZE))
sizeof(sig_subject_alt_name)))
{
return offset;
}
@ -543,17 +601,47 @@ int asn1_signature_type(const uint8_t *cert,
len = get_asn1_length(cert, offset);
if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset],
SIG_IIS6_OID_SIZE) == 0)
if (len == sizeof(sig_sha1WithRSAEncrypt) &&
memcmp(sig_sha1WithRSAEncrypt, &cert[*offset],
sizeof(sig_sha1WithRSAEncrypt)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA1;
}
else if (len == sizeof(sig_sha256) &&
memcmp(sig_sha256, &cert[*offset],
sizeof(sig_sha256)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA256;
}
else if (len == sizeof(sig_sha384) &&
memcmp(sig_sha384, &cert[*offset],
sizeof(sig_sha384)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA384;
}
else if (len == sizeof(sig_sha512) &&
memcmp(sig_sha512, &cert[*offset],
sizeof(sig_sha512)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA512;
}
else
{
if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
goto end_check_sig; /* unrecognised cert type */
if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
{
#ifdef CONFIG_SSL_FULL_MODE
int i;
printf("invalid digest: ");
x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
for (i = 0; i < len; i++)
printf("%02x ", cert[*offset + i]);
printf("\n");
#endif
goto end_check_sig; /* unrecognised cert type */
}
x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
}
*offset += len;

9
ssl/crypto_misc.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -55,6 +55,7 @@ extern "C" {
#define X509_VFY_ERROR_INVALID_CHAIN -7
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9
#define X509_MAX_CERTS -10
/*
* The Distinguished Name
@ -113,6 +114,7 @@ const char * x509_display_error(int error);
#define ASN1_TELETEX_STR 0x14
#define ASN1_IA5_STR 0x16
#define ASN1_UTC_TIME 0x17
#define ASN1_GENERALIZED_TIME 0x18
#define ASN1_UNICODE_STR 0x1e
#define ASN1_SEQUENCE 0x30
#define ASN1_CONTEXT_DNSNAME 0x82
@ -126,8 +128,11 @@ const char * x509_display_error(int error);
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b
#define SIG_TYPE_SHA384 0x0c
#define SIG_TYPE_SHA512 0x0d
int get_asn1_length(const uint8_t *buf, int *offset);
uint32_t get_asn1_length(const uint8_t *buf, int *offset);
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);

12
ssl/gen_cert.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2014, Cameron Rich
*
* All rights reserved.
*
@ -142,7 +142,7 @@ static int gen_dn(const char *name, uint8_t dn_type,
buf[(*offset)++] = dn_type;
buf[(*offset)++] = ASN1_PRINTABLE_STR;
buf[(*offset)++] = name_size;
strcpy(&buf[*offset], name);
strcpy((char *)&buf[*offset], name);
*offset += name_size;
error:
@ -165,7 +165,13 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
gethostname(fqdn, sizeof(fqdn));
fqdn_len = strlen(fqdn);
fqdn[fqdn_len++] = '.';
getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
{
ret = X509_NOT_OK;
goto error;
}
fqdn_len = strlen(fqdn);
if (fqdn[fqdn_len-1] == '.') /* ensure '.' is not last char */

8
ssl/loader.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2014, Cameron Rich
*
* All rights reserved.
*
@ -82,7 +82,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
#ifdef CONFIG_SSL_HAS_PEM
ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
#else
printf(unsupported_str);
printf("%s", unsupported_str);
ret = SSL_ERROR_NOT_SUPPORTED;
#endif
}
@ -93,7 +93,7 @@ error:
ssl_obj_free(ssl_obj);
return ret;
#else
printf(unsupported_str);
printf("%s", unsupported_str);
return SSL_ERROR_NOT_SUPPORTED;
#endif /* CONFIG_SSL_SKELETON_MODE */
}
@ -150,7 +150,7 @@ static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
break;
#endif
default:
printf(unsupported_str);
printf("%s", unsupported_str);
ret = SSL_ERROR_NOT_SUPPORTED;
break;
}

BIN
ssl/openssl.o
View File

Binary file not shown.

10
ssl/os_port.h
View File

@ -1,6 +1,6 @@
/*
* Copyright (c) 2007, Cameron Rich
*
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -42,6 +42,7 @@ extern "C" {
#endif
#include "os_int.h"
#include "config.h"
#include <stdio.h>
#ifdef WIN32
@ -161,12 +162,17 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <asm/byteorder.h>
#define SOCKET_READ(A,B,C) read(A,B,C)
#define SOCKET_WRITE(A,B,C) write(A,B,C)
#define SOCKET_CLOSE(A) if (A >= 0) close(A)
#define TTY_FLUSH()
#ifndef be64toh
#define be64toh(x) __be64_to_cpu(x)
#endif
#endif /* Not Win32 */
/* some functions to mutate the way these work */

35
ssl/tls1.c
View File

@ -323,7 +323,7 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
X509_CTX *cert = NULL;
int offset;
while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS)
while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
i++;
if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
@ -369,7 +369,7 @@ error:
*/
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_OK; /* ignore errors for now */
int ret = X509_OK; /* ignore errors for now */
int i = 0;
CA_CERT_CTX *ca_cert_ctx;
@ -391,10 +391,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
"compile-time configuration required\n",
CONFIG_X509_MAX_CA_CERTS);
#endif
ret = X509_MAX_CERTS;
break;
}
/* ignore the return code */
if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
{
@ -1099,7 +1099,9 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
uint8_t iv_size = ssl->cipher_info->iv_size;
uint8_t *t_buf = malloc(msg_length + iv_size);
memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
get_random(iv_size, t_buf);
if (get_random(iv_size, t_buf) < 0)
return SSL_NOT_OK;
msg_length += iv_size;
memcpy(ssl->bm_data, t_buf, msg_length);
free(t_buf);
@ -1376,25 +1378,26 @@ int basic_read(SSL *ssl, uint8_t **in_data)
goto error;
}
/* all encrypted from now on */
SET_SSL_FLAG(SSL_RX_ENCRYPTED);
if (set_key_block(ssl, 0) < 0)
{
ret = SSL_ERROR_INVALID_HANDSHAKE;
goto error;
}
/* all encrypted from now on */
SET_SSL_FLAG(SSL_RX_ENCRYPTED);
memset(ssl->read_sequence, 0, 8);
break;
case PT_APP_PROTOCOL_DATA:
if (in_data)
if (in_data && ssl->hs_status == SSL_OK)
{
*in_data = buf; /* point to the work buffer */
(*in_data)[read_len] = 0; /* null terminate just in case */
ret = read_len;
}
ret = read_len;
else
ret = SSL_ERROR_INVALID_PROT_MSG;
break;
case PT_ALERT_PROTOCOL:
@ -1502,10 +1505,14 @@ int send_change_cipher_spec(SSL *ssl)
{
int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC,
g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
if (ret >= 0 && set_key_block(ssl, 1) < 0)
ret = SSL_ERROR_INVALID_HANDSHAKE;
if (ssl->cipher_info)
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
if (ssl->cipher_info)
SET_SSL_FLAG(SSL_TX_ENCRYPTED);
memset(ssl->write_sequence, 0, 8);
return ret;
@ -2251,7 +2258,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}
#endif
@ -2259,20 +2266,20 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
#if !defined(CONFIG_SSL_CERT_VERIFICATION)
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return -1;
}
EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}
EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
{
printf(unsupported_str);
printf("%s", unsupported_str);
return NULL;
}

2
ssl/tls1.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2014, Cameron Rich
*
* All rights reserved.
*

11
ssl/tls1_clnt.c
View File

@ -194,7 +194,9 @@ static int send_client_hello(SSL *ssl)
*tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
*tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
*tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
get_random(SSL_RANDOM_SIZE-4, &buf[10]);
if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
return SSL_NOT_OK;
memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE;
@ -340,7 +342,9 @@ static int send_client_key_xchg(SSL *ssl)
premaster_secret[0] = 0x03; /* encode the version number */
premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
return SSL_NOT_OK;
DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
/* rsa_ctx->bi_ctx is not thread-safe */
@ -387,6 +391,9 @@ static int send_cert_verify(SSL *ssl)
RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
int n = 0, ret;
if (rsa_ctx == NULL)
return SSL_OK;
DISPLAY_RSA(ssl, rsa_ctx);
buf[0] = HS_CERT_VERIFY;

20
ssl/tls1_svr.c
View File

@ -117,7 +117,6 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
static int process_client_hello(SSL *ssl)
{
uint8_t *buf = ssl->bm_data;
uint8_t *record_buf = ssl->hmac_header;
int pkt_size = ssl->bm_index;
int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
int ret = SSL_OK;
@ -199,14 +198,14 @@ int process_sslv23_client_hello(SSL *ssl)
DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
add_packet(ssl, buf, read_len);
/* connection has gone, so die */
if (bytes_needed < 0)
if (read_len < 0)
{
return SSL_ERROR_CONN_LOST;
}
add_packet(ssl, buf, read_len);
/* now work out what cipher suite we are going to use */
for (j = 0; j < NUM_PROTOCOLS; j++)
{
@ -311,7 +310,9 @@ static int send_server_hello(SSL *ssl)
buf[5] = ssl->version & 0x0f;
/* server random value */
get_random(SSL_RANDOM_SIZE, &buf[6]);
if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0)
return SSL_NOT_OK;
memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE;
@ -392,7 +393,8 @@ static int process_client_key_xchg(SSL *ssl)
/* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret,
sizeof(premaster_secret), 1);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (premaster_size != SSL_SECRET_SIZE ||
@ -401,7 +403,9 @@ static int process_client_key_xchg(SSL *ssl)
premaster_secret[1] != (ssl->client_version & 0x0f))
{
/* guard against a Bleichenbacher attack */
get_random(SSL_SECRET_SIZE, premaster_secret);
if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0)
return SSL_NOT_OK;
/* and continue - will die eventually when checking the mac */
}
@ -454,7 +458,7 @@ static int process_cert_verify(SSL *ssl)
/* rsa_ctx->bi_ctx is not thread-safe */
SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
if (n != SHA1_SIZE + MD5_SIZE)

97
ssl/x509.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -126,33 +126,63 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm (SHA1/MD5/MD2) */
if (x509_ctx->sig_type == SIG_TYPE_MD5)
/* use the appropriate signature algorithm */
switch (x509_ctx->sig_type)
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5_Final(md5_dgst, &md5_ctx);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1_Final(sha_dgst, &sha_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_MD2)
{
MD2_CTX md2_ctx;
uint8_t md2_dgst[MD2_SIZE];
MD2_Init(&md2_ctx);
MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD2_Final(md2_dgst, &md2_ctx);
x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
case SIG_TYPE_MD5:
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5_Final(md5_dgst, &md5_ctx);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
break;
case SIG_TYPE_SHA1:
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1_Final(sha_dgst, &sha_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
break;
case SIG_TYPE_SHA256:
{
SHA256_CTX sha256_ctx;
uint8_t sha256_dgst[SHA256_SIZE];
SHA256_Init(&sha256_ctx);
SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA256_Final(sha256_dgst, &sha256_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
}
break;
case SIG_TYPE_SHA384:
{
SHA384_CTX sha384_ctx;
uint8_t sha384_dgst[SHA384_SIZE];
SHA384_Init(&sha384_ctx);
SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA384_Final(sha384_dgst, &sha384_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
}
break;
case SIG_TYPE_SHA512:
{
SHA512_CTX sha512_ctx;
uint8_t sha512_dgst[SHA512_SIZE];
SHA512_Init(&sha512_ctx);
SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA512_Final(sha512_dgst, &sha512_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
}
break;
}
if (cert[offset] == ASN1_V3_DATA)
@ -494,14 +524,23 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
printf("Sig Type:\t\t\t");
switch (cert->sig_type)
{
case SIG_TYPE_MD2:
printf("MD2\n");
break;
case SIG_TYPE_MD5:
printf("MD5\n");
break;
case SIG_TYPE_SHA1:
printf("SHA1\n");
break;
case SIG_TYPE_MD2:
printf("MD2\n");
case SIG_TYPE_SHA256:
printf("SHA256\n");
break;
case SIG_TYPE_SHA384:
printf("SHA384\n");
break;
case SIG_TYPE_SHA512:
printf("SHA512\n");
break;
default:
printf("Unrecognized: %d\n", cert->sig_type);