lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-20 03:32:32 +03:00
Code Activity

Merge pull request #10282 from bjwtaylor/switch-to-mbedtls_pk_sigalg_t

Browse Source 
Switch to mbedtls pk sigalg t
This commit is contained in:
Gilles Peskine
2025-08-07 11:06:31 +00:00
committed by GitHub
parent 2656eb9121 8dfed9fc15
commit 627d653863
14 changed files with 49 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/remove_mbedtls_pk_type.txt Normal file
View File

@@ -0,0 +1,3 @@
Removals
* Remove mbedtls_pk_type_t from the public interface and replace it with
mbedtls_pk_sigalg_t.

2
include/mbedtls/x509_crl.h
View File

@@ -82,7 +82,7 @@ typedef struct mbedtls_x509_crl {
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
/** Next element in the linked list of CRL.
* \p NULL indicates the end of the list.

2
include/mbedtls/x509_crt.h
View File

@@ -81,7 +81,7 @@ typedef struct mbedtls_x509_crt {
mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
/** Next certificate in the linked list that constitutes the CA chain.
* \p NULL indicates the end of the list.

2
include/mbedtls/x509_csr.h
View File

@@ -55,7 +55,7 @@ typedef struct mbedtls_x509_csr {
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
}
mbedtls_x509_csr;

3
library/ssl_tls13_generic.c
View File

@@ -1144,7 +1144,8 @@ static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl)
ssl->handshake->state_local.finished_out.digest,
sizeof(ssl->handshake->state_local.finished_out.
digest),
&ssl->handshake->state_local.finished_out.digest_len,
&ssl->handshake->state_local.finished_out.
digest_len,
ssl->conf->endpoint);
if (ret != 0) {

8
library/x509.c
View File

@@ -717,7 +717,7 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5
* Get signature algorithm from alg OID and optional parameters
*/
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg)
mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -726,7 +726,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509
}
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) {
if (*pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) {
mbedtls_md_type_t mgf1_hash_id;
int expected_salt_len;
@@ -1039,7 +1039,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser
* Helper for writing signature algorithms
*/
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg)
mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
char *p = buf;
@@ -1055,7 +1055,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si
MBEDTLS_X509_SAFE_SNPRINTF;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) {
const char *name = md_type_to_string(md_alg);
if (name != NULL) {
ret = mbedtls_snprintf(p, n, " (%s)", name);

4
library/x509_create.c
View File

@@ -646,7 +646,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size,
mbedtls_pk_type_t pk_alg)
mbedtls_pk_sigalg_t pk_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int write_null_par;
@@ -672,7 +672,7 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
// Write OID
//
if (pk_alg == MBEDTLS_PK_ECDSA) {
if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) {
/*
* The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
* algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and

14
library/x509_crt.c
View File

@@ -188,9 +188,9 @@ static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
* Return 0 if pk_alg is acceptable for this profile, -1 otherwise
*/
static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
mbedtls_pk_type_t pk_alg)
mbedtls_pk_sigalg_t pk_alg)
{
if (pk_alg == MBEDTLS_PK_NONE) {
if (pk_alg == MBEDTLS_PK_SIGALG_NONE) {
return -1;
}
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
}
if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk,
if (mbedtls_pk_verify_ext(crl_list->sig_pk, &ca->pk,
crl_list->sig_md, hash, hash_length,
crl_list->sig.p, crl_list->sig.len) != 0) {
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2121,12 +2121,12 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
}
/* Skip expensive computation on obvious mismatch */
if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) {
return -1;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) {
return mbedtls_pk_verify_restartable(&parent->pk,
child->sig_md, hash, hash_len,
child->sig.p, child->sig.len, &rs_ctx->pk);
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
(void) rs_ctx;
#endif
return mbedtls_pk_verify_new(child->sig_pk, &parent->pk,
return mbedtls_pk_verify_ext(child->sig_pk, &parent->pk,
child->sig_md, hash, hash_len,
child->sig.p, child->sig.len);
}
@@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type(&crt->pk);
if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t) pk_type) != 0) {
ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
}

6
library/x509_internal.h
View File

@@ -35,7 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
#endif
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg);
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
mbedtls_x509_time *t);
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
@@ -44,7 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg);
mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg);
#endif
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
@@ -57,7 +57,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size,
mbedtls_pk_type_t pk_alg);
mbedtls_pk_sigalg_t pk_alg);
int mbedtls_x509_get_ns_cert_type(unsigned char **p,
const unsigned char *end,
unsigned char *ns_cert_type);

34
library/x509_oid.c
View File

@@ -381,7 +381,7 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies,
typedef struct {
mbedtls_x509_oid_descriptor_t descriptor;
mbedtls_md_type_t md_alg;
mbedtls_pk_type_t pk_alg;
mbedtls_pk_sigalg_t pk_alg;
} oid_sig_alg_t;
static const oid_sig_alg_t oid_sig_alg[] =
@@ -390,47 +390,47 @@ static const oid_sig_alg_t oid_sig_alg[] =
#if defined(PSA_WANT_ALG_MD5)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"),
MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
MBEDTLS_MD_MD5, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_MD5 */
#if defined(PSA_WANT_ALG_SHA_1)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"),
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_1 */
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption",
"RSA with SHA-224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_224 */
#if defined(PSA_WANT_ALG_SHA_256)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption",
"RSA with SHA-256"),
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption",
"RSA with SHA-384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(PSA_WANT_ALG_SHA_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption",
"RSA with SHA-512"),
MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_512 */
#if defined(PSA_WANT_ALG_SHA_1)
{
OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"),
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
},
#endif /* PSA_WANT_ALG_SHA_1 */
#endif /* MBEDTLS_RSA_C */
@@ -438,43 +438,43 @@ static const oid_sig_alg_t oid_sig_alg[] =
#if defined(PSA_WANT_ALG_SHA_1)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"),
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_ECDSA,
},
#endif /* PSA_WANT_ALG_SHA_1 */
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_ECDSA,
},
#endif
#if defined(PSA_WANT_ALG_SHA_256)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"),
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_ECDSA,
},
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_ECDSA,
},
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(PSA_WANT_ALG_SHA_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"),
MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_ECDSA,
},
#endif /* PSA_WANT_ALG_SHA_512 */
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
#if defined(MBEDTLS_RSA_C)
{
OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"),
MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS,
},
#endif /* MBEDTLS_RSA_C */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE,
},
};
@@ -494,14 +494,14 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg,
sig_alg,
mbedtls_md_type_t,
md_alg,
mbedtls_pk_type_t,
mbedtls_pk_sigalg_t,
pk_alg)
#endif /* MBEDTLS_X509_USE_C */
#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C)
FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg,
oid_sig_alg_t,
oid_sig_alg,
mbedtls_pk_type_t,
mbedtls_pk_sigalg_t,
pk_alg,
mbedtls_md_type_t,
md_alg)

4
library/x509_oid.h
View File

@@ -80,7 +80,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
@@ -106,7 +106,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **
*
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg,
const char **oid, size_t *olen);
#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */

5
library/x509write_crt.c
View File

@@ -416,7 +416,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
return MBEDTLS_ERR_X509_INVALID_ALG;
}
if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len)) != 0) {
return ret;
}
@@ -587,7 +587,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
sig_oid, sig_oid_len,
sig, sig_len, pk_alg));
sig, sig_len,
(mbedtls_pk_sigalg_t) pk_alg));
/*
* Memory layout after this step:

4
library/x509write_csr.c
View File

@@ -230,7 +230,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
return MBEDTLS_ERR_X509_INVALID_ALG;
}
if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len)) != 0) {
return ret;
}
@@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
sig, sig_len, pk_alg));
sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg));
/*
* Compact the space between the CSR data and signature by moving the

2
tests/suites/test_suite_x509write.function
View File

@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
goto cleanup;
}
if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk,
if (mbedtls_pk_verify_ext(csr.sig_pk, &csr.pk,
csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;