lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python

Browse Source 
Conflicts:
    include/mbedtls/ssl.h
    include/psa/crypto_struct.h

Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
This commit is contained in:
Ronald Cron
2021-06-14 16:17:32 +02:00
parent a90e0907c5 21f84643f8
commit c4c761e35e
113 changed files with 2628 additions and 4583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
programs/pkey/dh_client.c
View File

@ -92,7 +92,6 @@ int main( void )
mbedtls_aes_context aes;
mbedtls_net_init( &server_fd );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@ -125,7 +124,7 @@ int main( void )
goto exit;
}
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )

3
programs/pkey/dh_server.c
View File

@ -95,7 +95,6 @@ int main( void )
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@ -131,7 +130,7 @@ int main( void )
goto exit;
}
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||

2
programs/pkey/rsa_decrypt.c
View File

@ -90,7 +90,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );

2
programs/pkey/rsa_encrypt.c
View File

@ -87,7 +87,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );

2
programs/pkey/rsa_genkey.c
View File

@ -75,7 +75,7 @@ int main( void )
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );

2
programs/pkey/rsa_sign.c
View File

@ -67,7 +67,7 @@ int main( int argc, char *argv[] )
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );

8
programs/pkey/rsa_sign_pss.c
View File

@ -115,7 +115,13 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! Padding not supported\n" );
goto exit;
}
/*
* Compute the SHA-256 hash of the input file,

2
programs/pkey/rsa_verify.c
View File

@ -66,7 +66,7 @@ int main( int argc, char *argv[] )
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
if( argc != 2 )
{

8
programs/pkey/rsa_verify_pss.c
View File

@ -98,7 +98,13 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid padding\n" );
goto exit;
}
/*
* Extract the RSA signature from the file

8
programs/ssl/ssl_client2.c
View File

@ -2023,10 +2023,10 @@ int main( int argc, char *argv[] )
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)

75
programs/ssl/ssl_server2.c
View File

@ -95,7 +95,6 @@ int main( void )
#define DFL_ECJPAKE_PW NULL
#define DFL_PSK_LIST NULL
#define DFL_FORCE_CIPHER 0
#define DFL_VERSION_SUITES NULL
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
@ -503,9 +502,6 @@ int main( void )
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \
"\n" \
" version_suites=a,b,c per-version ciphersuites\n" \
" in order from tls1 to tls1_2\n" \
" default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
@ -567,7 +563,6 @@ struct options
char *psk_list; /* list of PSK id/key pairs for callback */
const char *ecjpake_pw; /* the EC J-PAKE password */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
const char *version_suites; /* per-version ciphersuites */
int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */
@ -1255,7 +1250,6 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
int query_config_ret = 0;
int version_suites[3][2];
io_ctx_t io_ctx;
unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@ -1483,7 +1477,6 @@ int main( int argc, char *argv[] )
opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.version_suites = DFL_VERSION_SUITES;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE;
@ -1671,8 +1664,6 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
else if( strcmp( p, "version_suites" ) == 0 )
opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ?
@ -2038,10 +2029,6 @@ int main( int argc, char *argv[] )
if( opt.min_version < ciphersuite_info->min_minor_ver )
{
opt.min_version = ciphersuite_info->min_minor_ver;
/* DTLS starts with TLS 1.1 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2069,47 +2056,6 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
if( opt.version_suites != NULL )
{
const char *name[3] = { 0 };
/* Parse 4-element coma-separated list */
for( i = 0, p = (char *) opt.version_suites;
i < 3 && *p != '\0';
i++ )
{
name[i] = p;
/* Terminate the current string and move on to next one */
while( *p != ',' && *p != '\0' )
p++;
if( *p == ',' )
*p++ = '\0';
}
if( i != 3 )
{
mbedtls_printf( "too few values for version_suites\n" );
ret = 1;
goto exit;
}
memset( version_suites, 0, sizeof( version_suites ) );
/* Get the suites identifiers from their name */
for( i = 0; i < 3; i++ )
{
version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
if( version_suites[i][0] == 0 )
{
mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
ret = 2;
goto usage;
}
}
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( mbedtls_test_unhexify( cid, sizeof( cid ),
opt.cid_val, &cid_len ) != 0 )
@ -2691,19 +2637,6 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.version_suites != NULL )
{
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -3135,10 +3068,10 @@ handshake:
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)

2
programs/test/benchmark.c
View File

@ -788,7 +788,7 @@ int main( int argc, char *argv[] )
{
mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &rsa );
mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
TIME_PUBLIC( title, " public",