yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-05 06:26:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'baremetal' into baremetal-2.16-20190909

Browse source 
* baremetal: (78 commits)
  Review corrections 6
  Review corrections 5
  Minor changes to tinycrypt README
  Typos in the tinycrypt README
  Addition of copyright statements to tinycrypt files
  Add LICENSE and README for tinycrypt
  Add SPDX lines to each imported TinyCrypt file
  Review corrections 4
  Review corrections 3
  Review corrections 2
  Review corrections
  Update signature of BE conversion functions
  Use function for 16/24/32-bit BE conversion
  x509.c: Minor readability improvement
  x509_crt.c: Indicate guarding condition in #else branch
  X.509: Don't remove verify callback by default
  Fix Doxygen warnings regarding removed verify cb+ctx parameters
  ECC restart: Use optional verification mode in bad signature test
  Re-implement verify chain if vrfy cbs are disabled
  Add zero-cost abstraction layer for CRT verification chain
  ...
This commit is contained in:
Manuel Pégourié-Gonnard 2019-09-12 09:58:14 +02:00
commit e5a0b366f8
86 changed files with 3353 additions and 1786 deletions
Download patch file Download diff file Expand all files Collapse all files

67
include/mbedtls/check_config.h
View file

@ -788,6 +788,73 @@
#define MBEDTLS_THREADING_IMPL
#endif
/* Ensure that precisely one hash is enabled. */
#if defined(MBEDTLS_MD_SINGLE_HASH)
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_SHA256_ENABLED 1
#else
#define MBEDTLS_SHA256_ENABLED 0
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA256_NO_SHA224)
#define MBEDTLS_SHA224_ENABLED 1
#else
#define MBEDTLS_SHA224_ENABLED 0
#endif /* MBEDTLS_SHA256_C && !MBEDTLS_SHA256_NO_SHA224 */
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_SHA512_ENABLED 2
#else
#define MBEDTLS_SHA512_ENABLED 0
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SHA1_C)
#define MBEDTLS_SHA1_ENABLED 1
#else
#define MBEDTLS_SHA1_ENABLED 0
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_MD2_C)
#define MBEDTLS_MD2_ENABLED 1
#else
#define MBEDTLS_MD2_ENABLED 0
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
#define MBEDTLS_MD4_ENABLED 1
#else
#define MBEDTLS_MD4_ENABLED 0
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
#define MBEDTLS_MD5_ENABLED 1
#else
#define MBEDTLS_MD5_ENABLED 0
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_RIPEMD160_C)
#define MBEDTLS_RIPEMD160_ENABLED 1
#else
#define MBEDTLS_RIPEMD160_ENABLED 0
#endif /* MBEDTLS_RIPEMD160_C */
#define MBEDTLS_HASHES_ENABLED \
( MBEDTLS_MD2_ENABLED + \
MBEDTLS_MD4_ENABLED + \
MBEDTLS_MD5_ENABLED + \
MBEDTLS_RIPEMD160_ENABLED + \
MBEDTLS_SHA1_ENABLED + \
MBEDTLS_SHA256_ENABLED + \
MBEDTLS_SHA512_ENABLED )
#if MBEDTLS_HASHES_ENABLED != 1
#error "MBEDTLS_MD_SINGLE_HASH must be used with precisely one hash algorithm enabled."
#endif
#undef MBEDTLS_HASHES_ENABLED
#endif /* MBEDTLS_MD_SINGLE_HASH */
#if defined(MBEDTLS_THREADING_ALT)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"

35
include/mbedtls/config.h
View file

@ -1291,6 +1291,16 @@
*/
//#define MBEDTLS_SHA256_SMALLER
/**
* \def MBEDTLS_SHA256_NO_SHA224
*
* Disable the SHA-224 option of the SHA-256 module. Use this to save some
* code size on devices that don't use SHA-224.
*
* Uncomment to disable SHA-224
*/
//#define MBEDTLS_SHA256_NO_SHA224
/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
@ -2028,6 +2038,17 @@
*/
//#define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION
/**
* \def MBEDTLS_X509_REMOVE_VERIFY_CALLBACK
*
* Remove support for X.509 certificate verification callbacks.
*
* Uncomment to save some bytes of code by removing support for X.509
* certificate verification callbacks in mbedtls_x509_crt_verify() and
* related verification API.
*/
//#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
*
@ -3815,6 +3836,20 @@
//#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID
//#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID
/* Set this to MBEDTLS_MD_INFO_{DIGEST} support of a single message
* digest at compile-time, at the benefit of code-size.
*
* On highly constrained systems with large control over the configuration of
* the connection endpoints, this option can be used to hardcode support for
* a single hash algorithm.
*
* You need to make sure that the corresponding digest algorithm attributes
* are defined through macros in md.c. See the definitions
* MBEDTLS_MD_INFO_SHA256_XXX for example.
*
*/
//#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256
/* \} SECTION: Compile-time SSL configuration */
/* Target and application specific configurations

2
include/mbedtls/ecjpake.h
View file

@ -75,7 +75,7 @@ typedef enum {
*/
typedef struct mbedtls_ecjpake_context
{
const mbedtls_md_info_t *md_info; /**< Hash to use */
mbedtls_md_handle_t md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */
int point_format; /**< Format for point export */

6
include/mbedtls/hkdf.h
View file

@ -70,7 +70,7 @@ extern "C" {
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
@ -99,7 +99,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
int mbedtls_hkdf_extract( mbedtls_md_handle_t md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk );
@ -130,7 +130,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len );

4
include/mbedtls/hmac_drbg.h
View file

@ -138,7 +138,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
mbedtls_md_handle_t md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
@ -158,7 +158,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
* MBEDTLS_ERR_MD_ALLOC_FAILED.
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
mbedtls_md_handle_t md_info,
const unsigned char *data, size_t data_len );
/**

248
include/mbedtls/md.h
View file

@ -35,6 +35,11 @@
#include MBEDTLS_CONFIG_FILE
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
@ -80,26 +85,72 @@ typedef enum {
#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
#endif
#if !defined(MBEDTLS_MD_SINGLE_HASH)
#define MBEDTLS_MD_INLINABLE_API
/**
* Opaque struct defined in md_internal.h.
* Opaque struct defined in md.c.
*/
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t;
#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) NULL )
#else /* !MBEDTLS_MD_SINGLE_HASH */
#define MBEDTLS_MD_INLINABLE_API MBEDTLS_ALWAYS_INLINE static inline
typedef int mbedtls_md_handle_t;
#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) 0 )
#define MBEDTLS_MD_UNIQUE_VALID_HANDLE ( (mbedtls_md_handle_t) 1 )
#endif /* !MBEDTLS_MD_SINGLE_HASH */
#include "md_internal.h"
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
#if !defined(MBEDTLS_MD_SINGLE_HASH)
/** Information about the associated message digest. */
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
#endif
#if !defined(MBEDTLS_MD_SINGLE_HASH)
/** The digest-specific context. */
void *md_ctx;
/** The HMAC part of the context. */
void *hmac_ctx;
#else
unsigned char md_ctx[ sizeof( MBEDTLS_MD_INFO_CTX_TYPE(
MBEDTLS_MD_SINGLE_HASH ) ) ];
unsigned char hmac_ctx[ 2 * MBEDTLS_MD_INFO_BLOCKSIZE(
MBEDTLS_MD_SINGLE_HASH ) ];
#endif /* MBEDTLS_MD_SINGLE_HASH */
} mbedtls_md_context_t;
#if !defined(MBEDTLS_MD_SINGLE_HASH)
static inline mbedtls_md_handle_t mbedtls_md_get_handle(
struct mbedtls_md_context_t const *ctx )
{
return( ctx->md_info );
}
#else /* !MBEDTLS_MD_SINGLE_HASH */
static inline mbedtls_md_handle_t mbedtls_md_get_handle(
struct mbedtls_md_context_t const *ctx )
{
((void) ctx);
return( MBEDTLS_MD_UNIQUE_VALID_HANDLE );
}
#endif /* !MBEDTLS_MD_SINGLE_HASH */
/**
* \brief This function returns the list of digests supported by the
* generic digest module.
@ -120,7 +171,7 @@ const int *mbedtls_md_list( void );
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name );
/**
* \brief This function returns the message-digest information
@ -131,7 +182,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
/**
* \brief This function initializes a message-digest context without
@ -182,7 +233,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx );
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@ -205,7 +256,9 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup( mbedtls_md_context_t *ctx,
mbedtls_md_handle_t md_info,
int hmac );
/**
* \brief This function clones the state of an message-digest
@ -238,7 +291,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
*
* \return The size of the message-digest output in Bytes.
*/
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info );
/**
* \brief This function extracts the message-digest type from the
@ -249,7 +302,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
*
* \return The type of the message digest.
*/
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info );
/**
* \brief This function extracts the message-digest name from the
@ -260,7 +313,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
*
* \return The name of the message digest.
*/
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info );
/**
* \brief This function starts a message-digest computation.
@ -275,7 +328,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_starts( mbedtls_md_context_t *ctx );
MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx );
/**
* \brief This function feeds an input buffer into an ongoing
@ -293,7 +346,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( mbedtls_md_context_t *ctx,
const unsigned char *input,
size_t ilen );
/**
* \brief This function finishes the digest operation,
@ -313,7 +368,8 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish( mbedtls_md_context_t *ctx,
unsigned char *output );
/**
* \brief This function calculates the message-digest of a buffer,
@ -333,8 +389,11 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output );
MBEDTLS_MD_INLINABLE_API int mbedtls_md(
mbedtls_md_handle_t md_info,
const unsigned char *input,
size_t ilen,
unsigned char *output );
#if defined(MBEDTLS_FS_IO)
/**
@ -354,7 +413,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
* the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path,
unsigned char *output );
#endif /* MBEDTLS_FS_IO */
@ -460,12 +519,167 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );
/* Internal use */
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( mbedtls_md_context_t *ctx,
const unsigned char *data );
/*
* Internal wrapper functions for those MD API functions which should be
* inlined in some but not all configurations. The actual MD API will be
* implemented either here or in md.c, and forward to the wrappers.
*/
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_setup_internal(
mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac )
{
if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
#if !defined(MBEDTLS_MD_SINGLE_HASH)
ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info );
if( ctx->md_ctx == NULL )
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
if( hmac != 0 )
{
ctx->hmac_ctx = mbedtls_calloc( 2,
mbedtls_md_info_block_size( md_info ) );
if( ctx->hmac_ctx == NULL )
{
mbedtls_md_info_ctx_free( md_info, ctx->md_ctx);
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
}
}
ctx->md_info = md_info;
#else
((void) hmac);
#endif /* MBEDTLS_MD_SINGLE_HASH */
return( 0 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_starts_internal(
mbedtls_md_context_t *ctx )
{
mbedtls_md_handle_t md_info;
if( ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
md_info = mbedtls_md_get_handle( ctx );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_update_internal(
mbedtls_md_context_t *ctx,
const unsigned char *input,
size_t ilen )
{
mbedtls_md_handle_t md_info;
if( ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
md_info = mbedtls_md_get_handle( ctx );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( mbedtls_md_info_update( md_info, ctx->md_ctx,
input, ilen ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_finish_internal(
mbedtls_md_context_t *ctx, unsigned char *output )
{
mbedtls_md_handle_t md_info;
if( ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
md_info = mbedtls_md_get_handle( ctx );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( mbedtls_md_info_finish( md_info, ctx->md_ctx,
output ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_internal(
mbedtls_md_handle_t md_info,
const unsigned char *input,
size_t ilen,
unsigned char *output )
{
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( mbedtls_md_info_digest( md_info, input,
ilen, output) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_process_internal(
mbedtls_md_context_t *ctx, const unsigned char *data )
{
mbedtls_md_handle_t md_info;
if( ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
md_info = mbedtls_md_get_handle( ctx );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( mbedtls_md_info_process( md_info, ctx->md_ctx, data ) );
}
#if defined(MBEDTLS_MD_SINGLE_HASH)
MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup(
mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac )
{
return( mbedtls_md_setup_internal( ctx, md_info, hmac ) );
}
MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts(
mbedtls_md_context_t *ctx )
{
return( mbedtls_md_starts_internal( ctx ) );
}
MBEDTLS_MD_INLINABLE_API int mbedtls_md_update(
mbedtls_md_context_t *ctx,
const unsigned char *input,
size_t ilen )
{
return( mbedtls_md_update_internal( ctx, input, ilen ) );
}
MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish(
mbedtls_md_context_t *ctx, unsigned char *output )
{
return( mbedtls_md_finish_internal( ctx, output ) );
}
MBEDTLS_MD_INLINABLE_API int mbedtls_md(
mbedtls_md_handle_t md_info,
const unsigned char *input,
size_t ilen,
unsigned char *output )
{
return( mbedtls_md_internal( md_info, input, ilen, output ) );
}
MBEDTLS_MD_INLINABLE_API int mbedtls_md_process(
mbedtls_md_context_t *ctx, const unsigned char *data )
{
return( mbedtls_md_process_internal( ctx, data ) );
}
#endif /* MBEDTLS_MD_SINGLE_HASH */
#ifdef __cplusplus
}

821
include/mbedtls/md_internal.h
View file

@ -1,14 +1,12 @@
/**
/**
* \file md_internal.h
*
* \brief Message digest wrappers.
*
* \warning This in an internal header. Do not include directly.
* \brief This file contains the generic message-digest wrapper.
*
* \author Adriaan de Jong <dejong@fox-it.com>
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -23,27 +21,157 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#ifndef MBEDTLS_MD_INTERNAL_H
#define MBEDTLS_MD_INTERNAL_H
#if defined(MBEDTLS_MD2_C)
#include "mbedtls/md2.h"
#endif
#include "md.h"
#if defined(MBEDTLS_MD4_C)
#include "mbedtls/md4.h"
#endif
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
#endif
#if defined(MBEDTLS_RIPEMD160_C)
#include "mbedtls/ripemd160.h"
#endif
#if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h"
#endif
#if defined(MBEDTLS_SHA256_C)
#include "mbedtls/sha256.h"
#endif
#if defined(MBEDTLS_SHA512_C)
#include "mbedtls/sha512.h"
#endif
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#ifdef __cplusplus
extern "C" {
#endif
#define MBEDTLS_MD_WRAPPER MBEDTLS_ALWAYS_INLINE static inline
/*
* Message-digest information macro definition
*/
/* Dummy definition to keep check-names.sh happy - don't uncomment */
//#define MBEDTLS_MD_INFO_SHA256
/* SHA-256 */
static inline void mbedtls_md_sha256_init_free_dummy( void* ctx )
{
/* Zero-initialization can be skipped. */
((void) ctx);
}
#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context
#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT)
/* mbedtls_md_sha256_init() only zeroizes, which is redundant
* because mbedtls_md_context is zeroized in mbedtls_md_init(),
* and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */
#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_md_sha256_init_free_dummy
#else
#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_sha256_init
#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */
#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256"
#define MBEDTLS_MD_INFO_SHA256_SIZE 32
#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64
#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC mbedtls_sha256_starts_wrap
#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC mbedtls_sha224_update_wrap
#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC mbedtls_sha224_finish_wrap
#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC mbedtls_sha256_wrap
#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC mbedtls_sha224_ctx_alloc
#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT)
/* mbedtls_md_sha256_free() only zeroizes, which is redundant
* because mbedtls_md_context is zeroized in mbedtls_md_init(),
* and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */
#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_md_sha256_init_free_dummy
#else
#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_sha224_ctx_free
#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */
#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC mbedtls_sha224_clone_wrap
#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC mbedtls_sha224_process_wrap
/*
* Helper macros to extract fields from ciphersuites.
*/
#define MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) MD ## _CTX_TYPE
#define MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) MD ## _INIT_FUNC
#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE
#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME
#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE
#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE
#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC
#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC
#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC
#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC
#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC
#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC
#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC
#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC
/* Wrapper around MBEDTLS_MD_INFO_{FIELD}_T() which makes sure that
* the argument is macro-expanded before concatenated with the
* field name. This allows to call these macros as
* MBEDTLS_MD_INFO_{FIELD}( MBEDTLS_MD_SINGLE_HASH ).
* where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_{DIGEST}. */
#define MBEDTLS_MD_INFO_CTX_TYPE( MD ) MBEDTLS_MD_INFO_CTX_TYPE_T( MD )
#define MBEDTLS_MD_INFO_INIT_FUNC( MD ) MBEDTLS_MD_INFO_INIT_FUNC_T( MD )
#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD )
#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD )
#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD )
#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD )
#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD )
#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD )
#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD )
#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD )
#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD )
#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD )
#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD )
#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD )
/**
* Message digest information.
* Allows message digest functions to be called in a generic way.
*/
typedef int mbedtls_md_starts_func_t( void *ctx );
typedef int mbedtls_md_update_func_t( void *ctx,
const unsigned char *input,
size_t ilen );
typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output );
typedef int mbedtls_md_digest_func_t( const unsigned char *input,
size_t ilen,
unsigned char *output );
typedef void* mbedtls_md_ctx_alloc_func_t( void );
typedef void mbedtls_md_ctx_free_func_t( void *ctx );
typedef void mbedtls_md_clone_func_t( void *st, const void *src );
typedef int mbedtls_md_process_func_t( void *ctx,
const unsigned char *input );
#if !defined(MBEDTLS_MD_SINGLE_HASH)
struct mbedtls_md_info_t
{
/** Digest identifier */
@ -59,57 +187,672 @@ struct mbedtls_md_info_t
int block_size;
/** Digest initialisation function */
int (*starts_func)( void *ctx );
mbedtls_md_starts_func_t *starts_func;
/** Digest update function */
int (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
mbedtls_md_update_func_t *update_func;
/** Digest finalisation function */
int (*finish_func)( void *ctx, unsigned char *output );
mbedtls_md_finish_func_t *finish_func;
/** Generic digest function */
int (*digest_func)( const unsigned char *input, size_t ilen,
unsigned char *output );
mbedtls_md_digest_func_t *digest_func;
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
mbedtls_md_ctx_alloc_func_t *ctx_alloc_func;
/** Free the given context */
void (*ctx_free_func)( void *ctx );
mbedtls_md_ctx_free_func_t *ctx_free_func;
/** Clone state from a context */
void (*clone_func)( void *dst, const void *src );
mbedtls_md_clone_func_t *clone_func;
/** Internal use only */
int (*process_func)( void *ctx, const unsigned char *input );
mbedtls_md_process_func_t *process_func;
};
/**
* \brief This macro builds an instance of ::mbedtls_md_info_t
* from an \c MBEDTLS_MD_INFO_XXX identifier.
*/
#define MBEDTLS_MD_INFO( MD ) \
{ MBEDTLS_MD_INFO_TYPE( MD ), \
MBEDTLS_MD_INFO_NAME( MD ), \
MBEDTLS_MD_INFO_SIZE( MD ), \
MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \
MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \
MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \
MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \
MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \
MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \
MBEDTLS_MD_INFO_FREE_FUNC( MD ), \
MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \
MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) }
#endif /* !MBEDTLS_MD_SINGLE_HASH */
/*
*
* Definitions of MD information structures for various digests.
*
*/
/*
* MD-2
*/
#if defined(MBEDTLS_MD2_C)
extern const mbedtls_md_info_t mbedtls_md2_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_md2_starts_wrap( void *ctx )
{
return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md2_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md2_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_md2_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) );
if( ctx != NULL )
mbedtls_md2_init( (mbedtls_md2_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md2_ctx_free( void *ctx )
{
mbedtls_md2_free( (mbedtls_md2_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md2_clone_wrap( void *dst, const void *src )
{
mbedtls_md2_clone( (mbedtls_md2_context *) dst,
(const mbedtls_md2_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data )
{
((void) data);
return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) );
}
#endif /* MBEDTLS_MD2_C */
/*
* MD-4
*/
#if defined(MBEDTLS_MD4_C)
extern const mbedtls_md_info_t mbedtls_md4_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_md4_starts_wrap( void *ctx )
{
return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md4_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md4_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_md4_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) );
if( ctx != NULL )
mbedtls_md4_init( (mbedtls_md4_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md4_ctx_free( void *ctx )
{
mbedtls_md4_free( (mbedtls_md4_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md4_clone_wrap( void *dst, const void *src )
{
mbedtls_md4_clone( (mbedtls_md4_context *) dst,
(const mbedtls_md4_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) );
}
#endif /* MBEDTLS_MD4_C */
/*
* MD-5
*/
#if defined(MBEDTLS_MD5_C)
extern const mbedtls_md_info_t mbedtls_md5_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_md5_starts_wrap( void *ctx )
{
return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md5_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_md5_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_md5_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) );
if( ctx != NULL )
mbedtls_md5_init( (mbedtls_md5_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md5_ctx_free( void *ctx )
{
mbedtls_md5_free( (mbedtls_md5_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_md5_clone_wrap( void *dst, const void *src )
{
mbedtls_md5_clone( (mbedtls_md5_context *) dst,
(const mbedtls_md5_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) );
}
#endif /* MBEDTLS_MD5_C */
/*
* RIPEMD-160
*/
#if defined(MBEDTLS_RIPEMD160_C)
extern const mbedtls_md_info_t mbedtls_ripemd160_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_starts_wrap( void *ctx )
{
return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx,
input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx,
output ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_ripemd160_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) );
if( ctx != NULL )
mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_ctx_free( void *ctx )
{
mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_clone_wrap( void *dst, const void *src )
{
mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst,
(const mbedtls_ripemd160_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_ripemd160_process(
(mbedtls_ripemd160_context *) ctx, data ) );
}
#endif /* MBEDTLS_RIPEMD160_C */
/*
* SHA-1
*/
#if defined(MBEDTLS_SHA1_C)
extern const mbedtls_md_info_t mbedtls_sha1_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_sha1_starts_wrap( void *ctx )
{
return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha1_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx,
input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha1_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_sha1_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) );
if( ctx != NULL )
mbedtls_sha1_init( (mbedtls_sha1_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha1_clone_wrap( void *dst, const void *src )
{
mbedtls_sha1_clone( (mbedtls_sha1_context *) dst,
(const mbedtls_sha1_context *) src );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha1_ctx_free( void *ctx )
{
mbedtls_sha1_free( (mbedtls_sha1_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx,
data ) );
}
#endif /* MBEDTLS_SHA1_C */
/*
* SHA-224 and SHA-256
*/
#if defined(MBEDTLS_SHA256_C)
extern const mbedtls_md_info_t mbedtls_sha224_info;
extern const mbedtls_md_info_t mbedtls_sha256_info;
#endif
#if !defined(MBEDTLS_SHA256_NO_SHA224)
MBEDTLS_MD_WRAPPER int mbedtls_sha224_starts_wrap( void *ctx )
{
return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) );
}
#endif /* !MBEDTLS_SHA256_NO_SHA224 */
MBEDTLS_MD_WRAPPER int mbedtls_sha224_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx,
input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha224_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx,
output ) );
}
#if !defined(MBEDTLS_SHA256_NO_SHA224)
MBEDTLS_MD_WRAPPER int mbedtls_sha224_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
{
return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
}
#endif /* !MBEDTLS_SHA256_NO_SHA224 */
MBEDTLS_MD_WRAPPER void* mbedtls_sha224_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) );
if( ctx != NULL )
mbedtls_sha256_init( (mbedtls_sha256_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha224_ctx_free( void *ctx )
{
mbedtls_sha256_free( (mbedtls_sha256_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha224_clone_wrap( void *dst, const void *src )
{
mbedtls_sha256_clone( (mbedtls_sha256_context *) dst,
(const mbedtls_sha256_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha224_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx,
data ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha256_starts_wrap( void *ctx )
{
return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
{
return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
}
#endif /* MBEDTLS_SHA256_C */
/*
* SHA-384 and SHA-512
*/
#if defined(MBEDTLS_SHA512_C)
extern const mbedtls_md_info_t mbedtls_sha384_info;
extern const mbedtls_md_info_t mbedtls_sha512_info;
#endif
MBEDTLS_MD_WRAPPER int mbedtls_sha384_starts_wrap( void *ctx )
{
return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha384_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx,
input, ilen ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha384_finish_wrap( void *ctx, unsigned char *output )
{
return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx,
output ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha384_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
{
return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
}
MBEDTLS_MD_WRAPPER void* mbedtls_sha384_ctx_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) );
if( ctx != NULL )
mbedtls_sha512_init( (mbedtls_sha512_context *) ctx );
return( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha384_ctx_free( void *ctx )
{
mbedtls_sha512_free( (mbedtls_sha512_context *) ctx );
mbedtls_free( ctx );
}
MBEDTLS_MD_WRAPPER void mbedtls_sha384_clone_wrap( void *dst, const void *src )
{
mbedtls_sha512_clone( (mbedtls_sha512_context *) dst,
(const mbedtls_sha512_context *) src );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha384_process_wrap( void *ctx, const unsigned char *data )
{
return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx,
data ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha512_starts_wrap( void *ctx )
{
return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) );
}
MBEDTLS_MD_WRAPPER int mbedtls_sha512_wrap( const unsigned char *input, size_t ilen,
unsigned char *output )
{
return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
}
#endif /* MBEDTLS_SHA512_C */
/*
* Getter functions for MD info structure.
*/
#if !defined(MBEDTLS_MD_SINGLE_HASH)
MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type(
mbedtls_md_handle_t info )
{
return( info->type );
}
MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name(
mbedtls_md_handle_t info )
{
return( info->name );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size(
mbedtls_md_handle_t info )
{
return( info->size );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size(
mbedtls_md_handle_t info )
{
return( info->block_size );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts(
mbedtls_md_handle_t info,
void *ctx )
{
return( info->starts_func( ctx ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update(
mbedtls_md_handle_t info,
void *ctx,
const unsigned char *input,
size_t ilen )
{
return( info->update_func( ctx, input, ilen ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish(
mbedtls_md_handle_t info,
void *ctx,
unsigned char *output )
{
return( info->finish_func( ctx, output ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest(
mbedtls_md_handle_t info,
const unsigned char *input,
size_t ilen,
unsigned char *output )
{
return( info->digest_func( input, ilen, output ) );
}
MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc(
mbedtls_md_handle_t info )
{
return( info->ctx_alloc_func() );
}
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free(
mbedtls_md_handle_t info,
void *ctx )
{
info->ctx_free_func( ctx );
}
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone(
mbedtls_md_handle_t info,
void *dst,
const void *src )
{
info->clone_func( dst, src );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process(
mbedtls_md_handle_t info,
void *ctx,
const unsigned char *input )
{
return( info->process_func( ctx, input ) );
}
#else /* !MBEDTLS_MD_SINGLE_HASH */
MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type(
mbedtls_md_handle_t info )
{
((void) info);
return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) );
}
MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name(
mbedtls_md_handle_t info )
{
((void) info);
return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size(
mbedtls_md_handle_t info )
{
((void) info);
return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size(
mbedtls_md_handle_t info )
{
((void) info);
return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts(
mbedtls_md_handle_t info,
void *ctx )
{
((void) info);
return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update(
mbedtls_md_handle_t info,
void *ctx,
const unsigned char *input,
size_t ilen )
{
((void) info);
return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH )
( ctx, input, ilen ) );
}
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_init(
mbedtls_md_handle_t info,
void *ctx )
{
((void) info);
MBEDTLS_MD_INFO_INIT_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish(
mbedtls_md_handle_t info,
void *ctx,
unsigned char *output )
{
((void) info);
return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH )
( ctx, output ) );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest(
mbedtls_md_handle_t info,
const unsigned char *input,
size_t ilen,
unsigned char *output )
{
((void) info);
return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH )
( input, ilen, output ) );
}
MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc(
mbedtls_md_handle_t info )
{
((void) info);
return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() );
}
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free(
mbedtls_md_handle_t info,
void *ctx )
{
((void) info);
MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx );
}
MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone(
mbedtls_md_handle_t info,
void *dst,
const void *src )
{
((void) info);
MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process(
mbedtls_md_handle_t info,
void *ctx,
const unsigned char *input )
{
((void) info);
return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH )
( ctx, input ) );
}
#endif /* MBEDTLS_MD_SINGLE_HASH */
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_MD_WRAP_H */
#endif /* MBEDTLS_MD_INTERNAL_H */

84
include/mbedtls/platform_util.h
View file

@ -30,7 +30,7 @@
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stdint.h>
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
#include "platform_time.h"
@ -113,6 +113,12 @@ void mbedtls_param_failed( const char *failure_condition,
#endif /* MBEDTLS_CHECK_PARAMS */
#if defined(__GNUC__) || defined(__arm__)
#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline))
#else
#define MBEDTLS_ALWAYS_INLINE
#endif
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
@ -189,6 +195,82 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
struct tm *tm_buf );
#endif /* MBEDTLS_HAVE_TIME_DATE */
/**
* \brief Convert a 32-bit number to the big endian format and write it to
* the given buffer.
*
* \param buf Address where the converted number is written.
* \param num A number that needs to be converted to the big endian format.
*
* \return Address to the end of buffer where the converted number is
* written.
*/
unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf,
size_t num );
/**
* \brief Convert a 24-bit number to the big endian format and write it to
* the given buffer.
*
* \param buf Address where the converted number is written.
* \param num A number that needs to be converted to the big endian format.
*
* \return Address to the end of buffer where the converted number is
* written.
*/
unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf,
size_t num );
/**
* \brief Convert a 16-bit number to the big endian format and write it to
* the given buffer.
*
*
* \param buf Address where the converted number is written.
* \param num A number that needs to be converted to the big endian format.
*
* \return Address to the end of buffer where the converted number is
* written.
*/
unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf,
size_t num );
/**
* \brief Convert a 32-bit number from the big endian format.
*
* The function reads a 32-bit number from the given buffer in the
* big endian format and returns it to the caller.
*
* \param buf Buffer where the 32-bit number locates.
*
* \return Converted number.
*/
size_t mbedtls_platform_get_uint32_be( const unsigned char *buf );
/**
* \brief Convert a 24-bit number from the big endian format.
*
* The function reads a 14-bit number from the given buffer in the
* big endian format and returns it to the caller.
*
* \param buf Buffer where the 24-bit number locates.
*
* \return Converted number.
*/
size_t mbedtls_platform_get_uint24_be( const unsigned char *buf );
/**
* \brief Convert a 16-bit number from the big endian format.
*
* The function reads a 16-bit number from the given buffer in the
* big endian format and returns it to the caller.
*
* \param buf Buffer where the 16-bit number locates.
*
* \return Converted number.
*/
size_t mbedtls_platform_get_uint16_be( const unsigned char *buf );
#ifdef __cplusplus
}
#endif

6
include/mbedtls/sha256.h
View file

@ -60,8 +60,10 @@ typedef struct mbedtls_sha256_context
uint32_t total[2]; /*!< The number of Bytes processed. */
uint32_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[64]; /*!< The data block being processed. */
#if !defined(MBEDTLS_SHA256_NO_SHA224)
int is224; /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
#endif
}
mbedtls_sha256_context;
@ -101,6 +103,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
* \param ctx The context to use. This must be initialized.
* \param is224 This determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
* If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@ -169,6 +172,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
* \param ctx The context to use. This must be initialized.
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
* If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 );
@ -237,6 +241,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
* be a writable buffer of length \c 32 Bytes.
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
* If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
@ -269,6 +274,7 @@ int mbedtls_sha256_ret( const unsigned char *input,
* a writable buffer of length \c 32 Bytes.
* \param is224 Determines which function to use. This must be either
* \c 0 for SHA-256, or \c 1 for SHA-224.
* If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
size_t ilen,

30
include/mbedtls/ssl.h
View file

@ -142,11 +142,19 @@
/*
* Various constants
*/
#if !defined(MBEDTLS_SSL_PROTO_NO_TLS)
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#else /* MBEDTLS_SSL_PROTO_NO_TLS */
#define MBEDTLS_SSL_MAJOR_VERSION_3 254
#define MBEDTLS_SSL_MINOR_VERSION_0 257 /*!< unused */
#define MBEDTLS_SSL_MINOR_VERSION_1 256 /*!< unused */
#define MBEDTLS_SSL_MINOR_VERSION_2 255 /*!< DTLS v1.0 */
#define MBEDTLS_SSL_MINOR_VERSION_3 253 /*!< DTLS v1.2 */
#endif /* MBEDTLS_SSL_PROTO_NO_TLS */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@ -1033,7 +1041,8 @@ struct mbedtls_ssl_config
void *p_sni; /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
@ -1165,18 +1174,18 @@ struct mbedtls_ssl_config
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
#endif
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
unsigned char max_major_ver; /*!< max. major version used */
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
unsigned char max_minor_ver; /*!< max. minor version used */
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
unsigned char min_major_ver; /*!< min. major version used */
#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
unsigned char max_major_ver; /*!< max. major version used */
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
unsigned char min_minor_ver; /*!< min. minor version used */
uint16_t min_minor_ver; /*!< min. minor version used */
#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
uint16_t max_minor_ver; /*!< max. minor version used */
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
/*
* Flags (bitfields)
@ -1588,7 +1597,8 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
*/
void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
/**
* \brief Set the verification callback (Optional).
*
@ -1603,7 +1613,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#if !defined(MBEDTLS_SSL_CONF_RNG)
/**

87
include/mbedtls/ssl_internal.h
View file

@ -1196,6 +1196,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS)
/*
* Convert version numbers to/from wire format
* and, for DTLS, to/from TLS equivalent.
@ -1257,6 +1259,88 @@ MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_read_version(
#endif /* MBEDTLS_SSL_PROTO_TLS */
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 )
{
return( v0 <= v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 )
{
return( v0 < v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 )
{
return( v0 >= v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 )
{
return( v0 > v1 );
}
#else /* MBEDTLS_SSL_PROTO_TLS */
/* If only DTLS is enabled, we can match the internal encoding
* with the standard's encoding of versions. */
static inline void mbedtls_ssl_write_version( int major, int minor,
int transport,
unsigned char ver[2] )
{
((void) transport);
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
static inline void mbedtls_ssl_read_version( int *major, int *minor,
int transport,
const unsigned char ver[2] )
{
((void) transport);
*major = ver[0];
*minor = ver[1];
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 )
{
return( v0 >= v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 )
{
return( v0 > v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 )
{
return( v0 <= v1 );
}
MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 )
{
return( v0 < v1 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
MBEDTLS_ALWAYS_INLINE static inline size_t mbedtls_ssl_minor_ver_index(
int ver )
{
switch( ver )
{
case MBEDTLS_SSL_MINOR_VERSION_0:
return( 0 );
case MBEDTLS_SSL_MINOR_VERSION_1:
return( 1 );
case MBEDTLS_SSL_MINOR_VERSION_2:
return( 2 );
case MBEDTLS_SSL_MINOR_VERSION_3:
return( 3 );
}
return( 0 );
}
#ifdef __cplusplus
}
#endif
@ -1697,7 +1781,8 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#define MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, ver, info ) \
{ \
int const *__id_ptr; \
for( __id_ptr=(ssl)->conf->ciphersuite_list[ (ver) ]; \
for( __id_ptr=(ssl)->conf->ciphersuite_list[ \
mbedtls_ssl_minor_ver_index( ver ) ]; \
*__id_ptr != 0; __id_ptr++ ) \
{ \
const int __id = *__id_ptr; \

51
include/mbedtls/x509_crt.h
View file

@ -214,6 +214,8 @@ typedef struct mbedtls_x509write_cert
mbedtls_x509write_cert;
#endif /* MBEDTLS_X509_CRT_WRITE_C */
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
/**
* Item in a verification chain: cert and flags for it
*/
@ -236,6 +238,16 @@ typedef struct
unsigned len;
} mbedtls_x509_crt_verify_chain;
#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
typedef struct
{
unsigned len;
uint32_t flags;
} mbedtls_x509_crt_verify_chain;
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
@ -249,6 +261,9 @@ typedef struct
/* for find_parent_in() */
mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
/* current child CRT */
mbedtls_x509_crt *cur_crt;
#if defined(MBEDTLS_HAVE_TIME_DATE)
mbedtls_x509_crt *fallback_parent;
int fallback_signature_is_good;
@ -502,14 +517,17 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* verification process.
*/
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY)
const char *cn,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
const char *cn,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */
uint32_t *flags
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY)
, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */
);
/**
* \brief Verify the certificate signature according to profile
@ -544,10 +562,13 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
const mbedtls_x509_crt_profile *profile,
#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY)
const char *cn,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */
uint32_t *flags
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY)
, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */
);
/**
* \brief Restartable version of \c mbedtls_crt_verify_with_profile()
@ -577,10 +598,12 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
const mbedtls_x509_crt_profile *profile,
#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY)
const char *cn,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */
uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY)
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */
mbedtls_x509_crt_restart_ctx *rs_ctx );
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)

5
include/tinycrypt/ecc.h
View file

@ -1,5 +1,10 @@
/* ecc.h - TinyCrypt interface to common ECC functions */
/*
* Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
/* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.
*

5
include/tinycrypt/ecc_dh.h
View file

@ -1,5 +1,10 @@
/* ecc_dh.h - TinyCrypt interface to EC-DH implementation */
/*
* Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.

5
include/tinycrypt/ecc_dsa.h
View file

@ -1,5 +1,10 @@
/* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */
/*
* Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
* Copyright (c) 2014, Kenneth MacKay
* All rights reserved.