yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-04 22:19:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'baremetal' into baremetal-2.16-20190909

Browse source 
* baremetal: (78 commits)
  Review corrections 6
  Review corrections 5
  Minor changes to tinycrypt README
  Typos in the tinycrypt README
  Addition of copyright statements to tinycrypt files
  Add LICENSE and README for tinycrypt
  Add SPDX lines to each imported TinyCrypt file
  Review corrections 4
  Review corrections 3
  Review corrections 2
  Review corrections
  Update signature of BE conversion functions
  Use function for 16/24/32-bit BE conversion
  x509.c: Minor readability improvement
  x509_crt.c: Indicate guarding condition in #else branch
  X.509: Don't remove verify callback by default
  Fix Doxygen warnings regarding removed verify cb+ctx parameters
  ECC restart: Use optional verification mode in bad signature test
  Re-implement verify chain if vrfy cbs are disabled
  Add zero-cost abstraction layer for CRT verification chain
  ...
This commit is contained in:
Manuel Pégourié-Gonnard 2019-09-12 09:58:14 +02:00
commit e5a0b366f8
86 changed files with 3353 additions and 1786 deletions
Download patch file Download diff file Expand all files Collapse all files

4
programs/aes/crypt_and_hash.c
View file

@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
unsigned char diff;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_md_context_t md_ctx;
#if defined(_WIN32_WCE)
@ -192,7 +192,7 @@ int main( int argc, char *argv[] )
}
md_info = mbedtls_md_info_from_string( argv[5] );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
goto exit;

10
programs/hash/generic_sum.c
View file

@ -53,7 +53,7 @@ int main( void )
#else
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
static int generic_wrapper( mbedtls_md_handle_t md_info, char *filename, unsigned char *sum )
{
int ret = mbedtls_md_file( md_info, filename, sum );
@ -66,7 +66,7 @@ static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, un
return( ret );
}
static int generic_print( const mbedtls_md_info_t *md_info, char *filename )
static int generic_print( mbedtls_md_handle_t md_info, char *filename )
{
int i;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
@ -81,7 +81,7 @@ static int generic_print( const mbedtls_md_info_t *md_info, char *filename )
return( 0 );
}
static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
static int generic_check( mbedtls_md_handle_t md_info, char *filename )
{
int i;
size_t n;
@ -177,7 +177,7 @@ int main( int argc, char *argv[] )
{
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
mbedtls_md_init( &md_ctx );
@ -210,7 +210,7 @@ int main( int argc, char *argv[] )
* Read the MD from the command line
*/
md_info = mbedtls_md_info_from_string( argv[1] );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
return( exit_code );

24
programs/ssl/query_config.c
View file

@ -1202,6 +1202,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SHA256_SMALLER */
#if defined(MBEDTLS_SHA256_NO_SHA224)
if( strcmp( "MBEDTLS_SHA256_NO_SHA224", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_NO_SHA224 );
return( 0 );
}
#endif /* MBEDTLS_SHA256_NO_SHA224 */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 )
{
@ -1578,6 +1586,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
#if defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
if( strcmp( "MBEDTLS_X509_REMOVE_VERIFY_CALLBACK", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_VERIFY_CALLBACK );
return( 0 );
}
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
{
@ -2898,6 +2914,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID */
#if defined(MBEDTLS_MD_SINGLE_HASH)
if( strcmp( "MBEDTLS_MD_SINGLE_HASH", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_MD_SINGLE_HASH );
return( 0 );
}
#endif /* MBEDTLS_MD_SINGLE_HASH */
/* If the symbol is not found, return an error */
return( 1 );
}

43
programs/ssl/ssl_client2.c
View file

@ -69,6 +69,8 @@ int main( void )
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_internal.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -664,6 +666,8 @@ static int send_cb( void *ctx, unsigned char const *buf, size_t len )
!MBEDTLS_SSL_CONF_RECV_TIMEOUT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
static unsigned char peer_crt_info[1024];
/*
@ -704,6 +708,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
return( 0 );
}
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -1506,14 +1511,18 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version )
mbedtls_ssl_ver_gt(
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ),
opt.max_version ) )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version )
mbedtls_ssl_ver_lt(
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ),
opt.min_version ) )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@ -1523,17 +1532,24 @@ int main( int argc, char *argv[] )
/* If the server selects a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) )
mbedtls_ssl_ver_gt(
opt.max_version,
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) )
{
opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info );
}
if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) )
if( mbedtls_ssl_ver_lt(
opt.min_version,
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) )
{
opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info );
/* DTLS starts with TLS 1.1 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
mbedtls_ssl_ver_lt( opt.min_version,
MBEDTLS_SSL_MINOR_VERSION_2 ) )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
}
/* Enable RC4 if needed and not explicitly disabled */
@ -1894,8 +1910,10 @@ int main( int argc, char *argv[] )
#endif
}
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
@ -2316,10 +2334,11 @@ int main( int argc, char *argv[] )
else
mbedtls_printf( " ok\n" );
#if !defined(MBEDTLS_X509_REMOVE_INFO)
#if !defined(MBEDTLS_X509_REMOVE_INFO) && \
!defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_printf( "%s\n", peer_crt_info );
#endif /* !MBEDTLS_X509_REMOVE_INFO */
#endif /* !MBEDTLS_X509_REMOVE_INFO && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -2648,9 +2667,10 @@ send_request:
mbedtls_printf( " . Restarting connection from same port..." );
fflush( stdout );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
@ -2825,9 +2845,10 @@ reconnect:
mbedtls_printf( " . Reconnecting with saved session..." );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{

23
programs/ssl/ssl_server2.c
View file

@ -68,6 +68,8 @@ int main( void )
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_internal.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -2232,14 +2234,18 @@ int main( int argc, char *argv[] )
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version )
mbedtls_ssl_ver_gt(
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ),
opt.max_version ) )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version )
mbedtls_ssl_ver_lt(
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ),
opt.min_version ) )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@ -2249,17 +2255,24 @@ int main( int argc, char *argv[] )
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) )
mbedtls_ssl_ver_gt(
opt.max_version,
mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) )
{
opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info );
}
if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) )
if( mbedtls_ssl_ver_lt(
opt.min_version,
mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) )
{
opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info );
/* DTLS starts with TLS 1.1 */
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
mbedtls_ssl_ver_lt( opt.min_version,
MBEDTLS_SSL_MINOR_VERSION_2 ) )
{
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
}
/* Enable RC4 if needed and not explicitly disabled */

12
programs/test/benchmark.c
View file

@ -693,13 +693,16 @@ int main( int argc, char *argv[] )
if( todo.hmac_drbg )
{
mbedtls_hmac_drbg_context hmac_drbg;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_hmac_drbg_init( &hmac_drbg );
#if defined(MBEDTLS_SHA1_C)
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
mbedtls_exit(1);
}
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);
@ -715,8 +718,11 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_SHA256_C)
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
mbedtls_exit(1);
}
if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
mbedtls_exit(1);

1
programs/test/cpp_dummy_build.cpp
View file

@ -66,7 +66,6 @@
#include "mbedtls/md2.h"
#include "mbedtls/md4.h"
#include "mbedtls/md5.h"
#include "mbedtls/md_internal.h"
#include "mbedtls/net.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/nist_kw.h"

19
programs/x509/cert_app.c
View file

@ -129,6 +129,7 @@ static void my_debug( void *ctx, int level,
}
#endif /* MBEDTLS_DEBUG_C */
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
{
char buf[1024];
@ -148,6 +149,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl
return( 0 );
}
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#if defined(MBEDTLS_SSL_CONF_RNG)
int rng_wrap( void *ctx, unsigned char *dst, size_t len );
@ -363,11 +365,21 @@ int main( int argc, char *argv[] )
{
mbedtls_printf( " . Verifying X.509 certificate..." );
if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl,
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl,
#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
NULL,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
&flags, my_verify, NULL ) ) != 0 )
&flags,
my_verify, NULL );
#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl,
#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
NULL,
#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
&flags );
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
if( ret != 0 )
{
char vrfy_buf[512];
@ -436,7 +448,10 @@ int main( int argc, char *argv[] )
{
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
#endif
}
else
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );