yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 17:05:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move from SHA-1 to SHA-256 as default in programs

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-02-10 10:47:03 +00:00
parent 70dbfaa9ea
commit 6f60cd848b
11 changed files with 58 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -9,6 +9,8 @@ Features
Bugfix Bugfix
Changes Changes
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
= mbed TLS 1.3.10 released 2015-02-09 = mbed TLS 1.3.10 released 2015-02-09
Security Security

10
programs/pkey/dh_client.c
View File

@ -48,7 +48,7 @@
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \ #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -57,7 +57,7 @@ int main( int argc, char *argv[] )
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C " polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or " "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 ); return( 0 );
} }
@ -193,7 +193,7 @@ int main( int argc, char *argv[] )
/* /*
* 5. Check that the server's RSA signature matches * 5. Check that the server's RSA signature matches
* the SHA-1 hash of (P,G,Ys) * the SHA-256 hash of (P,G,Ys)
*/ */
polarssl_printf( "\n . Verifying the server's RSA signature" ); polarssl_printf( "\n . Verifying the server's RSA signature" );
fflush( stdout ); fflush( stdout );
@ -210,7 +210,7 @@ int main( int argc, char *argv[] )
sha1( buf, (int)( p - 2 - buf ), hash ); sha1( buf, (int)( p - 2 - buf ), hash );
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
POLARSSL_MD_SHA1, 0, hash, p ) ) != 0 ) POLARSSL_MD_SHA256, 0, hash, p ) ) != 0 )
{ {
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret ); polarssl_printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit; goto exit;
@ -297,5 +297,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C && #endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

8
programs/pkey/dh_server.c
View File

@ -48,7 +48,7 @@
#if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \ #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -57,7 +57,7 @@ int main( int argc, char *argv[] )
polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C " polarssl_printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or " "POLARSSL_SHA256_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DBRG_C not defined.\n"); "POLARSSL_CTR_DBRG_C not defined.\n");
return( 0 ); return( 0 );
} }
@ -201,7 +201,7 @@ int main( int argc, char *argv[] )
buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len ); buf[n + 1] = (unsigned char)( rsa.len );
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 ) 0, hash, buf + n + 2 ) ) != 0 )
{ {
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret ); polarssl_printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
@ -298,5 +298,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C && #endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C &&
POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

12
programs/pkey/pk_sign.c
View File

@ -47,7 +47,7 @@
#endif #endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SHA1_C) || \ !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \ !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
@ -56,7 +56,7 @@ int main( int argc, char *argv[] )
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SHA1_C and/or " "POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or " "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 ); return( 0 );
@ -111,10 +111,10 @@ int main( int argc, char *argv[] )
} }
/* /*
* Compute the SHA-1 hash of the input file, * Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash. * then calculate the signature of the hash.
*/ */
polarssl_printf( "\n . Generating the SHA-1 signature" ); polarssl_printf( "\n . Generating the SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@ -123,7 +123,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen, if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 ) ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret ); polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
@ -170,5 +170,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C &&
POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO && POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */ POLARSSL_CTR_DRBG_C */

14
programs/pkey/pk_verify.c
View File

@ -45,7 +45,7 @@
#endif #endif
#if !defined(POLARSSL_BIGNUM_C) || \ #if !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO) !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -53,7 +53,7 @@ int main( int argc, char *argv[] )
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or " "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n"); "POLARSSL_FS_IO not defined.\n");
return( 0 ); return( 0 );
} }
@ -108,10 +108,10 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
/* /*
* Compute the SHA-1 hash of the input file and compare * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the signature. * it with the hash decrypted from the signature.
*/ */
polarssl_printf( "\n . Verifying the SHA-1 signature" ); polarssl_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@ -120,14 +120,14 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0, if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 ) buf, i ) ) != 0 )
{ {
polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret ); polarssl_printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
goto exit; goto exit;
} }
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" ); polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0; ret = 0;
@ -146,5 +146,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA1_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */ POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */

14
programs/pkey/rsa_sign.c
View File

@ -1,5 +1,5 @@
/* /*
* RSA/SHA-1 signature creation program * RSA/SHA-256 signature creation program
* *
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
* *
@ -40,14 +40,14 @@
#include "polarssl/sha1.h" #include "polarssl/sha1.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO) !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n"); "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -112,10 +112,10 @@ int main( int argc, char *argv[] )
} }
/* /*
* Compute the SHA-1 hash of the input file, * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash. * then calculate the RSA signature of the hash.
*/ */
polarssl_printf( "\n . Generating the RSA/SHA-1 signature" ); polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 ) if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, POLARSSL_MD_SHA256,
20, hash, buf ) ) != 0 ) 20, hash, buf ) ) != 0 )
{ {
polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret ); polarssl_printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
@ -160,5 +160,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */ POLARSSL_FS_IO */

16
programs/pkey/rsa_sign_pss.c
View File

@ -1,5 +1,5 @@
/* /*
* RSASSA-PSS/SHA-1 signature creation program * RSASSA-PSS/SHA-256 signature creation program
* *
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
* *
@ -47,7 +47,7 @@
#endif #endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \ !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
@ -56,7 +56,7 @@ int main( int argc, char *argv[] )
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or " "POLARSSL_RSA_C and/or POLARSSL_SHA256_C and/or "
"POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or " "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 ); return( 0 );
@ -118,13 +118,13 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 ); rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/* /*
* Compute the SHA-1 hash of the input file, * Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash. * then calculate the RSA signature of the hash.
*/ */
polarssl_printf( "\n . Generating the RSA/SHA-1 signature" ); polarssl_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@ -133,7 +133,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen, if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA256, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 ) ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret ); polarssl_printf( " failed\n ! pk_sign returned %d\n\n", ret );
@ -175,5 +175,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C &&
POLARSSL_SHA1_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO && POLARSSL_SHA256_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_CTR_DRBG_C */ POLARSSL_CTR_DRBG_C */

16
programs/pkey/rsa_verify.c
View File

@ -1,5 +1,5 @@
/* /*
* RSA/SHA-1 signature verification program * RSA/SHA-256 signature verification program
* *
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
* *
@ -39,14 +39,14 @@
#include "polarssl/sha1.h" #include "polarssl/sha1.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO) !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n"); "POLARSSL_SHA256_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -122,10 +122,10 @@ int main( int argc, char *argv[] )
} }
/* /*
* Compute the SHA-1 hash of the input file and compare * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature. * it with the hash decrypted from the RSA signature.
*/ */
polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" ); polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 ) if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
@ -135,13 +135,13 @@ int main( int argc, char *argv[] )
} }
if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 ) POLARSSL_MD_SHA256, 20, hash, buf ) ) != 0 )
{ {
polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret ); polarssl_printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
goto exit; goto exit;
} }
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" ); polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0; ret = 0;
@ -154,5 +154,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_FS_IO */ POLARSSL_FS_IO */

18
programs/pkey/rsa_verify_pss.c
View File

@ -1,5 +1,5 @@
/* /*
* RSASSA-PSS/SHA-1 signature verification program * RSASSA-PSS/SHA-256 signature verification program
* *
* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
* *
@ -46,7 +46,7 @@
#endif #endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_SHA1_C) || !defined(POLARSSL_PK_PARSE_C) || \ !defined(POLARSSL_SHA256_C) || !defined(POLARSSL_PK_PARSE_C) || \
!defined(POLARSSL_FS_IO) !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -54,7 +54,7 @@ int main( int argc, char *argv[] )
((void) argv); ((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_SHA1_C and/or POLARSSL_PK_PARSE_C and/or " "POLARSSL_SHA256_C and/or POLARSSL_PK_PARSE_C and/or "
"POLARSSL_FS_IO not defined.\n"); "POLARSSL_FS_IO not defined.\n");
return( 0 ); return( 0 );
} }
@ -99,7 +99,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA1 ); rsa_set_padding( pk_rsa( pk ), RSA_PKCS_V21, POLARSSL_MD_SHA256 );
/* /*
* Extract the RSA signature from the text file * Extract the RSA signature from the text file
@ -119,10 +119,10 @@ int main( int argc, char *argv[] )
fclose( f ); fclose( f );
/* /*
* Compute the SHA-1 hash of the input file and compare * Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature. * it with the hash decrypted from the RSA signature.
*/ */
polarssl_printf( "\n . Verifying the RSA/SHA-1 signature" ); polarssl_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout ); fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 ) if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
@ -131,14 +131,14 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0, if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA256, hash, 0,
buf, i ) ) != 0 ) buf, i ) ) != 0 )
{ {
polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret ); polarssl_printf( " failed\n ! pk_verify returned %d\n\n", ret );
goto exit; goto exit;
} }
polarssl_printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" ); polarssl_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
ret = 0; ret = 0;
@ -152,5 +152,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_SHA256_C &&
POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */ POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */

2
programs/x509/cert_req.c
View File

@ -149,7 +149,7 @@ int main( int argc, char *argv[] )
* Set to sane values * Set to sane values
*/ */
x509write_csr_init( &req ); x509write_csr_init( &req );
x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 ); x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA256 );
pk_init( &key ); pk_init( &key );
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );

2
programs/x509/cert_write.c
View File

@ -209,7 +209,7 @@ int main( int argc, char *argv[] )
* Set to sane values * Set to sane values
*/ */
x509write_crt_init( &crt ); x509write_crt_init( &crt );
x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA1 ); x509write_crt_set_md_alg( &crt, POLARSSL_MD_SHA256 );
pk_init( &loaded_issuer_key ); pk_init( &loaded_issuer_key );
pk_init( &loaded_subject_key ); pk_init( &loaded_subject_key );
mpi_init( &serial ); mpi_init( &serial );