mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:05:39 +01:00
- Merged trunk into 1.1 branch
This commit is contained in:
parent
b209de59b7
commit
732e1a893c
@ -19,7 +19,7 @@ option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library.
|
||||
|
||||
if(LIB_INSTALL_DIR)
|
||||
else()
|
||||
set(LIB_INSTALL_DIR ${CMAKE_INSTALL_PREFIX}/lib)
|
||||
set(LIB_INSTALL_DIR lib)
|
||||
endif()
|
||||
|
||||
include_directories(include/)
|
||||
|
@ -1,6 +1,6 @@
|
||||
PolarSSL ChangeLog
|
||||
|
||||
= Version 1.1.0 released on 2011-12-05
|
||||
= Version 1.1.0 (Release Candidate 1) released on 2011-12-11
|
||||
Features
|
||||
* Added ssl_session_reset() to allow better multi-connection pools of
|
||||
SSL contexts without needing to set all non-connection-specific
|
||||
@ -38,7 +38,9 @@ Changes
|
||||
* Moved all examples programs to use the new entropy and CTR_DRBG
|
||||
* Added permissive certificate parsing to x509parse_crt() and
|
||||
x509parse_crtfile(). With permissive parsing the parsing does not stop on
|
||||
encountering a parse-error
|
||||
encountering a parse-error. Beware that the meaning of return values has
|
||||
changed!
|
||||
* All error codes are now negative. Even on mermory failures and IO errors.
|
||||
|
||||
Bugfix
|
||||
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
|
||||
|
@ -1,5 +1,11 @@
|
||||
FILE(GLOB headers "polarssl/*.h")
|
||||
option(INSTALL_POLARSSL_HEADERS "Install PolarSSL headers." ON)
|
||||
|
||||
INSTALL(FILES ${headers}
|
||||
if(INSTALL_POLARSSL_HEADERS)
|
||||
|
||||
file(GLOB headers "polarssl/*.h")
|
||||
|
||||
install(FILES ${headers}
|
||||
DESTINATION include/polarssl
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
|
||||
|
||||
endif(INSTALL_POLARSSL_HEADERS)
|
||||
|
@ -52,6 +52,7 @@
|
||||
#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Error when trying to determine the length or invalid length. */
|
||||
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Actual length differs from expected length. */
|
||||
#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Data is invalid. (not used) */
|
||||
#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x001E /**< Memory allocation failed */
|
||||
/* \} name */
|
||||
|
||||
/**
|
||||
|
@ -29,8 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010 /**< Output buffer too small. */
|
||||
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012 /**< Invalid character in input. */
|
||||
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
|
||||
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -33,10 +33,11 @@
|
||||
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
|
||||
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
|
||||
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */
|
||||
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write too. */
|
||||
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */
|
||||
#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */
|
||||
#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */
|
||||
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */
|
||||
#define POLARSSL_ERR_MPI_MALLOC_FAILED -0x0010 /**< Memory allocation failed. */
|
||||
|
||||
#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
|
||||
|
||||
@ -145,7 +146,7 @@ void mpi_free( mpi *X );
|
||||
* \param nblimbs The target number of limbs
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_grow( mpi *X, size_t nblimbs );
|
||||
|
||||
@ -156,7 +157,7 @@ int mpi_grow( mpi *X, size_t nblimbs );
|
||||
* \param Y Source MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_copy( mpi *X, const mpi *Y );
|
||||
|
||||
@ -175,7 +176,7 @@ void mpi_swap( mpi *X, mpi *Y );
|
||||
* \param z Value to use
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_lset( mpi *X, t_sint z );
|
||||
|
||||
@ -200,7 +201,7 @@ int mpi_get_bit( mpi *X, size_t pos );
|
||||
* \param val The value to set the bit to (0 or 1)
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
|
||||
*/
|
||||
int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
|
||||
@ -289,7 +290,7 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
|
||||
* \param buflen Input buffer size
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
|
||||
|
||||
@ -312,7 +313,7 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen );
|
||||
* \param count Amount to shift
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_shift_l( mpi *X, size_t count );
|
||||
|
||||
@ -323,7 +324,7 @@ int mpi_shift_l( mpi *X, size_t count );
|
||||
* \param count Amount to shift
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_shift_r( mpi *X, size_t count );
|
||||
|
||||
@ -371,7 +372,7 @@ int mpi_cmp_int( const mpi *X, t_sint z );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
|
||||
|
||||
@ -395,7 +396,7 @@ int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
|
||||
@ -407,7 +408,7 @@ int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
|
||||
@ -419,7 +420,7 @@ int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
* \param b The integer value to add
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_add_int( mpi *X, const mpi *A, t_sint b );
|
||||
|
||||
@ -431,7 +432,7 @@ int mpi_add_int( mpi *X, const mpi *A, t_sint b );
|
||||
* \param b The integer value to subtract
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
|
||||
|
||||
@ -443,7 +444,7 @@ int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
|
||||
@ -457,7 +458,7 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
|
||||
* \param b The integer value to multiply with
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_mul_int( mpi *X, const mpi *A, t_sint b );
|
||||
|
||||
@ -470,7 +471,7 @@ int mpi_mul_int( mpi *X, const mpi *A, t_sint b );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
|
||||
*
|
||||
* \note Either Q or R can be NULL.
|
||||
@ -486,7 +487,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B );
|
||||
* \param b Integer to divide by
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
|
||||
*
|
||||
* \note Either Q or R can be NULL.
|
||||
@ -501,7 +502,7 @@ int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b );
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
|
||||
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
|
||||
*/
|
||||
@ -515,7 +516,7 @@ int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
|
||||
* \param b Integer to divide by
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
|
||||
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
|
||||
*/
|
||||
@ -531,7 +532,7 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
|
||||
* \param _RR Speed-up MPI used for recalculations
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
|
||||
*
|
||||
* \note _RR is used to avoid re-computing R*R mod N across
|
||||
@ -549,7 +550,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_fill_random( mpi *X, size_t size,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
@ -563,7 +564,7 @@ int mpi_fill_random( mpi *X, size_t size,
|
||||
* \param B Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
|
||||
*/
|
||||
int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
|
||||
|
||||
@ -575,7 +576,7 @@ int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
|
||||
* \param N Right-hand MPI
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
|
||||
POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
|
||||
*/
|
||||
@ -589,7 +590,7 @@ int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N );
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successful (probably prime),
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
|
||||
*/
|
||||
int mpi_is_prime( mpi *X,
|
||||
@ -606,7 +607,7 @@ int mpi_is_prime( mpi *X,
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 if successful (probably prime),
|
||||
* 1 if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
|
||||
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
|
||||
*/
|
||||
int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
|
||||
|
@ -34,13 +34,14 @@
|
||||
#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
|
||||
#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
|
||||
#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
|
||||
|
||||
#define CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */
|
||||
#define CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */
|
||||
#define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 )
|
||||
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
|
||||
/**< The seed length (counter + AES key) */
|
||||
#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default */
|
||||
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
|
||||
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
|
||||
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
|
||||
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
|
||||
|
@ -31,10 +31,9 @@
|
||||
|
||||
#include "sha4.h"
|
||||
|
||||
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003A /**< Critical entropy source failure. */
|
||||
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003C /**< No more sources can be added. */
|
||||
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
|
||||
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
|
||||
|
||||
#define ENTROPY_MIN_POOL 128 /**< Minimum amount of pool entropy needed for release */
|
||||
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
|
||||
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
|
||||
@ -58,16 +57,26 @@ extern "C" {
|
||||
*/
|
||||
typedef int (*f_source_ptr)(void *, unsigned char *, size_t, size_t *);
|
||||
|
||||
/**
|
||||
* \brief Entropy source state
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
f_source_ptr f_source; /**< The entropy source callback */
|
||||
void * p_source; /**< The callback data pointer */
|
||||
size_t size; /**< Amount received */
|
||||
size_t threshold; /**< Minimum level required before release */
|
||||
}
|
||||
source_state;
|
||||
|
||||
/**
|
||||
* \brief Entropy context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
sha4_context accumulator;
|
||||
size_t size;
|
||||
int source_count;
|
||||
f_source_ptr f_source[ENTROPY_MAX_SOURCES];
|
||||
void * p_source[ENTROPY_MAX_SOURCES];
|
||||
source_state source[ENTROPY_MAX_SOURCES];
|
||||
}
|
||||
entropy_context;
|
||||
|
||||
@ -84,11 +93,14 @@ void entropy_init( entropy_context *ctx );
|
||||
* \param ctx Entropy context
|
||||
* \param f_source Entropy function
|
||||
* \param p_source Function data
|
||||
* \param threshold Minimum required from source before entropy is released
|
||||
* ( with entropy_func() )
|
||||
*
|
||||
* \return 0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
|
||||
*/
|
||||
int entropy_add_source( entropy_context *ctx,
|
||||
f_source_ptr f_source, void *p_source );
|
||||
f_source_ptr f_source, void *p_source,
|
||||
size_t threshold );
|
||||
|
||||
/**
|
||||
* \brief Trigger an extra gather poll for the accumulator
|
||||
|
@ -35,6 +35,13 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Default thresholds for built-in sources
|
||||
*/
|
||||
#define ENTROPY_MIN_PLATFORM 128 /**< Minimum for platform source */
|
||||
#define ENTROPY_MIN_HAVEGE 128 /**< Minimum for HAVEGE */
|
||||
#define ENTROPY_MIN_HARDCLOCK 32 /**< Minimum for hardclock() */
|
||||
|
||||
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
|
||||
/**
|
||||
* \brief Platform-specific entropy poll callback
|
||||
|
@ -48,27 +48,33 @@
|
||||
* Low-level module errors (0x007E-0x0002)
|
||||
*
|
||||
* Module Nr Codes assigned
|
||||
* MPI 7 0x0002-0x000E
|
||||
* BASE64 2 0x0010-0x0012
|
||||
* ASN1 5 0x0014-0x001C
|
||||
* MPI 7 0x0002-0x0010
|
||||
* ASN1 6 0x0014-0x001E
|
||||
* AES 2 0x0020-0x0022
|
||||
* CAMELLIA 2 0x0024-0x0026
|
||||
* XTEA 1 0x0028-0x0028
|
||||
* BASE64 2 0x002A-0x002C
|
||||
* PADLOCK 1 0x0030-0x0030
|
||||
* DES 1 0x0032-0x0032
|
||||
* NET 11 0x0040-0x0054
|
||||
* CTR_DBRG 3 0x0034-0x0038
|
||||
* ENTROPY 2 0x003A-0x003C
|
||||
* CTR_DBRG 3 0x0034-0x003A
|
||||
* ENTROPY 2 0x003C-0x003E
|
||||
* MD2 1 0x0070-0x0070
|
||||
* MD4 1 0x0072-0x0072
|
||||
* MD5 1 0x0074-0x0074
|
||||
* SHA1 1 0x0076-0x0076
|
||||
* SHA2 1 0x0078-0x0078
|
||||
* SHA4 1 0x007A-0x007A
|
||||
*
|
||||
* High-level module nr (3 bits - 0x1...-0x8...)
|
||||
* Name ID Nr of Errors
|
||||
* PEM 1 8
|
||||
* X509 2 20
|
||||
* X509 2 21
|
||||
* DHM 3 6
|
||||
* RSA 4 9
|
||||
* MD 5 1
|
||||
* CIPER 6 1
|
||||
* SSL 7 27
|
||||
* SSL 7 30
|
||||
*
|
||||
* Module dependent error code (5 bits 0x.08.-0x.F8.)
|
||||
*/
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \brief MD2 context structure
|
||||
*/
|
||||
@ -87,8 +89,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
* \param path input file name
|
||||
* \param output MD2 checksum result
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_MD2_FILE_IO_ERROR
|
||||
*/
|
||||
int md2_file( const char *path, unsigned char output[16] );
|
||||
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \brief MD4 context structure
|
||||
*/
|
||||
@ -86,8 +88,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
* \param path input file name
|
||||
* \param output MD4 checksum result
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_MD4_FILE_IO_ERROR
|
||||
*/
|
||||
int md4_file( const char *path, unsigned char output[16] );
|
||||
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \brief MD5 context structure
|
||||
*/
|
||||
@ -86,8 +88,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
|
||||
* \param path input file name
|
||||
* \param output MD5 checksum result
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_MD5_FILE_IO_ERROR
|
||||
*/
|
||||
int md5_file( const char *path, unsigned char output[16] );
|
||||
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \brief SHA-1 context structure
|
||||
*/
|
||||
@ -86,8 +88,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
|
||||
* \param path input file name
|
||||
* \param output SHA-1 checksum result
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_SHA1_FILE_IO_ERROR
|
||||
*/
|
||||
int sha1_file( const char *path, unsigned char output[20] );
|
||||
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
|
||||
|
||||
/**
|
||||
* \brief SHA-256 context structure
|
||||
*/
|
||||
@ -91,8 +93,7 @@ void sha2( const unsigned char *input, size_t ilen,
|
||||
* \param output SHA-224/256 checksum result
|
||||
* \param is224 0 = use SHA256, 1 = use SHA224
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_SHA2_FILE_IO_ERROR
|
||||
*/
|
||||
int sha2_file( const char *path, unsigned char output[32], int is224 );
|
||||
|
||||
|
@ -29,6 +29,8 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
|
||||
|
||||
#if defined(_MSC_VER) || defined(__WATCOMC__)
|
||||
#define UL64(x) x##ui64
|
||||
#define long64 __int64
|
||||
@ -99,8 +101,7 @@ void sha4( const unsigned char *input, size_t ilen,
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*
|
||||
* \return 0 if successful, 1 if fopen failed,
|
||||
* or 2 if fread failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_SHA4_FILE_IO_ERROR
|
||||
*/
|
||||
int sha4_file( const char *path, unsigned char output[64], int is384 );
|
||||
|
||||
|
@ -81,6 +81,7 @@
|
||||
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
|
||||
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
|
||||
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
|
||||
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
|
||||
|
||||
/*
|
||||
* Various constants
|
||||
@ -373,7 +374,8 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name );
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return 0 if successful, or 1 if memory allocation failed
|
||||
* \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
|
||||
* memory allocation failed
|
||||
*/
|
||||
int ssl_init( ssl_context *ssl );
|
||||
|
||||
|
@ -59,7 +59,9 @@
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */
|
||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x2A00 /**< Not used. */
|
||||
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< Input invalid. */
|
||||
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Allocation of memory failed. */
|
||||
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Read/write of file failed. */
|
||||
/* \} name */
|
||||
|
||||
|
||||
@ -227,10 +229,6 @@
|
||||
#define X509_FORMAT_DER 1
|
||||
#define X509_FORMAT_PEM 2
|
||||
|
||||
#define X509_NON_PERMISSIVE 0
|
||||
#define X509_PERMISSIVE 1
|
||||
|
||||
|
||||
/**
|
||||
* \addtogroup x509_module
|
||||
* \{ */
|
||||
@ -420,34 +418,35 @@ extern "C" {
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
* \brief Parse one or more certificates and add them
|
||||
* to the chained list. With permissive parsing enabled
|
||||
* all certificates that cannot be parsed are ignored.
|
||||
* If none complete correctly, the first error is returned.
|
||||
* to the chained list. Parses permissively. If some
|
||||
* certificates can be parsed, the result is the number
|
||||
* of failed certificates it encountered. If none complete
|
||||
* correctly, the first error is returned.
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the certificate data
|
||||
* \param buflen size of the buffer
|
||||
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
* \return 0 if all certificates parsed successfully, a positive number
|
||||
* if partly successful or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
int permissive );
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
|
||||
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
* \brief Load one or more certificates and add them
|
||||
* to the chained list. With permissive parsing enabled
|
||||
* all certificates that cannot be parsed are ignored.
|
||||
* If none complete correctly, the first error is returned.
|
||||
* to the chained list. Parses permissively. If some
|
||||
* certificates can be parsed, the result is the number
|
||||
* of failed certificates it encountered. If none complete
|
||||
* correctly, the first error is returned.
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the certificates from
|
||||
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
* \return 0 if all certificates parsed successfully, a positive number
|
||||
* if partly successful or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path, int permissive );
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
@ -552,8 +551,6 @@ int x509parse_dhmfile( dhm_context *dhm, const char *path );
|
||||
|
||||
/** \} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* \brief Store the certificate DN in printable form into buf;
|
||||
* no more than size characters will be written.
|
||||
|
@ -1,4 +1,4 @@
|
||||
OPTION(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL as a shared library." OFF)
|
||||
option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL as a shared library." OFF)
|
||||
|
||||
set(src
|
||||
aes.c
|
||||
@ -46,11 +46,11 @@ add_library(polarssl STATIC ${src})
|
||||
|
||||
else(NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
||||
ADD_LIBRARY(polarssl SHARED ${src})
|
||||
SET_TARGET_PROPERTIES(polarssl PROPERTIES VERSION 1.1.0 SOVERSION 1)
|
||||
add_library(polarssl SHARED ${src})
|
||||
set_target_properties(polarssl PROPERTIES VERSION 1.1.0 SOVERSION 1)
|
||||
|
||||
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
||||
INSTALL(TARGETS polarssl
|
||||
install(TARGETS polarssl
|
||||
DESTINATION ${LIB_INSTALL_DIR}
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -242,7 +242,7 @@ int asn1_get_sequence_of( unsigned char **p,
|
||||
sizeof( asn1_sequence ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
|
@ -89,12 +89,12 @@ int mpi_grow( mpi *X, size_t nblimbs )
|
||||
t_uint *p;
|
||||
|
||||
if( nblimbs > POLARSSL_MPI_MAX_LIMBS )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
|
||||
|
||||
if( X->n < nblimbs )
|
||||
{
|
||||
if( ( p = (t_uint *) malloc( nblimbs * ciL ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_MPI_MALLOC_FAILED );
|
||||
|
||||
memset( p, 0, nblimbs * ciL );
|
||||
|
||||
|
@ -38,11 +38,17 @@
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
/*
|
||||
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
|
||||
* tests to succeed (which require known length fixed entropy)
|
||||
*/
|
||||
int ctr_drbg_init_entropy_len(
|
||||
ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len )
|
||||
size_t len,
|
||||
size_t entropy_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char key[CTR_DRBG_KEYSIZE];
|
||||
@ -53,7 +59,7 @@ int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
ctx->f_entropy = f_entropy;
|
||||
ctx->p_entropy = p_entropy;
|
||||
|
||||
ctx->entropy_len = CTR_DRBG_ENTROPY_LEN;
|
||||
ctx->entropy_len = entropy_len;
|
||||
ctx->reseed_interval = CTR_DRBG_RESEED_INTERVAL;
|
||||
|
||||
/*
|
||||
@ -67,6 +73,16 @@ int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len )
|
||||
{
|
||||
return( ctr_drbg_init_entropy_len( ctx, f_entropy, p_entropy, custom, len,
|
||||
CTR_DRBG_ENTROPY_LEN ) );
|
||||
}
|
||||
|
||||
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance )
|
||||
{
|
||||
ctx->prediction_resistance = resistance;
|
||||
@ -228,7 +244,7 @@ int ctr_drbg_reseed( ctr_drbg_context *ctx,
|
||||
memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
|
||||
|
||||
/*
|
||||
* Gather POLARSSL_CTR_DRBG_ENTROPYLEN bytes of entropy to seed state
|
||||
* Gather enropy_len bytes of entropy to seed state
|
||||
*/
|
||||
if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
|
||||
ctx->entropy_len ) )
|
||||
@ -341,7 +357,7 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
unsigned char buf[ CTR_DRBG_MAX_INPUT ];
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
if( ( ret = ctr_drbg_random( ctx, buf, CTR_DRBG_MAX_INPUT ) ) != 0 )
|
||||
return( ret );
|
||||
@ -349,7 +365,7 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT )
|
||||
{
|
||||
fclose( f );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
@ -363,7 +379,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
unsigned char buf[ CTR_DRBG_MAX_INPUT ];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
n = (size_t) ftell( f );
|
||||
@ -375,7 +391,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
ctr_drbg_update( ctx, buf, n );
|
||||
|
@ -39,21 +39,26 @@ void entropy_init( entropy_context *ctx )
|
||||
sha4_starts( &ctx->accumulator, 0 );
|
||||
|
||||
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
|
||||
entropy_add_source( ctx, platform_entropy_poll, NULL );
|
||||
entropy_add_source( ctx, platform_entropy_poll, NULL,
|
||||
ENTROPY_MIN_PLATFORM );
|
||||
#endif
|
||||
#if defined(POLARSSL_TIMING_C)
|
||||
entropy_add_source( ctx, hardclock_poll, NULL );
|
||||
entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
|
||||
#endif
|
||||
}
|
||||
|
||||
int entropy_add_source( entropy_context *ctx,
|
||||
f_source_ptr f_source, void *p_source )
|
||||
f_source_ptr f_source, void *p_source,
|
||||
size_t threshold )
|
||||
{
|
||||
if( ctx->source_count >= ENTROPY_MAX_SOURCES )
|
||||
int index = ctx->source_count;
|
||||
|
||||
if( index >= ENTROPY_MAX_SOURCES )
|
||||
return( POLARSSL_ERR_ENTROPY_MAX_SOURCES );
|
||||
|
||||
ctx->f_source[ctx->source_count] = f_source;
|
||||
ctx->p_source[ctx->source_count] = p_source;
|
||||
ctx->source[index].f_source = f_source;
|
||||
ctx->source[index].p_source = p_source;
|
||||
ctx->source[index].threshold = threshold;
|
||||
|
||||
ctx->source_count++;
|
||||
|
||||
@ -85,8 +90,6 @@ int entropy_update( entropy_context *ctx, unsigned char source_id,
|
||||
sha4_update( &ctx->accumulator, header, 2 );
|
||||
sha4_update( &ctx->accumulator, p, use_len );
|
||||
|
||||
ctx->size += use_len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@ -111,7 +114,7 @@ int entropy_gather( entropy_context *ctx )
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
{
|
||||
olen = 0;
|
||||
if ( ( ret = ctx->f_source[i]( ctx->p_source[i],
|
||||
if ( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
|
||||
buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
@ -121,7 +124,10 @@ int entropy_gather( entropy_context *ctx )
|
||||
* Add if we actually gathered something
|
||||
*/
|
||||
if( olen > 0 )
|
||||
{
|
||||
entropy_update( ctx, (unsigned char) i, buf, olen );
|
||||
ctx->source[i].size += olen;
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
@ -129,7 +135,7 @@ int entropy_gather( entropy_context *ctx )
|
||||
|
||||
int entropy_func( void *data, unsigned char *output, size_t len )
|
||||
{
|
||||
int ret, count = 0;
|
||||
int ret, count = 0, i, reached;
|
||||
entropy_context *ctx = (entropy_context *) data;
|
||||
unsigned char buf[ENTROPY_BLOCK_SIZE];
|
||||
|
||||
@ -146,8 +152,14 @@ int entropy_func( void *data, unsigned char *output, size_t len )
|
||||
|
||||
if( ( ret = entropy_gather( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
reached = 0;
|
||||
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
if( ctx->source[i].size >= ctx->source[i].threshold )
|
||||
reached++;
|
||||
}
|
||||
while( ctx->size < ENTROPY_MIN_POOL );
|
||||
while( reached != ctx->source_count );
|
||||
|
||||
memset( buf, 0, ENTROPY_BLOCK_SIZE );
|
||||
|
||||
@ -159,11 +171,14 @@ int entropy_func( void *data, unsigned char *output, size_t len )
|
||||
sha4( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
|
||||
|
||||
/*
|
||||
* Reset accumulator
|
||||
* Reset accumulator and counters and recycle existing entropy
|
||||
*/
|
||||
memset( &ctx->accumulator, 0, sizeof( sha4_context ) );
|
||||
sha4_starts( &ctx->accumulator, 0 );
|
||||
ctx->size = 0;
|
||||
sha4_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
|
||||
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
ctx->source[i].size = 0;
|
||||
|
||||
memcpy( output, buf, len );
|
||||
|
||||
|
@ -67,6 +67,18 @@
|
||||
#include "polarssl/md.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_MD2_C)
|
||||
#include "polarssl/md2.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_MD4_C)
|
||||
#include "polarssl/md4.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_MD5_C)
|
||||
#include "polarssl/md5.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_NET_C)
|
||||
#include "polarssl/net.h"
|
||||
#endif
|
||||
@ -83,6 +95,18 @@
|
||||
#include "polarssl/rsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
#include "polarssl/sha1.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
#include "polarssl/sha2.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SHA4_C)
|
||||
#include "polarssl/sha4.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_TLS_C)
|
||||
#include "polarssl/ssl.h"
|
||||
#endif
|
||||
@ -258,6 +282,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
|
||||
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_FINISHED) )
|
||||
snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
|
||||
if( use_ret == -(POLARSSL_ERR_SSL_MALLOC_FAILED) )
|
||||
snprintf( buf, buflen, "SSL - Memory allocation failed" );
|
||||
#endif /* POLARSSL_SSL_TLS_C */
|
||||
|
||||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
@ -299,8 +325,12 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "X509 - Invalid RSA key tag or value" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
|
||||
snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_VALUE_TO_LENGTH) )
|
||||
snprintf( buf, buflen, "X509 - Not used" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_INVALID_INPUT) )
|
||||
snprintf( buf, buflen, "X509 - Input invalid" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
|
||||
snprintf( buf, buflen, "X509 - Allocation of memory failed" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
||||
#endif /* POLARSSL_X509_PARSE_C */
|
||||
|
||||
if( strlen( buf ) == 0 )
|
||||
@ -348,6 +378,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
|
||||
if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_DATA) )
|
||||
snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
|
||||
if( use_ret == -(POLARSSL_ERR_ASN1_MALLOC_FAILED) )
|
||||
snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
|
||||
#endif /* POLARSSL_ASN1_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_BASE64_C)
|
||||
@ -365,13 +397,15 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_INVALID_CHARACTER) )
|
||||
snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_BUFFER_TOO_SMALL) )
|
||||
snprintf( buf, buflen, "BIGNUM - The output buffer is too small to write too" );
|
||||
snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_NEGATIVE_VALUE) )
|
||||
snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_DIVISION_BY_ZERO) )
|
||||
snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_NOT_ACCEPTABLE) )
|
||||
snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
|
||||
if( use_ret == -(POLARSSL_ERR_MPI_MALLOC_FAILED) )
|
||||
snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
|
||||
#endif /* POLARSSL_BIGNUM_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -388,6 +422,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
|
||||
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG) )
|
||||
snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
|
||||
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
|
||||
#endif /* POLARSSL_CTR_DRBG_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
@ -402,6 +438,21 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
|
||||
#endif /* POLARSSL_ENTROPY_C */
|
||||
|
||||
#if defined(POLARSSL_MD2_C)
|
||||
if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "MD2 - Read/write error in file" );
|
||||
#endif /* POLARSSL_MD2_C */
|
||||
|
||||
#if defined(POLARSSL_MD4_C)
|
||||
if( use_ret == -(POLARSSL_ERR_MD4_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "MD4 - Read/write error in file" );
|
||||
#endif /* POLARSSL_MD4_C */
|
||||
|
||||
#if defined(POLARSSL_MD5_C)
|
||||
if( use_ret == -(POLARSSL_ERR_MD5_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "MD5 - Read/write error in file" );
|
||||
#endif /* POLARSSL_MD5_C */
|
||||
|
||||
#if defined(POLARSSL_NET_C)
|
||||
if( use_ret == -(POLARSSL_ERR_NET_UNKNOWN_HOST) )
|
||||
snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
|
||||
@ -432,6 +483,21 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
|
||||
#endif /* POLARSSL_PADLOCK_C */
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "SHA1 - Read/write error in file" );
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
|
||||
#if defined(POLARSSL_SHA2_C)
|
||||
if( use_ret == -(POLARSSL_ERR_SHA2_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "SHA2 - Read/write error in file" );
|
||||
#endif /* POLARSSL_SHA2_C */
|
||||
|
||||
#if defined(POLARSSL_SHA4_C)
|
||||
if( use_ret == -(POLARSSL_ERR_SHA4_FILE_IO_ERROR) )
|
||||
snprintf( buf, buflen, "SHA4 - Read/write error in file" );
|
||||
#endif /* POLARSSL_SHA4_C */
|
||||
|
||||
#if defined(POLARSSL_XTEA_C)
|
||||
if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
|
||||
snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
|
||||
|
@ -189,7 +189,7 @@ int md2_file( const char *path, unsigned char output[16] )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
|
||||
|
||||
md2_starts( &ctx );
|
||||
|
||||
@ -203,7 +203,7 @@ int md2_file( const char *path, unsigned char output[16] )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -285,7 +285,7 @@ int md4_file( const char *path, unsigned char output[16] )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
|
||||
|
||||
md4_starts( &ctx );
|
||||
|
||||
@ -299,7 +299,7 @@ int md4_file( const char *path, unsigned char output[16] )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -304,7 +304,7 @@ int md5_file( const char *path, unsigned char output[16] )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
|
||||
|
||||
md5_starts( &ctx );
|
||||
|
||||
@ -318,7 +318,7 @@ int md5_file( const char *path, unsigned char output[16] )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -339,7 +339,7 @@ int sha1_file( const char *path, unsigned char output[20] )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
|
||||
|
||||
sha1_starts( &ctx );
|
||||
|
||||
@ -353,7 +353,7 @@ int sha1_file( const char *path, unsigned char output[20] )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -341,7 +341,7 @@ int sha2_file( const char *path, unsigned char output[32], int is224 )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
|
||||
|
||||
sha2_starts( &ctx, is224 );
|
||||
|
||||
@ -355,7 +355,7 @@ int sha2_file( const char *path, unsigned char output[32], int is224 )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -339,7 +339,7 @@ int sha4_file( const char *path, unsigned char output[64], int is384 )
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
|
||||
|
||||
sha4_starts( &ctx, is384 );
|
||||
|
||||
@ -353,7 +353,7 @@ int sha4_file( const char *path, unsigned char output[64], int is384 )
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( 2 );
|
||||
return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
@ -395,7 +395,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
if( ssl->dhm_ctx.len < 64 || ssl->dhm_ctx.len > 256 )
|
||||
if( ssl->dhm_ctx.len < 64 || ssl->dhm_ctx.len > 512 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
|
@ -1376,7 +1376,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
|
||||
sizeof( x509_cert ) ) );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
|
||||
@ -1401,8 +1401,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
|
||||
ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n,
|
||||
X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
|
||||
if( ret != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, " x509parse_crt", ret );
|
||||
@ -1707,7 +1706,7 @@ int ssl_init( ssl_context *ssl )
|
||||
if( ssl->in_ctr == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
ssl->out_ctr = (unsigned char *) malloc( len );
|
||||
@ -1718,7 +1717,7 @@ int ssl_init( ssl_context *ssl )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
|
||||
free( ssl-> in_ctr );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
|
||||
|
@ -284,7 +284,7 @@ static int x509_get_name( unsigned char **p,
|
||||
sizeof( x509_name ) );
|
||||
|
||||
if( use->next == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memset( use->next, 0, sizeof( x509_name ) );
|
||||
|
||||
@ -303,7 +303,7 @@ static int x509_get_name( unsigned char **p,
|
||||
sizeof( x509_name ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
return( x509_get_name( p, end2, cur->next ) );
|
||||
}
|
||||
@ -1018,12 +1018,12 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
||||
* Check for valid input
|
||||
*/
|
||||
if( crt == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
||||
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
@ -1259,10 +1259,9 @@ int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
||||
/*
|
||||
* Parse one or more PEM certificates from a buffer and add them to the chained list
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
int permissive )
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret, success = 0, first_error = 0;
|
||||
int ret, success = 0, first_error = 0, total_failed = 0;
|
||||
x509_cert *crt, *prev = NULL;
|
||||
int buf_format = X509_FORMAT_DER;
|
||||
|
||||
@ -1272,7 +1271,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
* Check for valid input
|
||||
*/
|
||||
if( crt == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
||||
|
||||
while( crt->version != 0 && crt->next != NULL )
|
||||
{
|
||||
@ -1288,7 +1287,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
prev = crt;
|
||||
crt = crt->next;
|
||||
@ -1349,9 +1348,9 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
if( ret != 0 )
|
||||
{
|
||||
/*
|
||||
* quit parsing on a memory error or if in non-permissive parsing mode
|
||||
* quit parsing on a memory error
|
||||
*/
|
||||
if( ret == 1 || permissive != 1 )
|
||||
if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
|
||||
{
|
||||
if( prev )
|
||||
prev->next = NULL;
|
||||
@ -1365,6 +1364,8 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
if( first_error == 0 )
|
||||
first_error = ret;
|
||||
|
||||
total_failed++;
|
||||
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
continue;
|
||||
}
|
||||
@ -1377,7 +1378,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
prev = crt;
|
||||
crt = crt->next;
|
||||
@ -1396,7 +1397,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
}
|
||||
|
||||
if( success )
|
||||
return( 0 );
|
||||
return( total_failed );
|
||||
else if( first_error )
|
||||
return( first_error );
|
||||
else
|
||||
@ -1423,7 +1424,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
* Check for valid input
|
||||
*/
|
||||
if( crl == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
||||
|
||||
while( crl->version != 0 && crl->next != NULL )
|
||||
crl = crl->next;
|
||||
@ -1438,7 +1439,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
if( crl->next == NULL )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
crl = crl->next;
|
||||
@ -1481,7 +1482,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
@ -1491,7 +1492,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
@ -1680,7 +1681,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
if( crl->next == NULL )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
crl = crl->next;
|
||||
@ -1701,20 +1702,20 @@ int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
FILE *f;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
*n = (size_t) ftell( f );
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
free( *buf );
|
||||
return( 1 );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
@ -1727,16 +1728,16 @@ int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
/*
|
||||
* Load one or more certificates and add them to the chained list
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path, int permissive )
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path )
|
||||
{
|
||||
int ret;
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
if ( (ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509parse_crt( chain, buf, n, permissive );
|
||||
ret = x509parse_crt( chain, buf, n );
|
||||
|
||||
memset( buf, 0, n + 1 );
|
||||
free( buf );
|
||||
@ -1753,8 +1754,8 @@ int x509parse_crlfile( x509_crl *chain, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
if ( (ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509parse_crl( chain, buf, n );
|
||||
|
||||
@ -1773,8 +1774,8 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
if ( (ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( pwd == NULL )
|
||||
ret = x509parse_key( rsa, buf, n, NULL, 0 );
|
||||
@ -1797,8 +1798,8 @@ int x509parse_public_keyfile( rsa_context *rsa, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
if ( (ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509parse_public_key( rsa, buf, n );
|
||||
|
||||
@ -2250,8 +2251,8 @@ int x509parse_dhmfile( dhm_context *dhm, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509parse_dhm( dhm, buf, n );
|
||||
|
||||
@ -3155,7 +3156,7 @@ int x509_self_test( int verbose )
|
||||
memset( &clicert, 0, sizeof( x509_cert ) );
|
||||
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_cli_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
@ -3167,7 +3168,7 @@ int x509_self_test( int verbose )
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
|
@ -4,6 +4,6 @@ target_link_libraries(aescrypt2 polarssl)
|
||||
add_executable(crypt_and_hash crypt_and_hash.c)
|
||||
target_link_libraries(crypt_and_hash polarssl)
|
||||
|
||||
INSTALL(TARGETS aescrypt2 crypt_and_hash
|
||||
install(TARGETS aescrypt2 crypt_and_hash
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -13,6 +13,6 @@ target_link_libraries(sha1sum polarssl)
|
||||
add_executable(sha2sum sha2sum.c)
|
||||
target_link_libraries(sha2sum polarssl)
|
||||
|
||||
INSTALL(TARGETS hello md5sum sha1sum sha2sum generic_sum
|
||||
install(TARGETS hello md5sum sha1sum sha2sum generic_sum
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -34,6 +34,6 @@ target_link_libraries(rsa_encrypt polarssl)
|
||||
add_executable(rsa_decrypt rsa_decrypt.c)
|
||||
target_link_libraries(rsa_decrypt polarssl)
|
||||
|
||||
INSTALL(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt
|
||||
install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -7,6 +7,6 @@ target_link_libraries(gen_random_ctr_drbg polarssl)
|
||||
add_executable(gen_entropy gen_entropy.c)
|
||||
target_link_libraries(gen_entropy polarssl)
|
||||
|
||||
INSTALL(TARGETS gen_random_havege gen_random_ctr_drbg gen_entropy
|
||||
install(TARGETS gen_random_havege gen_random_ctr_drbg gen_entropy
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -21,6 +21,6 @@ target_link_libraries(ssl_fork_server ${libs})
|
||||
add_executable(ssl_mail_client ssl_mail_client.c)
|
||||
target_link_libraries(ssl_mail_client ${libs})
|
||||
|
||||
INSTALL(TARGETS ssl_client1 ssl_client2 ssl_server ssl_fork_server ssl_mail_client
|
||||
install(TARGETS ssl_client1 ssl_client2 ssl_server ssl_fork_server ssl_mail_client
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -241,12 +241,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.ca_file ) )
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
@ -271,12 +271,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.crt_file ) )
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_cli_crt ) );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
|
@ -250,7 +250,7 @@ int main( int argc, char *argv[] )
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_srv_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -258,7 +258,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -493,12 +493,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.ca_file ) )
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
@ -523,15 +523,15 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.crt_file ) )
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_cli_crt ) );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
ret = -1;
|
||||
printf("POLARSSL_CERTS_C not defined.");
|
||||
}
|
||||
#endif
|
||||
@ -551,7 +551,7 @@ int main( int argc, char *argv[] )
|
||||
strlen( test_cli_key ), NULL, 0 );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
ret = -1;
|
||||
printf("POLARSSL_CERTS_C not defined.");
|
||||
}
|
||||
#endif
|
||||
|
@ -220,7 +220,7 @@ int main( int argc, char *argv[] )
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_srv_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -228,7 +228,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -18,6 +18,6 @@ target_link_libraries(ssl_test ${libs})
|
||||
add_executable(ssl_cert_test ssl_cert_test.c)
|
||||
target_link_libraries(ssl_cert_test ${libs})
|
||||
|
||||
INSTALL(TARGETS selftest benchmark ssl_test ssl_cert_test
|
||||
install(TARGETS selftest benchmark ssl_test ssl_cert_test
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
|
||||
* Alternatively, you may load the CA certificates from a .pem or
|
||||
* .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
|
||||
*/
|
||||
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt", X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret );
|
||||
@ -148,7 +148,7 @@ int main( int argc, char *argv[] )
|
||||
printf( " . Loading the client certificate %s...", name );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509parse_crtfile( &clicert, name, X509_NON_PERMISSIVE );
|
||||
ret = x509parse_crtfile( &clicert, name );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -214,7 +214,7 @@ static int ssl_test( struct options *opt )
|
||||
goto exit;
|
||||
#else
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_srv_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -222,7 +222,7 @@ static int ssl_test( struct options *opt )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
strlen( test_ca_crt ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -12,6 +12,6 @@ target_link_libraries(cert_app ${libs})
|
||||
add_executable(crl_app crl_app.c)
|
||||
target_link_libraries(crl_app ${libs})
|
||||
|
||||
INSTALL(TARGETS cert_app crl_app
|
||||
install(TARGETS cert_app crl_app
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
@ -200,17 +200,25 @@ int main( int argc, char *argv[] )
|
||||
printf( "\n . Loading the certificate(s) ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509parse_crtfile( &crt, opt.filename, opt.permissive );
|
||||
ret = x509parse_crtfile( &crt, opt.filename );
|
||||
|
||||
if( ret != 0 )
|
||||
if( ret < 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
x509_free( &crt );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.permissive == 0 && ret > 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
|
||||
x509_free( &crt );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
|
||||
/*
|
||||
* 1.2 Print the certificate(s)
|
||||
*/
|
||||
|
@ -9,7 +9,8 @@ my $error_file = shift or die "Missing destination file";
|
||||
my $error_format_file = $data_dir.'/error.fmt';
|
||||
|
||||
my @low_level_modules = ( "AES", "ASN1", "CAMELLIA", "BIGNUM", "BASE64", "XTEA",
|
||||
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY" );
|
||||
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
|
||||
"MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4" );
|
||||
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL" );
|
||||
|
||||
my $line_separator = $/;
|
||||
|
@ -2,12 +2,21 @@ BEGIN_HEADER
|
||||
#include <polarssl/ctr_drbg.h>
|
||||
|
||||
int test_offset;
|
||||
int entropy_func( void *p, unsigned char *buf, size_t len )
|
||||
int entropy_func( void *data, unsigned char *buf, size_t len )
|
||||
{
|
||||
unsigned char *p = (unsigned char *) data;
|
||||
memcpy( buf, p + test_offset, len );
|
||||
test_offset += 32;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_init_entropy_len(
|
||||
ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len,
|
||||
size_t entropy_len );
|
||||
END_HEADER
|
||||
|
||||
BEGIN_DEPENDENCIES
|
||||
@ -34,7 +43,7 @@ ctr_drbg_validate_pr:add_init_string:entropy_string:add1_string:add2_string:resu
|
||||
add2_len = unhexify( add2, {add2_string} );
|
||||
|
||||
test_offset = 0;
|
||||
TEST_ASSERT( ctr_drbg_init( &ctx, entropy_func, entropy, add_init, add_init_len ) == 0 );
|
||||
TEST_ASSERT( ctr_drbg_init_entropy_len( &ctx, entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
|
||||
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
|
||||
|
||||
TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
|
||||
@ -66,7 +75,7 @@ ctr_drbg_validate_nopr:add_init_string:entropy_string:add1_string:add_reseed_str
|
||||
add2_len = unhexify( add2, {add2_string} );
|
||||
|
||||
test_offset = 0;
|
||||
TEST_ASSERT( ctr_drbg_init( &ctx, entropy_func, entropy, add_init, add_init_len ) == 0 );
|
||||
TEST_ASSERT( ctr_drbg_init_entropy_len( &ctx, entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
|
||||
|
||||
TEST_ASSERT( ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
|
||||
TEST_ASSERT( ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
|
||||
|
@ -35,7 +35,7 @@ debug_print_crt:crt_file:file:line:prefix:result_str
|
||||
|
||||
ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
debug_print_crt( &ssl, 0, {file}, {line}, {prefix}, &crt);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, {result_str} ) == 0 );
|
||||
|
@ -38,7 +38,7 @@ x509_cert_info:crt_file:result_str
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
res = x509parse_cert_info( buf, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
@ -81,8 +81,8 @@ x509_verify:crt_file:ca_file:crl_file:cn_name:result:flags:verify_callback
|
||||
memset( &ca, 0, sizeof( x509_cert ) );
|
||||
memset( &crl, 0, sizeof( x509_crl ) );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &ca, {ca_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &ca, {ca_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
|
||||
|
||||
res = x509parse_verify( &crt, &ca, &crl, {cn_name}, &flags, {verify_callback}, NULL );
|
||||
@ -102,7 +102,7 @@ x509_dn_gets:crt_file:entity:result_str
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
res = x509parse_dn_gets( buf, 2000, &crt.{entity} );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
@ -119,7 +119,7 @@ x509_time_expired:crt_file:entity:result
|
||||
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_time_expired( &crt.{entity} ) == {result} );
|
||||
}
|
||||
END_CASE
|
||||
@ -176,7 +176,7 @@ x509parse_crt:crt_data:result_str:result
|
||||
|
||||
data_len = unhexify( buf, {crt_data} );
|
||||
|
||||
TEST_ASSERT( x509parse_crt( &crt, buf, data_len, X509_NON_PERMISSIVE ) == ( {result} ) );
|
||||
TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
|
||||
if( ( {result} ) == 0 )
|
||||
{
|
||||
res = x509parse_cert_info( (char *) output, 2000, "", &crt );
|
||||
|
Loading…
Reference in New Issue
Block a user