mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 15:24:18 +01:00
Merged trunk changes for 1.2
This commit is contained in:
commit
d10ff14355
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
CMakeCache.txt
|
||||||
|
CMakeFiles
|
||||||
|
CTestTestfile.cmake
|
||||||
|
cmake_install.cmake
|
||||||
|
Testing
|
@ -10,6 +10,8 @@ Bugfixes
|
|||||||
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
|
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
|
||||||
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
|
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
|
||||||
Pégourié-Gonnard)
|
Pégourié-Gonnard)
|
||||||
|
* Fixed possible segfault in mpi_shift_r() (found by Manuel
|
||||||
|
Pégourié-Gonnard)
|
||||||
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
|
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
|
||||||
|
|
||||||
= Version 1.2.0 released 2012-10-31
|
= Version 1.2.0 released 2012-10-31
|
||||||
|
1
include/.gitignore
vendored
Normal file
1
include/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
Makefile
|
@ -720,20 +720,22 @@ void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
|
|||||||
* \brief Set the data required to verify peer certificate
|
* \brief Set the data required to verify peer certificate
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param ca_chain trusted CA chain
|
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
|
||||||
* \param ca_crl trusted CA CRLs
|
* \param ca_crl trusted CA CRLs
|
||||||
* \param peer_cn expected peer CommonName (or NULL)
|
* \param peer_cn expected peer CommonName (or NULL)
|
||||||
*
|
|
||||||
* \note TODO: add two more parameters: depth and crl
|
|
||||||
*/
|
*/
|
||||||
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
||||||
x509_crl *ca_crl, const char *peer_cn );
|
x509_crl *ca_crl, const char *peer_cn );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set own certificate and private key
|
* \brief Set own certificate chain and private key
|
||||||
|
*
|
||||||
|
* Note: own_cert should contain IN order from the bottom
|
||||||
|
* up your certificate chain. The top certificate (self-signed)
|
||||||
|
* can be omitted.
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param own_cert own public certificate
|
* \param own_cert own public certificate chain
|
||||||
* \param rsa_key own private RSA key
|
* \param rsa_key own private RSA key
|
||||||
*/
|
*/
|
||||||
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||||
@ -747,8 +749,12 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
|||||||
* of the callback parameters, with the only change being
|
* of the callback parameters, with the only change being
|
||||||
* that the rsa_context * is a void * in the callbacks)
|
* that the rsa_context * is a void * in the callbacks)
|
||||||
*
|
*
|
||||||
|
* Note: own_cert should contain IN order from the bottom
|
||||||
|
* up your certificate chain. The top certificate (self-signed)
|
||||||
|
* can be omitted.
|
||||||
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param own_cert own public certificate
|
* \param own_cert own public certificate chain
|
||||||
* \param rsa_key alternate implementation private RSA key
|
* \param rsa_key alternate implementation private RSA key
|
||||||
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decrypt()
|
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decrypt()
|
||||||
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
|
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
|
||||||
|
2
library/.gitignore
vendored
Normal file
2
library/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
*.o
|
||||||
|
libpolarssl*
|
@ -611,6 +611,9 @@ int mpi_shift_r( mpi *X, size_t count )
|
|||||||
v0 = count / biL;
|
v0 = count / biL;
|
||||||
v1 = count & (biL - 1);
|
v1 = count & (biL - 1);
|
||||||
|
|
||||||
|
if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
|
||||||
|
return mpi_lset( X, 0 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* shift by count / limb_size
|
* shift by count / limb_size
|
||||||
*/
|
*/
|
||||||
|
39
programs/.gitignore
vendored
Normal file
39
programs/.gitignore
vendored
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
*/Makefile
|
||||||
|
aes/aescrypt2
|
||||||
|
aes/crypt_and_hash
|
||||||
|
hash/generic_sum
|
||||||
|
hash/hello
|
||||||
|
hash/md5sum
|
||||||
|
hash/sha1sum
|
||||||
|
hash/sha2sum
|
||||||
|
pkey/dh_client
|
||||||
|
pkey/dh_genprime
|
||||||
|
pkey/dh_server
|
||||||
|
pkey/key_app
|
||||||
|
pkey/key_app_writer
|
||||||
|
pkey/mpi_demo
|
||||||
|
pkey/rsa_decrypt
|
||||||
|
pkey/rsa_encrypt
|
||||||
|
pkey/rsa_genkey
|
||||||
|
pkey/rsa_sign
|
||||||
|
pkey/rsa_sign_pss
|
||||||
|
pkey/rsa_verify
|
||||||
|
pkey/rsa_verify_pss
|
||||||
|
random/gen_entropy
|
||||||
|
random/gen_random_ctr_drbg
|
||||||
|
random/gen_random_havege
|
||||||
|
ssl/ssl_client1
|
||||||
|
ssl/ssl_client2
|
||||||
|
ssl/ssl_fork_server
|
||||||
|
ssl/ssl_mail_client
|
||||||
|
ssl/ssl_server
|
||||||
|
ssl/ssl_server2
|
||||||
|
test/benchmark
|
||||||
|
test/o_p_test
|
||||||
|
test/selftest
|
||||||
|
test/ssl_cert_test
|
||||||
|
test/ssl_test
|
||||||
|
util/strerror
|
||||||
|
x509/cert_app
|
||||||
|
x509/cert_req
|
||||||
|
x509/crl_app
|
@ -37,6 +37,7 @@
|
|||||||
#include "polarssl/entropy.h"
|
#include "polarssl/entropy.h"
|
||||||
#include "polarssl/ctr_drbg.h"
|
#include "polarssl/ctr_drbg.h"
|
||||||
#include "polarssl/error.h"
|
#include "polarssl/error.h"
|
||||||
|
#include "polarssl/certs.h"
|
||||||
|
|
||||||
#define SERVER_PORT 4433
|
#define SERVER_PORT 4433
|
||||||
#define SERVER_NAME "localhost"
|
#define SERVER_NAME "localhost"
|
||||||
@ -78,6 +79,7 @@ int main( int argc, char *argv[] )
|
|||||||
entropy_context entropy;
|
entropy_context entropy;
|
||||||
ctr_drbg_context ctr_drbg;
|
ctr_drbg_context ctr_drbg;
|
||||||
ssl_context ssl;
|
ssl_context ssl;
|
||||||
|
x509_cert cacert;
|
||||||
|
|
||||||
((void) argc);
|
((void) argc);
|
||||||
((void) argv);
|
((void) argv);
|
||||||
@ -86,6 +88,7 @@ int main( int argc, char *argv[] )
|
|||||||
* 0. Initialize the RNG and the session data
|
* 0. Initialize the RNG and the session data
|
||||||
*/
|
*/
|
||||||
memset( &ssl, 0, sizeof( ssl_context ) );
|
memset( &ssl, 0, sizeof( ssl_context ) );
|
||||||
|
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||||
|
|
||||||
printf( "\n . Seeding the random number generator..." );
|
printf( "\n . Seeding the random number generator..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
@ -100,6 +103,28 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
printf( " ok\n" );
|
printf( " ok\n" );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 0. Initialize certificates
|
||||||
|
*/
|
||||||
|
printf( " . Loading the CA root certificate ..." );
|
||||||
|
fflush( stdout );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CERTS_C)
|
||||||
|
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||||
|
strlen( test_ca_crt ) );
|
||||||
|
#else
|
||||||
|
ret = 1;
|
||||||
|
printf("POLARSSL_CERTS_C not defined.");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if( ret < 0 )
|
||||||
|
{
|
||||||
|
printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf( " ok (%d skipped)\n", ret );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 1. Start the connection
|
* 1. Start the connection
|
||||||
*/
|
*/
|
||||||
@ -131,13 +156,57 @@ int main( int argc, char *argv[] )
|
|||||||
printf( " ok\n" );
|
printf( " ok\n" );
|
||||||
|
|
||||||
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
|
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
|
||||||
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
|
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
|
||||||
|
ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
|
||||||
|
|
||||||
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
|
||||||
ssl_set_dbg( &ssl, my_debug, stdout );
|
ssl_set_dbg( &ssl, my_debug, stdout );
|
||||||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||||
net_send, &server_fd );
|
net_send, &server_fd );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 4. Handshake
|
||||||
|
*/
|
||||||
|
printf( " . Performing the SSL/TLS handshake..." );
|
||||||
|
fflush( stdout );
|
||||||
|
|
||||||
|
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
|
||||||
|
{
|
||||||
|
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
printf( " ok\n" );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 5. Verify the server certificate
|
||||||
|
*/
|
||||||
|
printf( " . Verifying peer X.509 certificate..." );
|
||||||
|
|
||||||
|
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
|
||||||
|
{
|
||||||
|
printf( " failed\n" );
|
||||||
|
|
||||||
|
if( ( ret & BADCERT_EXPIRED ) != 0 )
|
||||||
|
printf( " ! server certificate has expired\n" );
|
||||||
|
|
||||||
|
if( ( ret & BADCERT_REVOKED ) != 0 )
|
||||||
|
printf( " ! server certificate has been revoked\n" );
|
||||||
|
|
||||||
|
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
|
||||||
|
printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
|
||||||
|
|
||||||
|
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
|
||||||
|
printf( " ! self-signed or not signed by a trusted CA\n" );
|
||||||
|
|
||||||
|
printf( "\n" );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
printf( " ok\n" );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 3. Write the GET request
|
* 3. Write the GET request
|
||||||
*/
|
*/
|
||||||
@ -206,6 +275,7 @@ exit:
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
x509_free( &cacert );
|
||||||
net_close( server_fd );
|
net_close( server_fd );
|
||||||
ssl_free( &ssl );
|
ssl_free( &ssl );
|
||||||
|
|
||||||
|
@ -127,9 +127,12 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags )
|
|||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" ca_path=%%s default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" crt_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
|
@ -184,9 +184,12 @@ int my_ciphersuites[] =
|
|||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" ca_path=%%s default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" crt_file=%%s default: \"\" (pre-loaded)\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
|
2
tests/.gitignore
vendored
Normal file
2
tests/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
test_suite*
|
||||||
|
data_files/mpi_write
|
@ -309,6 +309,18 @@ mpi_shift_r:10:"128":1:10:"64"
|
|||||||
Test mpi_shift_r #2
|
Test mpi_shift_r #2
|
||||||
mpi_shift_r:10:"120815570979701484704906977000760567182871429114712069861589084706550626575967516787438008593490722779337547394120718248995900363209947025063336882559539208430319216688889117222633155838468458047056355241515415159736436403445579777425189969":45:10:"3433785053053426415343295076376096153094051405637175942660777670498379921354157795219578264137985649407981651226029903483433269093721578004287291678324982297860947730012217028349628999378309630601971640587504883789518896817457"
|
mpi_shift_r:10:"120815570979701484704906977000760567182871429114712069861589084706550626575967516787438008593490722779337547394120718248995900363209947025063336882559539208430319216688889117222633155838468458047056355241515415159736436403445579777425189969":45:10:"3433785053053426415343295076376096153094051405637175942660777670498379921354157795219578264137985649407981651226029903483433269093721578004287291678324982297860947730012217028349628999378309630601971640587504883789518896817457"
|
||||||
|
|
||||||
|
Test mpi_shift_r #4
|
||||||
|
mpi_shift_r:16:"FFFFFFFFFFFFFFFF":63:16:"01"
|
||||||
|
|
||||||
|
Test mpi_shift_r #4
|
||||||
|
mpi_shift_r:16:"FFFFFFFFFFFFFFFF":64:16:"00"
|
||||||
|
|
||||||
|
Test mpi_shift_r #6
|
||||||
|
mpi_shift_r:16:"FFFFFFFFFFFFFFFF":65:16:"00"
|
||||||
|
|
||||||
|
Test mpi_shift_r #7
|
||||||
|
mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00"
|
||||||
|
|
||||||
Base test mpi_mul_mpi #1
|
Base test mpi_mul_mpi #1
|
||||||
mpi_mul_mpi:10:"5":10:"7":10:"35"
|
mpi_mul_mpi:10:"5":10:"7":10:"35"
|
||||||
|
|
||||||
|
@ -162,7 +162,7 @@ mpi_set_bit:radix_X:input_X:pos:val:radix_Y:output_Y
|
|||||||
TEST_ASSERT( mpi_set_bit( &X, {pos}, {val} ) == 0 );
|
TEST_ASSERT( mpi_set_bit( &X, {pos}, {val} ) == 0 );
|
||||||
TEST_ASSERT( mpi_cmp_mpi( &X, &Y ) == 0 );
|
TEST_ASSERT( mpi_cmp_mpi( &X, &Y ) == 0 );
|
||||||
|
|
||||||
mpi_free( &X );
|
mpi_free( &X ); mpi_free( &Y );
|
||||||
}
|
}
|
||||||
END_CASE
|
END_CASE
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user