From 36713e8ed9c6f2ba27ee9102346ac37dc2b04f5e Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 17 Sep 2013 13:25:29 +0200 Subject: [PATCH] Fixed bunch of X509_PARSE related defines / dependencies --- library/error.c | 19 ++++-------- programs/ssl/ssl_client1.c | 6 ++-- programs/ssl/ssl_client2.c | 30 +++++++++---------- programs/ssl/ssl_fork_server.c | 6 ++-- programs/ssl/ssl_mail_client.c | 8 +++--- programs/ssl/ssl_server.c | 7 +++-- programs/ssl/ssl_server2.c | 24 ++++++++-------- programs/test/o_p_test.c | 40 ++++++++++++++++---------- programs/test/ssl_cert_test.c | 32 +++++++++++---------- programs/test/ssl_test.c | 6 ++-- programs/x509/cert_app.c | 4 +-- programs/x509/cert_req.c | 4 ++- programs/x509/cert_write.c | 4 +-- programs/x509/crl_app.c | 2 +- programs/x509/req_app.c | 2 +- scripts/generate_errors.pl | 7 +++-- tests/suites/test_suite_debug.function | 4 +-- 17 files changed, 107 insertions(+), 98 deletions(-) diff --git a/library/error.c b/library/error.c index 7aeb84f70..ced87c595 100644 --- a/library/error.c +++ b/library/error.c @@ -145,14 +145,10 @@ #include "polarssl/ssl.h" #endif -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) #include "polarssl/x509.h" #endif -#if defined(POLARSSL_X509_WRITE_C) -#include "polarssl/x509write.h" -#endif - #if defined(POLARSSL_XTEA_C) #include "polarssl/xtea.h" #endif @@ -411,7 +407,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); #endif /* POLARSSL_SSL_TLS_C */ -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C) if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) ) snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_PEM) ) @@ -448,16 +444,13 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "X509 - Allocation of memory failed" ); if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) ) snprintf( buf, buflen, "X509 - Read/write of file failed" ); -#endif /* POLARSSL_X509_PARSE_C */ - -#if defined(POLARSSL_X509_WRITE_C) if( use_ret == -(POLARSSL_ERR_X509WRITE_UNKNOWN_OID) ) - snprintf( buf, buflen, "X509WRITE - Requested OID is unknown" ); + snprintf( buf, buflen, "X509 - Requested OID is unknown" ); if( use_ret == -(POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA) ) - snprintf( buf, buflen, "X509WRITE - Failed to allocate memory" ); + snprintf( buf, buflen, "X509 - Failed to allocate memory" ); if( use_ret == -(POLARSSL_ERR_X509WRITE_MALLOC_FAILED) ) - snprintf( buf, buflen, "X509WRITE - Failed to allocate memory" ); -#endif /* POLARSSL_X509_WRITE_C */ + snprintf( buf, buflen, "X509 - Failed to allocate memory" ); +#endif /* POLARSSL_X509_USE,X509_CREATE_C */ if( strlen( buf ) == 0 ) snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index aaebed6f9..b7a1e9a81 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -42,7 +42,7 @@ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C) + !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -51,7 +51,7 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C " + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C " "not defined.\n"); return( 0 ); } @@ -278,7 +278,7 @@ exit: } #endif - x509_free( &cacert ); + x509_crt_free( &cacert ); net_close( server_fd ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 7d25de6d9..5ee97b738 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -111,7 +111,7 @@ static void my_debug( void *ctx, int level, const char *str ) } } -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) /* * Enabled if debug_level > 1 in code below */ @@ -150,9 +150,9 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags ) return( 0 ); } -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -168,7 +168,7 @@ static int my_verify( void *data, x509_cert *crt, int depth, int *flags ) #endif /* POLARSSL_FS_IO */ #else #define USAGE_IO "" -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #define USAGE_PSK \ @@ -254,7 +254,7 @@ int main( int argc, char *argv[] ) ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session saved_session; -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) x509_cert cacert; x509_cert clicert; pk_context pkey; @@ -268,7 +268,7 @@ int main( int argc, char *argv[] ) server_fd = 0; memset( &ssl, 0, sizeof( ssl_context ) ); memset( &saved_session, 0, sizeof( ssl_session ) ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) ); pk_init( &pkey ); @@ -565,7 +565,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) /* * 1.1. Load the trusted CA */ @@ -645,7 +645,7 @@ int main( int argc, char *argv[] ) } printf( " ok\n" ); -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ /* * 2. Start the connection @@ -677,7 +677,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) if( opt.debug_level > 0 ) ssl_set_verify( &ssl, my_verify, NULL ); #endif @@ -709,7 +709,7 @@ int main( int argc, char *argv[] ) ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); ssl_set_own_cert( &ssl, &clicert, &pkey ); #endif @@ -760,7 +760,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); } -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) /* * 5. Verify the server certificate */ @@ -794,7 +794,7 @@ int main( int argc, char *argv[] ) ssl_get_peer_cert( &ssl ) ); printf( "%s\n", buf ); } -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ /* * 6. Write the GET request @@ -910,9 +910,9 @@ exit: if( server_fd ) net_close( server_fd ); -#if defined(POLARSSL_X509_PARSE_C) - x509_free( &clicert ); - x509_free( &cacert ); +#if defined(POLARSSL_X509_CRT_PARSE_C) + x509_crt_free( &clicert ); + x509_crt_free( &cacert ); pk_free( &pkey ); #endif ssl_session_free( &saved_session ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b37ddb019..af9cef647 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -56,7 +56,7 @@ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_TIMING_C) + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -65,7 +65,7 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C and/or " + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or " "POLARSSL_TIMING_C not defined.\n"); return( 0 ); } @@ -362,7 +362,7 @@ int main( int argc, char *argv[] ) exit: net_close( client_fd ); - x509_free( &srvcert ); + x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 2440d271f..f9465caa0 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -58,7 +58,7 @@ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C) + !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -67,7 +67,7 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C " + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C " "not defined.\n"); return( 0 ); } @@ -790,8 +790,8 @@ exit: if( server_fd ) net_close( server_fd ); - x509_free( &clicert ); - x509_free( &cacert ); + x509_crt_free( &clicert ); + x509_crt_free( &cacert ); pk_free( &pkey ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index a215a9e19..38fa2f263 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -53,7 +53,7 @@ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ - !defined(POLARSSL_X509_PARSE_C) + !defined(POLARSSL_X509_CRT_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -62,7 +62,8 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C " + "not defined.\n"); return( 0 ); } #else @@ -364,7 +365,7 @@ exit: #endif net_close( client_fd ); - x509_free( &srvcert ); + x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); #if defined(POLARSSL_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7e3ced6c0..a7dfa5f8a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -118,7 +118,7 @@ static void my_debug( void *ctx, int level, const char *str ) } } -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -136,7 +136,7 @@ static void my_debug( void *ctx, int level, const char *str ) #endif /* POLARSSL_FS_IO */ #else #define USAGE_IO "" -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #define USAGE_PSK \ @@ -212,7 +212,7 @@ int main( int argc, char *argv[] ) entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) x509_cert cacert; x509_cert srvcert; pk_context pkey; @@ -236,7 +236,7 @@ int main( int argc, char *argv[] ) * Make sure memory references are valid. */ listen_fd = 0; -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &srvcert, 0, sizeof( x509_cert ) ); pk_init( &pkey ); @@ -516,7 +516,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) /* * 1.1. Load the trusted CA */ @@ -594,7 +594,7 @@ int main( int argc, char *argv[] ) } printf( " ok\n" ); -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ /* * 2. Setup the listening TCP socket @@ -647,7 +647,7 @@ int main( int argc, char *argv[] ) ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &pkey ); #endif @@ -747,7 +747,7 @@ reset: printf( " ok\n [ Ciphersuite is %s ]\n", ssl_get_ciphersuite( &ssl ) ); -#if defined(POLARSSL_X509_PARSE_C) +#if defined(POLARSSL_X509_CRT_PARSE_C) /* * 5. Verify the server certificate */ @@ -781,7 +781,7 @@ reset: ssl_get_peer_cert( &ssl ) ); printf( "%s\n", buf ); } -#endif /* POLARSSL_X509_PARSE_C */ +#endif /* POLARSSL_X509_CRT_PARSE_C */ /* * 6. Read the HTTP Request @@ -877,9 +877,9 @@ exit: #endif net_close( client_fd ); -#if defined(POLARSSL_X509_PARSE_C) - x509_free( &srvcert ); - x509_free( &cacert ); +#if defined(POLARSSL_X509_CRT_PARSE_C) + x509_crt_free( &srvcert ); + x509_crt_free( &cacert ); pk_free( &pkey ); #endif diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c index 894494036..dd488d7ac 100644 --- a/programs/test/o_p_test.c +++ b/programs/test/o_p_test.c @@ -40,20 +40,20 @@ #include "polarssl/config.h" +#include "polarssl/pk.h" #include "polarssl/x509.h" -#include "polarssl/rsa.h" #include "polarssl/entropy.h" #include "polarssl/ctr_drbg.h" #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) + !defined(POLARSSL_PK_PARSE_C) || !defined(POLARSSL_FS_IO) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_PK_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); return( 0 ); } #else @@ -62,7 +62,8 @@ int main( int argc, char *argv[] ) int ret; FILE *key_file; size_t olen; - rsa_context p_rsa; + pk_context p_pk; + rsa_context *p_rsa; RSA *o_rsa; entropy_context entropy; ctr_drbg_context ctr_drbg; @@ -103,14 +104,23 @@ int main( int argc, char *argv[] ) printf( " . Reading private key from %s into PolarSSL ...", argv[1] ); fflush( stdout ); - rsa_init( &p_rsa, RSA_PKCS_V15, 0 ); - if( x509parse_keyfile_rsa( &p_rsa, argv[1], NULL ) != 0 ) + pk_init( &p_pk ); + if( pk_parse_keyfile( &p_pk, argv[1], NULL ) != 0 ) { ret = 1; printf( " failed\n ! Could not load key.\n\n" ); goto exit; } + if( !pk_can_do( &p_pk, POLARSSL_PK_RSA ) ) + { + ret = 1; + printf( " failed\n ! Key is not an RSA key\n" ); + goto exit; + } + + p_rsa = pk_rsa( p_pk ); + printf( " passed\n"); printf( " . Reading private key from %s into OpenSSL ...", argv[1] ); @@ -143,7 +153,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA encrypted value with PolarSSL (RSA_PUBLIC) ..." ); fflush( stdout ); - if( ( ret = rsa_pkcs1_encrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, strlen( argv[1] ), input, p_pub_encrypted ) ) != 0 ) + if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, strlen( argv[2] ), input, p_pub_encrypted ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret ); goto exit; @@ -154,7 +164,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA encrypted value with OpenSSL (PUBLIC) ..." ); fflush( stdout ); - if( ( ret = RSA_public_encrypt( strlen( argv[1] ), input, o_pub_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) + if( ( ret = RSA_public_encrypt( strlen( argv[2] ), input, o_pub_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) { unsigned long code = ERR_get_error(); printf( " failed\n ! RSA_public_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) ); @@ -169,7 +179,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA encrypted value with PolarSSL (RSA_PRIVATE) ..." ); fflush( stdout ); - if( ( ret = rsa_pkcs1_encrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, strlen( argv[1] ), input, p_priv_encrypted ) ) != 0 ) + if( ( ret = rsa_pkcs1_encrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, strlen( argv[2] ), input, p_priv_encrypted ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret ); goto exit; @@ -180,7 +190,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA encrypted value with OpenSSL (PRIVATE) ..." ); fflush( stdout ); - if( ( ret = RSA_private_encrypt( strlen( argv[1] ), input, o_priv_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) + if( ( ret = RSA_private_encrypt( strlen( argv[2] ), input, o_priv_encrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) { unsigned long code = ERR_get_error(); printf( " failed\n ! RSA_private_encrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) ); @@ -197,7 +207,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA decrypted value for OpenSSL (PUBLIC) with PolarSSL (PRIVATE) ..." ); fflush( stdout ); - if( ( ret = rsa_pkcs1_decrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 ) + if( ( ret = rsa_pkcs1_decrypt( p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret ); } @@ -207,7 +217,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA decrypted value for PolarSSL (PUBLIC) with OpenSSL (PRIVATE) ..." ); fflush( stdout ); - if( ( ret = RSA_private_decrypt( p_rsa.len, p_pub_encrypted, o_pub_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) + if( ( ret = RSA_private_decrypt( p_rsa->len, p_pub_encrypted, o_pub_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) { unsigned long code = ERR_get_error(); printf( " failed\n ! RSA_private_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) ); @@ -221,7 +231,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA decrypted value for OpenSSL (PRIVATE) with PolarSSL (PUBLIC) ..." ); fflush( stdout ); - if( ( ret = rsa_pkcs1_decrypt( &p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 ) + if( ( ret = rsa_pkcs1_decrypt( p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret ); } @@ -231,7 +241,7 @@ int main( int argc, char *argv[] ) printf( " . Generating the RSA decrypted value for PolarSSL (PRIVATE) with OpenSSL (PUBLIC) ..." ); fflush( stdout ); - if( ( ret = RSA_public_decrypt( p_rsa.len, p_priv_encrypted, o_priv_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) + if( ( ret = RSA_public_decrypt( p_rsa->len, p_priv_encrypted, o_priv_decrypted, o_rsa, RSA_PKCS1_PADDING ) ) == -1 ) { unsigned long code = ERR_get_error(); printf( " failed\n ! RSA_public_decrypt returned %d %s\n\n", ret, ERR_error_string( code, NULL ) ); @@ -255,4 +265,4 @@ exit: return( ret ); } #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && - POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ + POLARSSL_PK_PARSE_C && POLARSSL_FS_IO */ diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index a77a314ad..f1044cf15 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -33,7 +33,7 @@ #include "polarssl/config.h" #include "polarssl/certs.h" -#include "polarssl/x509.h" +#include "polarssl/x509_crt.h" #if defined _MSC_VER && !defined snprintf #define snprintf _snprintf @@ -66,14 +66,16 @@ const char *client_private_keys[MAX_CLIENT_CERTS] = }; #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PK_PARSE_C) || \ + !defined(POLARSSL_FS_IO) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_PK_PARSE_C not defined.\n"); return( 0 ); } #else @@ -138,10 +140,10 @@ int main( int argc, char *argv[] ) char name[512]; int flags; x509_cert clicert; - rsa_context rsa; + pk_context pk; memset( &clicert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pk ); snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]); @@ -196,10 +198,10 @@ int main( int argc, char *argv[] ) printf( " . Loading the client private key %s...", name ); fflush( stdout ); - ret = x509parse_keyfile_rsa( &rsa, name, NULL ); + ret = pk_parse_keyfile( &pk, name, NULL ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret ); + printf( " failed\n ! pk_parse_keyfile returned %d\n\n", ret ); goto exit; } @@ -220,21 +222,21 @@ int main( int argc, char *argv[] ) goto exit; } - ret = mpi_cmp_mpi(&rsa.N, &pk_rsa( clicert.pk )->N); + ret = mpi_cmp_mpi(&pk_rsa( pk )->N, &pk_rsa( clicert.pk )->N); if( ret != 0 ) { printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret ); goto exit; } - ret = mpi_cmp_mpi(&rsa.E, &pk_rsa( clicert.pk )->E); + ret = mpi_cmp_mpi(&pk_rsa( pk )->E, &pk_rsa( clicert.pk )->E); if( ret != 0 ) { printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret ); goto exit; } - ret = rsa_check_privkey( &rsa ); + ret = rsa_check_privkey( pk_rsa( pk ) ); if( ret != 0 ) { printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret ); @@ -243,12 +245,12 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); - x509_free( &clicert ); - rsa_free( &rsa ); + x509_crt_free( &clicert ); + pk_free( &pk ); } exit: - x509_free( &cacert ); + x509_crt_free( &cacert ); x509_crl_free( &crl ); #if defined(_WIN32) @@ -258,5 +260,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C && - POLARSSL_FS_IO */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && + POLARSSL_FS_IO && POLARSSL_PK_PARSE_C */ diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 6221576d8..9d6391d54 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -46,7 +46,7 @@ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ - !defined(POLARSSL_X509_PARSE_C) + !defined(POLARSSL_X509_CRT_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -56,7 +56,7 @@ int main( int argc, char *argv[] ) "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or " "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or " - "POLARSSL_X509_PARSE_C not defined.\n"); + "POLARSSL_X509_CRT_PARSE_C not defined.\n"); return( 0 ); } #else @@ -400,7 +400,7 @@ exit: free( write_buf ); ssl_close_notify( &ssl ); - x509_free( &srvcert ); + x509_crt_free( &srvcert ); pk_free( &pkey ); ssl_free( &ssl ); net_close( client_fd ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 9bfbdbfd4..add75a0a6 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -159,7 +159,7 @@ int main( int argc, char *argv[] ) x509_cert cacert; x509_cert clicert; pk_context pkey; - int i, j, n; + int i, j; int flags, verify = 0; char *p, *q; const char *pers = "cert_app"; @@ -460,4 +460,4 @@ exit: } #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C && - POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ + POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index ff651980a..df8d05ca9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -39,6 +39,7 @@ #include "polarssl/error.h" #if !defined(POLARSSL_X509_CSR_WRITE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_PK_PARSE_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { @@ -46,6 +47,7 @@ int main( int argc, char *argv[] ) ((void) argv); printf( "POLARSSL_X509_CSR_WRITE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_PK_PARSE_C and/or " "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C " "not defined.\n"); return( 0 ); @@ -339,5 +341,5 @@ exit: return( ret ); } -#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && +#endif /* POLARSSL_X509_CSR_WRITE_C && POLARSSL_PK_PARSE_C && POLARSSL_FS_IO && POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 0cc6482aa..c276321b6 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -649,6 +649,6 @@ exit: return( ret ); } -#endif /* POLARSSL_X509_WRITE_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && - POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C && +#endif /* POLARSSL_X509_CRT_WRITE_C && POLARSSL_X509_CRT_PARSE_C && + POLARSSL_FS_IO && POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C && POLARSSL_ERROR_C */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 98edb2d45..1cb9828d1 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -149,5 +149,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CRL_PARSE_C && POLARSSL_FS_IO */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index a3f762c40..5e05d60fe 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -149,5 +149,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_PARSE_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_X509_CSR_PARSE_C && POLARSSL_FS_IO */ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 81b9209cf..4c6a67a1a 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -13,7 +13,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512", "GCM" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", - "PK", "PKCS12", "PKCS5", "X509WRITE" ); + "PK", "PKCS12", "PKCS5", "X509_CREATE" ); my $line_separator = $/; undef $/; @@ -36,6 +36,7 @@ my $headers = ""; while (my $line = ) { + next if ($line =~ /compat-1.2.h/); my ($error_name, $error_code) = $line =~ /(POLARSSL_ERR_\w+)\s+\-(0x\w+)/; my ($description) = $line =~ /\/\*\*< (.*?)\.? \*\//; $description =~ s/\\/\\\\/g; @@ -46,10 +47,10 @@ while (my $line = ) # Fix faulty ones $module_name = "BIGNUM" if ($module_name eq "MPI"); $module_name = "CTR_DRBG" if ($module_name eq "CTR"); + $module_name = "X509" if ($module_name eq "X509WRITE"); my $define_name = $module_name; - $define_name = "X509_PARSE" if ($define_name eq "X509"); - $define_name = "X509_WRITE" if ($define_name eq "X509WRITE"); + $define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509"); $define_name = "ASN1_PARSE" if ($define_name eq "ASN1"); $define_name = "SSL_TLS" if ($define_name eq "SSL"); $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index dba9c5e07..eb916baca 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -22,7 +22,7 @@ void string_debug(void *data, int level, const char *str) * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_PARSE_C */ +/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ void debug_print_crt( char *crt_file, char *file, int line, char *prefix, char *result_str ) { @@ -42,7 +42,7 @@ void debug_print_crt( char *crt_file, char *file, int line, char *prefix, TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 ); - x509_free( &crt ); + x509_crt_free( &crt ); } /* END_CASE */