mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-08 22:55:33 +00:00
- Merged changesets 1399 up to and including 1415 into 1.2 branch
This commit is contained in:
parent
97872aceb6
commit
9a73632fd9
|
@ -1,9 +1,16 @@
|
|||
PolarSSL ChangeLog
|
||||
|
||||
= Version Trunk
|
||||
= Version 1.2.1 released 2012-11-13
|
||||
Changes
|
||||
* Depth that the certificate verify callback receives is now numbered
|
||||
bottom-up (Peer cert depth is 0)
|
||||
|
||||
Bugfixes
|
||||
* Fixes for MSVC6
|
||||
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
|
||||
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
|
||||
Pégourié-Gonnard)
|
||||
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
|
||||
|
||||
= Version 1.2.0 released 2012-10-31
|
||||
Features
|
||||
|
|
12
Makefile
12
Makefile
|
@ -32,6 +32,18 @@ install:
|
|||
fi \
|
||||
done
|
||||
|
||||
uninstall:
|
||||
rm -rf $(DESTDIR)/include/polarssl
|
||||
rm -f $(DESTDIR)/lib/libpolarssl.*
|
||||
|
||||
for p in programs/*/* ; do \
|
||||
if [ -x $$p ] && [ ! -d $$p ] ; \
|
||||
then \
|
||||
f=$(PREFIX)`basename $$p` ; \
|
||||
rm -f $(DESTDIR)/bin/$$f ; \
|
||||
fi \
|
||||
done
|
||||
|
||||
clean:
|
||||
cd library && $(MAKE) clean && cd ..
|
||||
cd programs && $(MAKE) clean && cd ..
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage PolarSSL v1.2.0 source code documentation
|
||||
* @mainpage PolarSSL v1.2.1 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of PolarSSL. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
@ -21,7 +21,7 @@
|
|||
*
|
||||
* @section mainpage_modules Modules
|
||||
*
|
||||
* PolarSSL supports SSLv3 up to TLSv1.1 communication by providing the
|
||||
* PolarSSL supports SSLv3 up to TLSv1.2 communication by providing the
|
||||
* following:
|
||||
* - TCP/IP communication functions: listen, connect, accept, read/write.
|
||||
* - SSL/TLS communication functions: init, handshake, read/write.
|
||||
|
|
|
@ -25,7 +25,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
|
||||
# by quotes) that should identify the project.
|
||||
|
||||
PROJECT_NAME = "PolarSSL v1.2.0"
|
||||
PROJECT_NAME = "PolarSSL v1.2.1"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
|
|
@ -141,7 +141,7 @@ int aes_crypt_cfb128( aes_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief AES-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
|
|
|
@ -66,7 +66,7 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keyle
|
|||
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
|
|
|
@ -223,7 +223,7 @@ void mpi_swap( mpi *X, mpi *Y );
|
|||
*/
|
||||
int mpi_lset( mpi *X, t_sint z );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Get a specific bit from X
|
||||
*
|
||||
* \param X MPI to use
|
||||
|
@ -233,7 +233,7 @@ int mpi_lset( mpi *X, t_sint z );
|
|||
*/
|
||||
int mpi_get_bit( const mpi *X, size_t pos );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Set a bit of X to a specific value of 0 or 1
|
||||
*
|
||||
* \note Will grow X if necessary to set a bit to 1 in a not yet
|
||||
|
|
|
@ -129,7 +129,7 @@ int blowfish_crypt_cfb64( blowfish_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Blowfish-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
|
|
|
@ -139,7 +139,7 @@ int camellia_crypt_cfb128( camellia_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief CAMELLIA-CTR buffer encryption/decryption
|
||||
*
|
||||
* Warning: You have to keep the maximum use of your counter in mind!
|
||||
|
|
|
@ -150,7 +150,7 @@
|
|||
*
|
||||
* Enable weak ciphersuites in SSL / TLS
|
||||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* channels without virtually no security at all!
|
||||
* channels with virtually no security at all!
|
||||
*
|
||||
* This enables the following ciphersuites:
|
||||
* TLS_RSA_WITH_DES_CBC_SHA
|
||||
|
@ -345,7 +345,7 @@
|
|||
/**
|
||||
* \def POLARSSL_BIGNUM_C
|
||||
*
|
||||
* Enable the multo-precision integer library.
|
||||
* Enable the multi-precision integer library.
|
||||
*
|
||||
* Module: library/bignum.c
|
||||
* Caller: library/dhm.c
|
||||
|
@ -738,7 +738,7 @@
|
|||
*/
|
||||
#define POLARSSL_SSL_CLI_C
|
||||
|
||||
/*
|
||||
/**
|
||||
* \def POLARSSL_SSL_SRV_C
|
||||
*
|
||||
* Enable the SSL/TLS server code.
|
||||
|
|
|
@ -220,7 +220,7 @@ int des3_crypt_cbc( des3_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
|
|
|
@ -225,7 +225,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
|
|||
int dhm_calc_secret( dhm_context *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Free the components of a DHM key
|
||||
*/
|
||||
void dhm_free( dhm_context *ctx );
|
||||
|
|
|
@ -104,7 +104,7 @@ int pkcs11_decrypt( pkcs11_context *ctx,
|
|||
int mode, size_t *olen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned int output_max_len );
|
||||
size_t output_max_len );
|
||||
|
||||
/**
|
||||
* \brief Do a private RSA to sign a message digest
|
||||
|
@ -134,7 +134,7 @@ int pkcs11_sign( pkcs11_context *ctx,
|
|||
*/
|
||||
static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned int output_max_len )
|
||||
size_t output_max_len )
|
||||
{
|
||||
return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output,
|
||||
output_max_len );
|
||||
|
|
|
@ -167,6 +167,9 @@ extern "C" {
|
|||
/**
|
||||
* \brief Initialize an RSA context
|
||||
*
|
||||
* Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
|
||||
* encryption scheme and the RSASSA-PSS signature scheme.
|
||||
*
|
||||
* \param ctx RSA context to be initialized
|
||||
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21
|
||||
* \param hash_id RSA_PKCS_V21 hash identifier
|
||||
|
|
|
@ -116,8 +116,8 @@
|
|||
#define SSL_LEGACY_RENEGOTIATION 0
|
||||
#define SSL_SECURE_RENEGOTIATION 1
|
||||
|
||||
#define SSL_RENEGOTIATION_ENABLED 0
|
||||
#define SSL_RENEGOTIATION_DISABLED 1
|
||||
#define SSL_RENEGOTIATION_DISABLED 0
|
||||
#define SSL_RENEGOTIATION_ENABLED 1
|
||||
|
||||
#define SSL_LEGACY_NO_RENEGOTIATION 0
|
||||
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
|
||||
|
@ -852,7 +852,8 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor );
|
|||
* (Default: SSL_RENEGOTIATION_DISABLED)
|
||||
*
|
||||
* Note: A server with support enabled is more vulnerable for a
|
||||
* resource DoS by a malicious client.
|
||||
* resource DoS by a malicious client. You should enable this on
|
||||
* a client to enable server-initiated renegotiation.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
|
||||
|
@ -883,8 +884,9 @@ void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
|
|||
* (Most secure option, interoperability issues)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION or
|
||||
* SSL_ALLOW_LEGACY_RENEGOTIATION)
|
||||
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
|
||||
* SSL_ALLOW_LEGACY_RENEGOTIATION or
|
||||
* SSL_LEGACY_BREAK_HANDSHAKE)
|
||||
*/
|
||||
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
|
||||
|
||||
|
@ -999,7 +1001,7 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
|
|||
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
|
||||
* \param message The alert message (SSL_ALERT_MSG_*)
|
||||
*
|
||||
* \return 1 if successful, or a specific SSL error code.
|
||||
* \return 0 if successful, or a specific SSL error code.
|
||||
*/
|
||||
int ssl_send_alert_message( ssl_context *ssl,
|
||||
unsigned char level,
|
||||
|
|
|
@ -39,16 +39,16 @@
|
|||
*/
|
||||
#define POLARSSL_VERSION_MAJOR 1
|
||||
#define POLARSSL_VERSION_MINOR 2
|
||||
#define POLARSSL_VERSION_PATCH 0
|
||||
#define POLARSSL_VERSION_PATCH 1
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define POLARSSL_VERSION_NUMBER 0x01020000
|
||||
#define POLARSSL_VERSION_STRING "1.2.0"
|
||||
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.0"
|
||||
#define POLARSSL_VERSION_NUMBER 0x01020100
|
||||
#define POLARSSL_VERSION_STRING "1.2.1"
|
||||
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.2.1"
|
||||
|
||||
#if defined(POLARSSL_VERSION_C)
|
||||
|
||||
|
|
|
@ -641,7 +641,7 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix,
|
|||
*/
|
||||
const char *x509_oid_get_description( x509_buf *oid );
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Give an OID, return a string version of its OID number.
|
||||
*
|
||||
* \param buf Buffer to write to
|
||||
|
@ -680,7 +680,7 @@ int x509parse_time_expired( const x509_time *time );
|
|||
* (void *parameter, x509_cert *crt, int certificate_depth,
|
||||
* int *flags). With the flags representing current flags for
|
||||
* that specific certificate and the certificate depth from
|
||||
* the top (Trust CA depth = 0).
|
||||
* the bottom (Peer cert depth = 0).
|
||||
*
|
||||
* All flags left after returning from the callback
|
||||
* are also returned to the application. The function should
|
||||
|
|
|
@ -97,7 +97,7 @@ int xtea_crypt_cbc( xtea_context *ctx,
|
|||
unsigned char *input,
|
||||
unsigned char *output);
|
||||
|
||||
/*
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
|
|
|
@ -57,7 +57,7 @@ add_library(polarssl STATIC ${src})
|
|||
else(NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
||||
add_library(polarssl SHARED ${src})
|
||||
set_target_properties(polarssl PROPERTIES VERSION 1.2.0 SOVERSION 2)
|
||||
set_target_properties(polarssl PROPERTIES VERSION 1.2.1 SOVERSION 2)
|
||||
|
||||
endif(NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
||||
|
|
|
@ -18,7 +18,9 @@ endif
|
|||
# CFLAGS += -D_BSD_EXTENSION
|
||||
|
||||
# To compile as a shared library:
|
||||
# CFLAGS += -fPIC
|
||||
ifdef SHARED
|
||||
CFLAGS += -fPIC
|
||||
endif
|
||||
|
||||
SONAME=libpolarssl.so.0
|
||||
|
||||
|
@ -51,7 +53,11 @@ OBJS= aes.o arc4.o asn1parse.o \
|
|||
|
||||
.SILENT:
|
||||
|
||||
ifndef SHARED
|
||||
all: static
|
||||
else
|
||||
all: shared
|
||||
endif
|
||||
|
||||
static: libpolarssl.a
|
||||
|
||||
|
|
|
@ -1195,9 +1195,9 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
|
|||
if( R != NULL )
|
||||
{
|
||||
mpi_shift_r( &X, k );
|
||||
X.s = A->s;
|
||||
mpi_copy( R, &X );
|
||||
|
||||
R->s = A->s;
|
||||
if( mpi_cmp_int( R, 0 ) == 0 )
|
||||
R->s = 1;
|
||||
}
|
||||
|
@ -1212,10 +1212,6 @@ cleanup:
|
|||
|
||||
/*
|
||||
* Division by int: A = Q * b + R
|
||||
*
|
||||
* Returns 0 if successful
|
||||
* 1 if memory allocation failed
|
||||
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
|
||||
*/
|
||||
int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b )
|
||||
{
|
||||
|
|
|
@ -194,7 +194,7 @@ int ctr_drbg_update_internal( ctr_drbg_context *ctx,
|
|||
/*
|
||||
* Increase counter
|
||||
*/
|
||||
for( i = CTR_DRBG_BLOCKSIZE; i >= 0; i-- )
|
||||
for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++ctx->counter[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Error message information
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -553,4 +553,4 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
|||
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
|
||||
}
|
||||
|
||||
#endif /* POLARSSL_VERBOSE_ERROR */
|
||||
#endif /* POLARSSL_ERROR_C */
|
||||
|
|
|
@ -115,7 +115,7 @@ int pkcs11_decrypt( pkcs11_context *ctx,
|
|||
int mode, size_t *olen,
|
||||
const unsigned char *input,
|
||||
unsigned char *output,
|
||||
unsigned int output_max_len )
|
||||
size_t output_max_len )
|
||||
{
|
||||
size_t input_len, output_len;
|
||||
|
||||
|
|
|
@ -794,6 +794,9 @@ int rsa_pkcs1_sign( rsa_context *ctx,
|
|||
hlen = md_get_size( md_info );
|
||||
slen = hlen;
|
||||
|
||||
if( olen < hlen + slen + 2 )
|
||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
memset( sig, 0, olen );
|
||||
memset( &md_ctx, 0, sizeof( md_context_t ) );
|
||||
|
||||
|
|
|
@ -2984,8 +2984,6 @@ int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
|
|||
|
||||
/*
|
||||
* Wrapper for x509 hashes.
|
||||
*
|
||||
* \param out Buffer to receive the hash (Should be at least 64 bytes)
|
||||
*/
|
||||
static void x509_hash( const unsigned char *in, size_t len, int alg,
|
||||
unsigned char *out )
|
||||
|
@ -3116,12 +3114,12 @@ int x509_wildcard_verify( const char *cn, x509_buf *name )
|
|||
|
||||
static int x509parse_verify_top(
|
||||
x509_cert *child, x509_cert *trust_ca,
|
||||
x509_crl *ca_crl, int *path_cnt, int *flags,
|
||||
x509_crl *ca_crl, int path_cnt, int *flags,
|
||||
int (*f_vrfy)(void *, x509_cert *, int, int *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
int hash_id, ret;
|
||||
int ca_flags = 0;
|
||||
int ca_flags = 0, check_path_cnt = path_cnt + 1;
|
||||
unsigned char hash[64];
|
||||
|
||||
if( x509parse_time_expired( &child->valid_to ) )
|
||||
|
@ -3143,8 +3141,19 @@ static int x509parse_verify_top(
|
|||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reduce path_len to check against if top of the chain is
|
||||
* the same as the trusted CA
|
||||
*/
|
||||
if( child->subject_raw.len == trust_ca->subject_raw.len &&
|
||||
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
|
||||
child->issuer_raw.len ) == 0 )
|
||||
{
|
||||
check_path_cnt--;
|
||||
}
|
||||
|
||||
if( trust_ca->max_pathlen > 0 &&
|
||||
trust_ca->max_pathlen < *path_cnt )
|
||||
trust_ca->max_pathlen < check_path_cnt )
|
||||
{
|
||||
trust_ca = trust_ca->next;
|
||||
continue;
|
||||
|
@ -3168,7 +3177,13 @@ static int x509parse_verify_top(
|
|||
break;
|
||||
}
|
||||
|
||||
if( trust_ca != NULL )
|
||||
/*
|
||||
* If top of chain is not the same as the trusted CA
|
||||
*/
|
||||
if( trust_ca != NULL &&
|
||||
( child->subject_raw.len != trust_ca->subject_raw.len ||
|
||||
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
|
||||
child->issuer_raw.len ) != 0 ) )
|
||||
{
|
||||
/* Check trusted CA's CRL for then chain's top crt */
|
||||
*flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
|
||||
|
@ -3188,7 +3203,7 @@ static int x509parse_verify_top(
|
|||
|
||||
if( NULL != f_vrfy )
|
||||
{
|
||||
if( ( ret = f_vrfy( p_vrfy, trust_ca, 0, &ca_flags ) ) != 0 )
|
||||
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
|
@ -3196,12 +3211,10 @@ static int x509parse_verify_top(
|
|||
/* Call callback on top cert */
|
||||
if( NULL != f_vrfy )
|
||||
{
|
||||
if( ( ret = f_vrfy(p_vrfy, child, 1, flags ) ) != 0 )
|
||||
if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
*path_cnt = 2;
|
||||
|
||||
*flags |= ca_flags;
|
||||
|
||||
return( 0 );
|
||||
|
@ -3209,7 +3222,7 @@ static int x509parse_verify_top(
|
|||
|
||||
static int x509parse_verify_child(
|
||||
x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
|
||||
x509_crl *ca_crl, int *path_cnt, int *flags,
|
||||
x509_crl *ca_crl, int path_cnt, int *flags,
|
||||
int (*f_vrfy)(void *, x509_cert *, int, int *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
|
@ -3248,28 +3261,26 @@ static int x509parse_verify_child(
|
|||
break;
|
||||
}
|
||||
|
||||
(*path_cnt)++;
|
||||
if( grandparent != NULL )
|
||||
{
|
||||
/*
|
||||
* Part of the chain
|
||||
*/
|
||||
ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
|
||||
ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
|
||||
ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* child is verified to be a child of the parent, call verify callback */
|
||||
if( NULL != f_vrfy )
|
||||
if( ( ret = f_vrfy( p_vrfy, child, *path_cnt, flags ) ) != 0 )
|
||||
if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
|
||||
return( ret );
|
||||
(*path_cnt)++;
|
||||
|
||||
*flags |= parent_flags;
|
||||
|
||||
|
@ -3288,7 +3299,7 @@ int x509parse_verify( x509_cert *crt,
|
|||
{
|
||||
size_t cn_len;
|
||||
int ret;
|
||||
int pathlen = 1;
|
||||
int pathlen = 0;
|
||||
x509_cert *parent;
|
||||
x509_name *name;
|
||||
x509_sequence *cur = NULL;
|
||||
|
@ -3370,13 +3381,13 @@ int x509parse_verify( x509_cert *crt,
|
|||
/*
|
||||
* Part of the chain
|
||||
*/
|
||||
ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
|
||||
ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = x509parse_verify_top( crt, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
|
||||
ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
|
|
@ -146,8 +146,6 @@ int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
|
|||
|
||||
/*
|
||||
* Wrapper for x509 hashes.
|
||||
*
|
||||
* \param out Buffer to receive the hash (Should be at least 64 bytes)
|
||||
*/
|
||||
static void x509_hash( const unsigned char *in, size_t len, int alg,
|
||||
unsigned char *out )
|
||||
|
|
|
@ -298,6 +298,7 @@ int main( int argc, char *argv[] )
|
|||
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
|
||||
{
|
||||
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
|
||||
ssl_free( &ssl );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -313,12 +314,14 @@ int main( int argc, char *argv[] )
|
|||
if( ret == -1 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
|
||||
ssl_free( &ssl );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( "%s\n", buf );
|
||||
|
||||
ssl_close_notify( &ssl );
|
||||
ssl_free( &ssl );
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
|
@ -329,7 +332,6 @@ exit:
|
|||
net_close( server_fd );
|
||||
x509_free( &clicert );
|
||||
rsa_free( &rsa );
|
||||
ssl_free( &ssl );
|
||||
|
||||
#if defined(_WIN32)
|
||||
printf( " + Press Enter to exit this program.\n" );
|
||||
|
|
57
scripts/check_doxy_blocks.pl
Normal file
57
scripts/check_doxy_blocks.pl
Normal file
|
@ -0,0 +1,57 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# Detect comment blocks that are likely meant to be doxygen blocks but aren't.
|
||||
#
|
||||
# More precisely, look for normal comment block containing '\'.
|
||||
# Of course one could use doxygen warnings, eg with:
|
||||
# sed -e '/EXTRACT/s/YES/NO/' doxygen/polarssl.doxyfile | doxygen -
|
||||
# but that would warn about any undocumented item, while our goal is to find
|
||||
# items that are documented, but not marked as such by mistake.
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
use File::Basename;
|
||||
|
||||
# header files in the following directories will be checked
|
||||
my @directories = qw(include/polarssl library doxygen/input);
|
||||
|
||||
# very naive pattern to find directives:
|
||||
# everything with a backslach except '\0'
|
||||
my $doxy_re = qr/\\(?!0)/;
|
||||
|
||||
sub check_file {
|
||||
my ($fname) = @_;
|
||||
open my $fh, '<', $fname or die "Failed to open '$fname': $!\n";
|
||||
|
||||
# first line of the last normal comment block,
|
||||
# or 0 if not in a normal comment block
|
||||
my $block_start = 0;
|
||||
while (my $line = <$fh>) {
|
||||
$block_start = $. if $line =~ m/\/\*(?![*!])/;
|
||||
$block_start = 0 if $line =~ m/\*\//;
|
||||
if ($block_start and $line =~ m/$doxy_re/) {
|
||||
print "$fname:$block_start: directive on line $.\n";
|
||||
$block_start = 0; # report only one directive per block
|
||||
}
|
||||
}
|
||||
|
||||
close $fh;
|
||||
}
|
||||
|
||||
sub check_dir {
|
||||
my ($dirname) = @_;
|
||||
for my $file (<$dirname/*.[ch]>) {
|
||||
check_file($file);
|
||||
}
|
||||
}
|
||||
|
||||
# locate root directory based on invocation name
|
||||
my $root = dirname($0) . '/..';
|
||||
chdir $root or die "Can't chdir to '$root': $!\n";
|
||||
|
||||
# just do it
|
||||
for my $dir (@directories) {
|
||||
check_dir($dir)
|
||||
}
|
||||
|
||||
__END__
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Error message information
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
* Copyright (C) 2006-2012, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
|
@ -86,4 +86,4 @@ LOW_LEVEL_CODE_CHECKS
|
|||
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
|
||||
}
|
||||
|
||||
#endif /* POLARSSL_VERBOSE_ERROR */
|
||||
#endif /* POLARSSL_ERROR_C */
|
||||
|
|
|
@ -514,21 +514,21 @@ END_CASE
|
|||
BEGIN_CASE
|
||||
mpi_mod_mpi:radix_X:input_X:radix_Y:input_Y:radix_A:input_A:div_result
|
||||
{
|
||||
mpi X, Y, Z, A;
|
||||
mpi X, Y, A;
|
||||
int res;
|
||||
mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); mpi_init( &A );
|
||||
mpi_init( &X ); mpi_init( &Y ); mpi_init( &A );
|
||||
|
||||
TEST_ASSERT( mpi_read_string( &X, {radix_X}, {input_X} ) == 0 );
|
||||
TEST_ASSERT( mpi_read_string( &Y, {radix_Y}, {input_Y} ) == 0 );
|
||||
TEST_ASSERT( mpi_read_string( &A, {radix_A}, {input_A} ) == 0 );
|
||||
res = mpi_mod_mpi( &Z, &X, &Y );
|
||||
res = mpi_mod_mpi( &X, &X, &Y );
|
||||
TEST_ASSERT( res == {div_result} );
|
||||
if( res == 0 )
|
||||
{
|
||||
TEST_ASSERT( mpi_cmp_mpi( &Z, &A ) == 0 );
|
||||
TEST_ASSERT( mpi_cmp_mpi( &X, &A ) == 0 );
|
||||
}
|
||||
|
||||
mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z ); mpi_free( &A );
|
||||
mpi_free( &X ); mpi_free( &Y ); mpi_free( &A );
|
||||
}
|
||||
END_CASE
|
||||
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
RSAES-OAEP Encryption Test Vector Int
|
||||
pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":0
|
||||
|
||||
RSAES-OAEP Encryption Test Vector Data just fits
|
||||
pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd":"aafd12f659cae63489b479e5076ddec2f06cb58f":"3082f2288fff275213d53168f0a272573cff81837c249dc1f380a12ac124c8f217b700708a1ce7dce154265f31a126ebdd9ed3ef9145ae29124a25f4e65aa52c5a9ff34f6cf4de9ba937ae406dc7d1f277af4f6fb7ea73bfbab2bd397b6b2c53570e173ffcf3b9f0bb96837623a4f87bd81b41446c59e681a2f3da81239e9bdf":0
|
||||
|
||||
RSAES-OAEP Encryption Test Vector Data too long
|
||||
pkcs1_rsaes_oaep_encrypt:1024:16:"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":16:"11":POLARSSL_MD_SHA1:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"aafd12f659cae63489b479e5076ddec2f06cb58f":"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":POLARSSL_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSAES-OAEP Encryption Test Vector 1_1
|
||||
pkcs1_rsaes_oaep_encrypt:1024:16:"a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb":16:"010001":POLARSSL_MD_SHA1:"6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34":"18b776ea21069d69776a33e96bad48e1dda0a5ef":"354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a":0
|
||||
|
||||
|
@ -370,6 +376,9 @@ pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0
|
|||
RSASSA-PSS Verification Test Vector Int
|
||||
pkcs1_rsassa_pss_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
|
||||
|
||||
RSASSA-PSS Signing Test Vector Hash too large
|
||||
pkcs1_rsassa_pss_sign:1024:16:"d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b":16:"c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f":16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA512:"d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"":POLARSSL_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSASSA-PSS Signature Example 1_1
|
||||
pkcs1_rsassa_pss_sign:1024:16:"e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443":16:"b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd":16:"a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137":16:"010001":SIG_RSA_SHA1:POLARSSL_MD_SHA1:"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0":"dee959c7e06411361420ff80185ed57f3e6776af":"9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c":0
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
Check compiletime library version
|
||||
check_compiletime_version:"1.2.0"
|
||||
check_compiletime_version:"1.2.1"
|
||||
|
||||
Check runtime library version
|
||||
check_runtime_version:"1.2.0"
|
||||
check_runtime_version:"1.2.1"
|
||||
|
|
Loading…
Reference in a new issue