mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 10:55:27 +00:00
Merge branch 'development-proposed' into development-restricted
This commit is contained in:
commit
aaaa98cd60
26
ChangeLog
26
ChangeLog
|
@ -62,6 +62,17 @@ Features
|
|||
with an alternative implementation:
|
||||
mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared().
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
independent setup and export of RSA contexts. Most notably,
|
||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||
up RSA contexts from partial key material and having them completed to the
|
||||
needs of the implementation automatically. This allows to setup private RSA
|
||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
|
||||
New deprecations
|
||||
* Deprecate usage of RSA primitives with non-matching key-type
|
||||
(e.g., signing with a public key).
|
||||
|
@ -121,6 +132,9 @@ Bugfix
|
|||
RSA test suite where the failure of CTR DRBG initialization lead to
|
||||
freeing an RSA context and several MPI's without proper initialization
|
||||
beforehand.
|
||||
* Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue.
|
||||
* Fix programs/pkey/dh_server.c so that it actually works with dh_client.c.
|
||||
Found and fixed by Martijn de Milliano.
|
||||
|
||||
Changes
|
||||
* Extend cert_write example program by options to set the CRT version
|
||||
|
@ -133,17 +147,7 @@ Changes
|
|||
* Only run AES-192 self-test if AES-192 is available. Fixes #963.
|
||||
* Tighten the RSA PKCS#1 v1.5 signature verification code and remove the
|
||||
undeclared dependency of the RSA module on the ASN.1 module.
|
||||
|
||||
API Changes
|
||||
* Extend RSA interface by multiple functions allowing structure-
|
||||
independent setup and export of RSA contexts. Most notably,
|
||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||
up RSA contexts from partial key material and having them completed to the
|
||||
needs of the implementation automatically. This allows to setup private RSA
|
||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||
purpose or CRT and/or blinding.
|
||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||
implementations of the RSA interface declared in rsa.h.
|
||||
* Add mechanism to provide alternative implementation of the DHM module.
|
||||
|
||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||
|
||||
|
|
|
@ -269,6 +269,7 @@
|
|||
//#define MBEDTLS_CCM_ALT
|
||||
//#define MBEDTLS_CMAC_ALT
|
||||
//#define MBEDTLS_DES_ALT
|
||||
//#define MBEDTLS_DHM_ALT
|
||||
//#define MBEDTLS_GCM_ALT
|
||||
//#define MBEDTLS_MD2_ALT
|
||||
//#define MBEDTLS_MD4_ALT
|
||||
|
|
|
@ -23,7 +23,13 @@
|
|||
#ifndef MBEDTLS_DHM_H
|
||||
#define MBEDTLS_DHM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
#include "bignum.h"
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
|
||||
/*
|
||||
* DHM Error codes
|
||||
|
@ -291,6 +297,18 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
|
|||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* MBEDTLS_DHM_ALT */
|
||||
#include "dhm_alt.h"
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
|
@ -373,21 +373,22 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
|
|||
|
||||
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
/**
|
||||
* \brief Check usage of certificate against extentedJeyUsage.
|
||||
* \brief Check usage of certificate against extendedKeyUsage.
|
||||
*
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param crt Leaf certificate used.
|
||||
* \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
|
||||
* MBEDTLS_OID_CLIENT_AUTH).
|
||||
* \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
|
||||
*
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
* \return 0 if this use of the certificate is allowed,
|
||||
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
|
||||
*
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
* \note Usually only makes sense on leaf certificates.
|
||||
*/
|
||||
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
|
||||
const char *usage_oid,
|
||||
size_t usage_len );
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
/**
|
||||
|
|
|
@ -57,6 +57,7 @@
|
|||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DHM_ALT)
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
|
@ -583,6 +584,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
|||
}
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
|
|
|
@ -2042,7 +2042,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
const mbedtls_ssl_ciphersuite_t *suite = NULL;
|
||||
const mbedtls_cipher_info_t *cipher = NULL;
|
||||
|
||||
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
|
|
|
@ -105,6 +105,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_DES_ALT)
|
||||
"MBEDTLS_DES_ALT",
|
||||
#endif /* MBEDTLS_DES_ALT */
|
||||
#if defined(MBEDTLS_DHM_ALT)
|
||||
"MBEDTLS_DHM_ALT",
|
||||
#endif /* MBEDTLS_DHM_ALT */
|
||||
#if defined(MBEDTLS_GCM_ALT)
|
||||
"MBEDTLS_GCM_ALT",
|
||||
#endif /* MBEDTLS_GCM_ALT */
|
||||
|
|
|
@ -248,6 +248,7 @@ int main( void )
|
|||
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
n = dhm.len;
|
||||
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
|
||||
|
|
|
@ -345,7 +345,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue