mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-27 17:15:40 +00:00
8dd1690993
Resolve conflicts by performing the following operations: - Reject changes related to building a crypto submodule, since Mbed Crypto is the crypto submodule. - Reject X.509, NET, and SSL changes. - Reject changes to README, as Mbed Crypto is a different project from Mbed TLS, with a different README. - Avoid adding mention of ssl-opt.sh in a comment near some modified code in include/CMakeLists.txt (around where ENABLE_TESTING as added). - Align config.pl in Mbed TLS with config.pl in Mbed Crypto where PSA options are concerned, to make future merging easier. There is no reason for the two to be different in this regard, now that Mbed TLS always depends on Mbed Crypto. Remaining differences are only the PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option and the absence of X.509, NET, and SSL related options in Mbed Crypto's config.pl. - Align config.h in Mbed Crypto with Mbed TLS's copy, with a few notable exceptions: - Leave CMAC on by default. - Leave storage on by default (including ITS emulation). - Avoid documenting the PSA Crypto API as is in beta stage in documentation for MBEDTLS_PSA_CRYPTO_C. The only remaining differences are a lack of X.509, NET, and SSL options in Mbed Crypto's config.h, as well as an additional Mbed-Crypto-specific PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option. Documentation for the check params feature and related macros is also updated to match Mbed TLS's description. - Reject tests/data_files/Makefile changes to generate DER versions of CRTs and keys, as none of those are used by Mbed Crypto tests. - Add the "no PEM and no filesystem" test to all.sh, without ssl-opt.sh run, as Mbed Crypto doesn't have ssl-opt.sh. Also remove use of PSA Crypto storage and ITS emulation, since those depend on filesystem support. - Reject addition of test when no ciphersuites have MAC to all.sh, as the option being tested, MBEDTLS_SSL_SOME_MODES_USE_MAC, is not present in Mbed Crypto. - Use baremetal config in all.sh, as Mbed Crypto's baremetal configuration does exclude the net module (as it doesn't exist in Mbed Crypto) - Reject cmake_subproject_build changes, continuing to link only libmbedcrypto. - Reject changes to visualc and associated templates. Mbed Crypto doesn't need additional logic to handle submodule-sourced headers. - Avoid adding fuzzers from Mbed TLS. The only relevant fuzzers are the privkey and pubkey fuzzers, but non-trivial work would be required to integrate those into Mbed Crypto (more than is comfortable in a merge commit). - Reject addition of Docker wrappers for compat.sh and ssl-opt.sh, as those are not present in Mbed Crypto. - Remove calls to SSL-related scripts from basic-in-docker.sh Fix test errors by performing the following: - Avoid using a link that Doxygen can't seem to resolve in Mbed Crypto, but can resolve in Mbed TLS. In documentation for MBEDTLS_CHECK_PARAMS, don't attempt to link to MBEDTLS_PARAM_FAILED. * origin/development: (339 commits) Do not build fuzz on windows No booleans and import config Removing space before opening parenthesis Style corrections Syntax fix Fixes warnings from MSVC Add a linker flag to enable gcov in basic-build-test.sh Update crypto submodule to a revision with the HAVEGE header changes Test with MBEDTLS_ECP_RESTARTABLE Allow TODO in code Use the docstring in the command line help Split _abi_compliance_command into smaller functions Record the commits that were compared Document how to build the typical argument for -s Allow running /somewhere/else/path/to/abi_check.py tests: Limit each log to 10 GiB Warn if VLAs are used Remove redundant compiler flag Consistently spell -Wextra Fix parsing issue when int parameter is in base 16 ...
147 lines
5.5 KiB
C
147 lines
5.5 KiB
C
/**
|
|
* \file pem.h
|
|
*
|
|
* \brief Privacy Enhanced Mail (PEM) decoding
|
|
*/
|
|
/*
|
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
*/
|
|
#ifndef MBEDTLS_PEM_H
|
|
#define MBEDTLS_PEM_H
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#include <stddef.h>
|
|
|
|
/**
|
|
* \name PEM Error codes
|
|
* These error codes are returned in case of errors reading the
|
|
* PEM data.
|
|
* \{
|
|
*/
|
|
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 /**< No PEM header or footer found. */
|
|
#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 /**< PEM string is not as expected. */
|
|
#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 /**< Failed to allocate memory. */
|
|
#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200 /**< RSA IV is not in hex-format. */
|
|
#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280 /**< Unsupported key encryption algorithm. */
|
|
#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 /**< Private key password can't be empty. */
|
|
#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 /**< Given private key password does not allow for correct decryption. */
|
|
#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
|
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 /**< Bad input parameters to function. */
|
|
/* \} name */
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
|
/**
|
|
* \brief PEM context structure
|
|
*/
|
|
typedef struct mbedtls_pem_context
|
|
{
|
|
unsigned char *buf; /*!< buffer for decoded data */
|
|
size_t buflen; /*!< length of the buffer */
|
|
unsigned char *info; /*!< buffer for extra header information */
|
|
}
|
|
mbedtls_pem_context;
|
|
|
|
/**
|
|
* \brief PEM context setup
|
|
*
|
|
* \param ctx context to be initialized
|
|
*/
|
|
void mbedtls_pem_init( mbedtls_pem_context *ctx );
|
|
|
|
/**
|
|
* \brief Read a buffer for PEM information and store the resulting
|
|
* data into the specified context buffers.
|
|
*
|
|
* \param ctx context to use
|
|
* \param header header string to seek and expect
|
|
* \param footer footer string to seek and expect
|
|
* \param data source data to look in (must be nul-terminated)
|
|
* \param pwd password for decryption (can be NULL)
|
|
* \param pwdlen length of password
|
|
* \param use_len destination for total length used (set after header is
|
|
* correctly read, so unless you get
|
|
* MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
|
|
* MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
|
* the length to skip)
|
|
*
|
|
* \note Attempts to check password correctness by verifying if
|
|
* the decrypted text starts with an ASN.1 sequence of
|
|
* appropriate length
|
|
*
|
|
* \return 0 on success, or a specific PEM error code
|
|
*/
|
|
int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
|
|
const unsigned char *data,
|
|
const unsigned char *pwd,
|
|
size_t pwdlen, size_t *use_len );
|
|
|
|
/**
|
|
* \brief PEM context memory freeing
|
|
*
|
|
* \param ctx context to be freed
|
|
*/
|
|
void mbedtls_pem_free( mbedtls_pem_context *ctx );
|
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
|
|
|
#if defined(MBEDTLS_PEM_WRITE_C)
|
|
/**
|
|
* \brief Write a buffer of PEM information from a DER encoded
|
|
* buffer.
|
|
*
|
|
* \param header The header string to write.
|
|
* \param footer The footer string to write.
|
|
* \param der_data The DER data to encode.
|
|
* \param der_len The length of the DER data \p der_data in Bytes.
|
|
* \param buf The buffer to write to.
|
|
* \param buf_len The length of the output buffer \p buf in Bytes.
|
|
* \param olen The address at which to store the total length written
|
|
* or required (if \p buf_len is not enough).
|
|
*
|
|
* \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
|
|
* to request the length of the resulting PEM buffer in
|
|
* `*olen`.
|
|
*
|
|
* \note This function may be called with overlapping \p der_data
|
|
* and \p buf buffers.
|
|
*
|
|
* \return \c 0 on success.
|
|
* \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
|
|
* enough to hold the PEM buffer. In this case, `*olen` holds
|
|
* the required minimum size of \p buf.
|
|
* \return Another PEM or BASE64 error code on other kinds of failure.
|
|
*/
|
|
int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
|
const unsigned char *der_data, size_t der_len,
|
|
unsigned char *buf, size_t buf_len, size_t *olen );
|
|
#endif /* MBEDTLS_PEM_WRITE_C */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* pem.h */
|