mirror of
https://github.com/reactos/reactos.git
synced 2024-06-24 06:51:47 +00:00
[MBEDTLS] Update to version 2.7.10. CORE-15895
This commit is contained in:
parent
ba1fb9ace9
commit
ca86ee9c03
28
dll/3rdparty/mbedtls/asn1write.c
vendored
28
dll/3rdparty/mbedtls/asn1write.c
vendored
|
@ -296,22 +296,28 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
|||
const unsigned char *buf, size_t bits )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0, size;
|
||||
size_t len = 0;
|
||||
size_t unused_bits, byte_len;
|
||||
|
||||
size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
|
||||
byte_len = ( bits + 7 ) / 8;
|
||||
unused_bits = ( byte_len * 8 ) - bits;
|
||||
|
||||
// Calculate byte length
|
||||
//
|
||||
if( *p < start || (size_t)( *p - start ) < size + 1 )
|
||||
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size + 1;
|
||||
(*p) -= size;
|
||||
memcpy( *p, buf, size );
|
||||
len = byte_len + 1;
|
||||
|
||||
// Write unused bits
|
||||
//
|
||||
*--(*p) = (unsigned char) (size * 8 - bits);
|
||||
/* Write the bitstring. Ensure the unused bits are zeroed */
|
||||
if( byte_len > 0 )
|
||||
{
|
||||
byte_len--;
|
||||
*--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
|
||||
( *p ) -= byte_len;
|
||||
memcpy( *p, buf, byte_len );
|
||||
}
|
||||
|
||||
/* Write unused bits */
|
||||
*--( *p ) = (unsigned char)unused_bits;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
|
||||
|
|
38
dll/3rdparty/mbedtls/bignum.c
vendored
38
dll/3rdparty/mbedtls/bignum.c
vendored
|
@ -502,26 +502,38 @@ cleanup:
|
|||
}
|
||||
|
||||
/*
|
||||
* Helper to write the digits high-order first
|
||||
* Helper to write the digits high-order first.
|
||||
*/
|
||||
static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
|
||||
static int mpi_write_hlp( mbedtls_mpi *X, int radix,
|
||||
char **p, const size_t buflen )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_mpi_uint r;
|
||||
size_t length = 0;
|
||||
char *p_end = *p + buflen;
|
||||
|
||||
if( radix < 2 || radix > 16 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
do
|
||||
{
|
||||
if( length >= buflen )
|
||||
{
|
||||
return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
|
||||
/*
|
||||
* Write the residue in the current position, as an ASCII character.
|
||||
*/
|
||||
if( r < 0xA )
|
||||
*(--p_end) = (char)( '0' + r );
|
||||
else
|
||||
*(--p_end) = (char)( 'A' + ( r - 0xA ) );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
|
||||
MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
|
||||
length++;
|
||||
} while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
|
||||
|
||||
if( r < 10 )
|
||||
*(*p)++ = (char)( r + 0x30 );
|
||||
else
|
||||
*(*p)++ = (char)( r + 0x37 );
|
||||
memmove( *p, p_end, length );
|
||||
*p += length;
|
||||
|
||||
cleanup:
|
||||
|
||||
|
@ -591,7 +603,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
|
|||
if( T.s == -1 )
|
||||
T.s = 1;
|
||||
|
||||
MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
|
||||
MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
|
||||
}
|
||||
|
||||
*p++ = '\0';
|
||||
|
|
9
dll/3rdparty/mbedtls/ecdsa.c
vendored
9
dll/3rdparty/mbedtls/ecdsa.c
vendored
|
@ -422,8 +422,13 @@ cleanup:
|
|||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
|
||||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
|
||||
int ret = 0;
|
||||
ret = mbedtls_ecp_group_load( &ctx->grp, gid );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
|
||||
&ctx->Q, f_rng, p_rng ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
|
||||
|
||||
|
|
57
dll/3rdparty/mbedtls/ssl_ciphersuites.c
vendored
57
dll/3rdparty/mbedtls/ssl_ciphersuites.c
vendored
|
@ -45,11 +45,11 @@
|
|||
/*
|
||||
* Ordered from most preferred to least preferred in terms of security.
|
||||
*
|
||||
* Current rule (except rc4, weak and null which come last):
|
||||
* Current rule (except RC4 and 3DES, weak and null which come last):
|
||||
* 1. By key exchange:
|
||||
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
|
||||
* 2. By key length and cipher:
|
||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
|
||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128
|
||||
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
|
||||
* 4. By hash function used when relevant
|
||||
* 5. By key exchange/auth again: EC > non-EC
|
||||
|
@ -107,11 +107,6 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
|
||||
/* All remaining >= 128-bit ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
|
||||
|
@ -135,9 +130,6 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
|
||||
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The ECJPAKE suite */
|
||||
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
|
||||
|
||||
|
@ -185,11 +177,6 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
|
||||
/* All remaining >= 128-bit suites */
|
||||
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The RSA PSK suites */
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
|
||||
|
@ -203,8 +190,6 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK suites */
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
|
||||
|
@ -222,6 +207,16 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
|
||||
|
||||
/* 3DES suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* RC4 suites */
|
||||
|
@ -1706,6 +1701,26 @@ const int *mbedtls_ssl_list_ciphersuites( void )
|
|||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||
static int supported_init = 0;
|
||||
|
||||
static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
|
||||
{
|
||||
(void)cs_info;
|
||||
|
||||
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
|
||||
if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
return( 1 );
|
||||
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
|
||||
|
||||
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
|
||||
if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
|
||||
cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
const int *mbedtls_ssl_list_ciphersuites( void )
|
||||
{
|
||||
/*
|
||||
|
@ -1721,14 +1736,12 @@ const int *mbedtls_ssl_list_ciphersuites( void )
|
|||
*p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
|
||||
p++ )
|
||||
{
|
||||
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
|
||||
const mbedtls_ssl_ciphersuite_t *cs_info;
|
||||
if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
|
||||
cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
|
||||
#else
|
||||
if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
|
||||
#endif
|
||||
!ciphersuite_is_removed( cs_info ) )
|
||||
{
|
||||
*(q++) = *p;
|
||||
}
|
||||
}
|
||||
*q = 0;
|
||||
|
||||
|
|
3
dll/3rdparty/mbedtls/version_features.c
vendored
3
dll/3rdparty/mbedtls/version_features.c
vendored
|
@ -272,6 +272,9 @@ static const char *features[] = {
|
|||
#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
|
||||
"MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
|
||||
#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
|
||||
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
|
||||
"MBEDTLS_REMOVE_3DES_CIPHERSUITES",
|
||||
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
|
|
15
dll/3rdparty/mbedtls/x509_csr.c
vendored
15
dll/3rdparty/mbedtls/x509_csr.c
vendored
|
@ -285,15 +285,24 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
|
|||
{
|
||||
mbedtls_pem_init( &pem );
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN CERTIFICATE REQUEST-----",
|
||||
"-----END CERTIFICATE REQUEST-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
"-----BEGIN CERTIFICATE REQUEST-----",
|
||||
"-----END CERTIFICATE REQUEST-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
ret = mbedtls_pem_read_buffer( &pem,
|
||||
"-----BEGIN NEW CERTIFICATE REQUEST-----",
|
||||
"-----END NEW CERTIFICATE REQUEST-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded, parse the result
|
||||
*/
|
||||
ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
|
||||
}
|
||||
|
||||
mbedtls_pem_free( &pem );
|
||||
if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
|
|
45
dll/3rdparty/mbedtls/x509write_crt.c
vendored
45
dll/3rdparty/mbedtls/x509write_crt.c
vendored
|
@ -224,26 +224,51 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
|
|||
}
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
|
||||
static size_t crt_get_unused_bits_for_named_bitstring( unsigned char bitstring,
|
||||
size_t bit_offset )
|
||||
{
|
||||
size_t unused_bits;
|
||||
|
||||
/* Count the unused bits removing trailing 0s */
|
||||
for( unused_bits = bit_offset; unused_bits < 8; unused_bits++ )
|
||||
if( ( ( bitstring >> unused_bits ) & 0x1 ) != 0 )
|
||||
break;
|
||||
|
||||
return( unused_bits );
|
||||
}
|
||||
|
||||
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
|
||||
unsigned int key_usage )
|
||||
{
|
||||
unsigned char buf[4], ku;
|
||||
unsigned char *c;
|
||||
int ret;
|
||||
size_t unused_bits;
|
||||
const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
|
||||
MBEDTLS_X509_KU_NON_REPUDIATION |
|
||||
MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
|
||||
MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
|
||||
MBEDTLS_X509_KU_KEY_AGREEMENT |
|
||||
MBEDTLS_X509_KU_KEY_CERT_SIGN |
|
||||
MBEDTLS_X509_KU_CRL_SIGN;
|
||||
|
||||
/* We currently only support 7 bits, from 0x80 to 0x02 */
|
||||
if( ( key_usage & ~0xfe ) != 0 )
|
||||
/* Check that nothing other than the allowed flags is set */
|
||||
if( ( key_usage & ~allowed_bits ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
c = buf + 4;
|
||||
ku = (unsigned char) key_usage;
|
||||
ku = (unsigned char)key_usage;
|
||||
unused_bits = crt_get_unused_bits_for_named_bitstring( ku, 1 );
|
||||
ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 8 - unused_bits );
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
else if( ret < 3 || ret > 4 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
|
||||
1, buf, 4 );
|
||||
1, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -255,16 +280,22 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
|
|||
{
|
||||
unsigned char buf[4];
|
||||
unsigned char *c;
|
||||
size_t unused_bits;
|
||||
int ret;
|
||||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
|
||||
unused_bits = crt_get_unused_bits_for_named_bitstring( ns_cert_type, 0 );
|
||||
ret = mbedtls_asn1_write_bitstring( &c,
|
||||
buf,
|
||||
&ns_cert_type,
|
||||
8 - unused_bits );
|
||||
if( ret < 3 || ret > 4 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
|
||||
0, buf, 4 );
|
||||
0, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
36
dll/3rdparty/mbedtls/x509write_csr.c
vendored
36
dll/3rdparty/mbedtls/x509write_csr.c
vendored
|
@ -87,20 +87,39 @@ int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
|
|||
0, val, val_len );
|
||||
}
|
||||
|
||||
static size_t csr_get_unused_bits_for_named_bitstring( unsigned char bitstring,
|
||||
size_t bit_offset )
|
||||
{
|
||||
size_t unused_bits;
|
||||
|
||||
/* Count the unused bits removing trailing 0s */
|
||||
for( unused_bits = bit_offset; unused_bits < 8; unused_bits++ )
|
||||
if( ( ( bitstring >> unused_bits ) & 0x1 ) != 0 )
|
||||
break;
|
||||
|
||||
return( unused_bits );
|
||||
}
|
||||
|
||||
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
|
||||
{
|
||||
unsigned char buf[4];
|
||||
unsigned char *c;
|
||||
size_t unused_bits;
|
||||
int ret;
|
||||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
|
||||
unused_bits = csr_get_unused_bits_for_named_bitstring( key_usage, 0 );
|
||||
ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 8 - unused_bits );
|
||||
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
else if( ret < 3 || ret > 4 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
|
||||
buf, 4 );
|
||||
c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -112,16 +131,25 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||
{
|
||||
unsigned char buf[4];
|
||||
unsigned char *c;
|
||||
size_t unused_bits;
|
||||
int ret;
|
||||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
|
||||
unused_bits = csr_get_unused_bits_for_named_bitstring( ns_cert_type, 0 );
|
||||
ret = mbedtls_asn1_write_bitstring( &c,
|
||||
buf,
|
||||
&ns_cert_type,
|
||||
8 - unused_bits );
|
||||
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
else if( ret < 3 || ret > 4 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
|
||||
buf, 4 );
|
||||
c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ Used Version: 4.0.10
|
|||
Website: http://www.simplesystems.org/libtiff/
|
||||
|
||||
Title: mbed TLS
|
||||
Used Version: 2.7.9
|
||||
Used Version: 2.7.10
|
||||
Website: https://tls.mbed.org/
|
||||
|
||||
Title: libpng
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_AESNI_H
|
||||
#define MBEDTLS_AESNI_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#define MBEDTLS_AESNI_AES 0x02000000u
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_ASN1_WRITE_H
|
||||
#define MBEDTLS_ASN1_WRITE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
|
||||
#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else \
|
||||
|
@ -185,24 +191,27 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
|||
const char *text, size_t text_len );
|
||||
|
||||
/**
|
||||
* \brief Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
|
||||
* value in ASN.1 format
|
||||
* Note: function works backwards in data buffer
|
||||
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
|
||||
* value in ASN.1 format.
|
||||
*
|
||||
* \param p reference to current position pointer
|
||||
* \param start start of the buffer (for bounds-checking)
|
||||
* \param buf the bitstring
|
||||
* \param bits the total number of bits in the bitstring
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \return the length written or a negative error code
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer, for bounds-checking.
|
||||
* \param buf The bitstring to write.
|
||||
* \param bits The total number of bits in the bitstring.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t bits );
|
||||
|
||||
/**
|
||||
* \brief Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
|
||||
* value in ASN.1 format
|
||||
* Note: function works backwards in data buffer
|
||||
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
|
||||
* and value in ASN.1 format.
|
||||
*
|
||||
* \note This function works backwards in data buffer.
|
||||
*
|
||||
* \param p reference to current position pointer
|
||||
* \param start start of the buffer (for bounds-checking)
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_BASE64_H
|
||||
#define MBEDTLS_BASE64_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
|
||||
|
|
|
@ -40,6 +40,12 @@
|
|||
#ifndef MBEDTLS_BN_MUL_H
|
||||
#define MBEDTLS_BN_MUL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
#if defined(MBEDTLS_HAVE_ASM)
|
||||
|
@ -736,7 +742,7 @@
|
|||
"sw $10, %2 \n\t" \
|
||||
: "=m" (c), "=m" (d), "=m" (s) \
|
||||
: "m" (s), "m" (d), "m" (c), "m" (b) \
|
||||
: "$9", "$10", "$11", "$12", "$13", "$14", "$15" \
|
||||
: "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
|
||||
);
|
||||
|
||||
#endif /* MIPS */
|
||||
|
|
|
@ -36,6 +36,12 @@
|
|||
#ifndef MBEDTLS_CCM_H
|
||||
#define MBEDTLS_CCM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_CERTS_H
|
||||
#define MBEDTLS_CERTS_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -28,6 +28,12 @@
|
|||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -27,6 +27,12 @@
|
|||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
|
|
|
@ -558,6 +558,26 @@
|
|||
*/
|
||||
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
*
|
||||
* Remove 3DES ciphersuites by default in SSL / TLS.
|
||||
* This flag removes the ciphersuites based on 3DES from the default list as
|
||||
* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
|
||||
* to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
|
||||
* them explicitly.
|
||||
*
|
||||
* A man-in-the-browser attacker can recover authentication tokens sent through
|
||||
* a TLS connection using a 3DES based cipher suite (see "On the Practical
|
||||
* (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
|
||||
* Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
|
||||
* in your threat model or you are unsure, then you should keep this option
|
||||
* enabled to remove 3DES based cipher suites.
|
||||
*
|
||||
* Comment this macro to keep 3DES in the default ciphersuite list.
|
||||
*/
|
||||
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
*
|
||||
|
|
|
@ -30,6 +30,12 @@
|
|||
#ifndef MBEDTLS_CTR_DRBG_H
|
||||
#define MBEDTLS_CTR_DRBG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
|
|
@ -35,6 +35,12 @@
|
|||
#ifndef MBEDTLS_ECDH_H
|
||||
#define MBEDTLS_ECDH_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -33,6 +33,12 @@
|
|||
#ifndef MBEDTLS_ECDSA_H
|
||||
#define MBEDTLS_ECDSA_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
||||
|
|
|
@ -42,6 +42,11 @@
|
|||
* The payloads are serialized in a way suitable for use in TLS, but could
|
||||
* also be use outside TLS.
|
||||
*/
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ecp.h"
|
||||
#include "md.h"
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_ECP_H
|
||||
#define MBEDTLS_ECP_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "bignum.h"
|
||||
|
||||
/*
|
||||
|
|
|
@ -63,6 +63,12 @@
|
|||
#ifndef MBEDTLS_ECP_INTERNAL_H
|
||||
#define MBEDTLS_ECP_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
|
||||
|
||||
/**
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_ERROR_H
|
||||
#define MBEDTLS_ERROR_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/**
|
||||
|
|
|
@ -33,6 +33,12 @@
|
|||
#ifndef MBEDTLS_GCM_H
|
||||
#define MBEDTLS_GCM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "cipher.h"
|
||||
|
||||
#include <stdint.h>
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_HAVEGE_H
|
||||
#define MBEDTLS_HAVEGE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_HMAC_DRBG_H
|
||||
#define MBEDTLS_HMAC_DRBG_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
|
|
@ -25,6 +25,11 @@
|
|||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "net_sockets.h"
|
||||
|
|
|
@ -27,6 +27,12 @@
|
|||
#ifndef MBEDTLS_PADLOCK_H
|
||||
#define MBEDTLS_PADLOCK_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_PEM_H
|
||||
#define MBEDTLS_PEM_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/**
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_PKCS12_H
|
||||
#define MBEDTLS_PKCS12_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "md.h"
|
||||
#include "cipher.h"
|
||||
#include "asn1.h"
|
||||
|
|
|
@ -28,6 +28,12 @@
|
|||
#ifndef MBEDTLS_PKCS5_H
|
||||
#define MBEDTLS_PKCS5_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "asn1.h"
|
||||
#include "md.h"
|
||||
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_SSL_CACHE_H
|
||||
#define MBEDTLS_SSL_CACHE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
|
||||
#define MBEDTLS_SSL_CIPHERSUITES_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "pk.h"
|
||||
#include "cipher.h"
|
||||
#include "md.h"
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_SSL_COOKIE_H
|
||||
#define MBEDTLS_SSL_COOKIE_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_SSL_INTERNAL_H
|
||||
#define MBEDTLS_SSL_INTERNAL_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
#include "cipher.h"
|
||||
|
||||
|
|
|
@ -26,6 +26,12 @@
|
|||
#ifndef MBEDTLS_SSL_TICKET_H
|
||||
#define MBEDTLS_SSL_TICKET_H
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This implementation of the session ticket callbacks includes key
|
||||
* management, rotating the keys periodically in order to preserve forward
|
||||
|
|
|
@ -42,16 +42,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 7
|
||||
#define MBEDTLS_VERSION_PATCH 9
|
||||
#define MBEDTLS_VERSION_PATCH 10
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02070900
|
||||
#define MBEDTLS_VERSION_STRING "2.7.9"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.9"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02070A00
|
||||
#define MBEDTLS_VERSION_STRING "2.7.10"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.10"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -207,6 +207,14 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty
|
|||
* \param key_usage key usage flags to set
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
|
||||
*
|
||||
* \note The <code>decipherOnly</code> flag from the Key Usage
|
||||
* extension is represented by bit 8 (i.e.
|
||||
* <code>0x8000</code>), which cannot typically be represented
|
||||
* in an unsigned char. Therefore, the flag
|
||||
* <code>decipherOnly</code> (i.e.
|
||||
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
|
||||
* function.
|
||||
*/
|
||||
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
|
||||
|
||||
|
|
Loading…
Reference in a new issue