Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-24 00:06:32 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Merged changesets 1399 up to and including 1415 into 1.2 branch

Browse source
This commit is contained in:
Paul Bakker 2012-11-14 12:39:52 +00:00
parent 97872aceb6
commit 9a73632fd9
33 changed files with 178 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/CMakeLists.txt
View file

@ -57,7 +57,7 @@ add_library(polarssl STATIC ${src})
else(NOT USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl SHARED ${src})
set_target_properties(polarssl PROPERTIES VERSION 1.2.0 SOVERSION 2)
set_target_properties(polarssl PROPERTIES VERSION 1.2.1 SOVERSION 2)
endif(NOT USE_SHARED_POLARSSL_LIBRARY)

8
library/Makefile
View file

@ -18,7 +18,9 @@ endif
# CFLAGS += -D_BSD_EXTENSION
# To compile as a shared library:
# CFLAGS += -fPIC
ifdef SHARED
CFLAGS += -fPIC
endif
SONAME=libpolarssl.so.0
@ -51,7 +53,11 @@ OBJS= aes.o arc4.o asn1parse.o \
.SILENT:
ifndef SHARED
all: static
else
all: shared
endif
static: libpolarssl.a

6
library/bignum.c
View file

@ -1195,9 +1195,9 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
if( R != NULL )
{
mpi_shift_r( &X, k );
X.s = A->s;
mpi_copy( R, &X );
R->s = A->s;
if( mpi_cmp_int( R, 0 ) == 0 )
R->s = 1;
}
@ -1212,10 +1212,6 @@ cleanup:
/*
* Division by int: A = Q * b + R
*
* Returns 0 if successful
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
*/
int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b )
{

2
library/ctr_drbg.c
View file

@ -194,7 +194,7 @@ int ctr_drbg_update_internal( ctr_drbg_context *ctx,
/*
* Increase counter
*/
for( i = CTR_DRBG_BLOCKSIZE; i >= 0; i-- )
for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
if( ++ctx->counter[i - 1] != 0 )
break;

4
library/error.c
View file

@ -1,7 +1,7 @@
/*
* Error message information
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -553,4 +553,4 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
}
#endif /* POLARSSL_VERBOSE_ERROR */
#endif /* POLARSSL_ERROR_C */

2
library/pkcs11.c
View file

@ -115,7 +115,7 @@ int pkcs11_decrypt( pkcs11_context *ctx,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
unsigned int output_max_len )
size_t output_max_len )
{
size_t input_len, output_len;

3
library/rsa.c
View file

@ -794,6 +794,9 @@ int rsa_pkcs1_sign( rsa_context *ctx,
hlen = md_get_size( md_info );
slen = hlen;
if( olen < hlen + slen + 2 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
memset( sig, 0, olen );
memset( &md_ctx, 0, sizeof( md_context_t ) );

49
library/x509parse.c
View file

@ -2984,8 +2984,6 @@ int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
/*
* Wrapper for x509 hashes.
*
* \param out Buffer to receive the hash (Should be at least 64 bytes)
*/
static void x509_hash( const unsigned char *in, size_t len, int alg,
unsigned char *out )
@ -3116,12 +3114,12 @@ int x509_wildcard_verify( const char *cn, x509_buf *name )
static int x509parse_verify_top(
x509_cert *child, x509_cert *trust_ca,
x509_crl *ca_crl, int *path_cnt, int *flags,
x509_crl *ca_crl, int path_cnt, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy )
{
int hash_id, ret;
int ca_flags = 0;
int ca_flags = 0, check_path_cnt = path_cnt + 1;
unsigned char hash[64];
if( x509parse_time_expired( &child->valid_to ) )
@ -3143,8 +3141,19 @@ static int x509parse_verify_top(
continue;
}
/*
* Reduce path_len to check against if top of the chain is
* the same as the trusted CA
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) == 0 )
{
check_path_cnt--;
}
if( trust_ca->max_pathlen > 0 &&
trust_ca->max_pathlen < *path_cnt )
trust_ca->max_pathlen < check_path_cnt )
{
trust_ca = trust_ca->next;
continue;
@ -3168,7 +3177,13 @@ static int x509parse_verify_top(
break;
}
if( trust_ca != NULL )
/*
* If top of chain is not the same as the trusted CA
*/
if( trust_ca != NULL &&
( child->subject_raw.len != trust_ca->subject_raw.len ||
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) != 0 ) )
{
/* Check trusted CA's CRL for then chain's top crt */
*flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
@ -3188,7 +3203,7 @@ static int x509parse_verify_top(
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy( p_vrfy, trust_ca, 0, &ca_flags ) ) != 0 )
if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
return( ret );
}
}
@ -3196,12 +3211,10 @@ static int x509parse_verify_top(
/* Call callback on top cert */
if( NULL != f_vrfy )
{
if( ( ret = f_vrfy(p_vrfy, child, 1, flags ) ) != 0 )
if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
return( ret );
}
*path_cnt = 2;
*flags |= ca_flags;
return( 0 );
@ -3209,7 +3222,7 @@ static int x509parse_verify_top(
static int x509parse_verify_child(
x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
x509_crl *ca_crl, int *path_cnt, int *flags,
x509_crl *ca_crl, int path_cnt, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy )
{
@ -3248,28 +3261,26 @@ static int x509parse_verify_child(
break;
}
(*path_cnt)++;
if( grandparent != NULL )
{
/*
* Part of the chain
*/
ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt, &parent_flags, f_vrfy, p_vrfy );
ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
/* child is verified to be a child of the parent, call verify callback */
if( NULL != f_vrfy )
if( ( ret = f_vrfy( p_vrfy, child, *path_cnt, flags ) ) != 0 )
if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
return( ret );
(*path_cnt)++;
*flags |= parent_flags;
@ -3288,7 +3299,7 @@ int x509parse_verify( x509_cert *crt,
{
size_t cn_len;
int ret;
int pathlen = 1;
int pathlen = 0;
x509_cert *parent;
x509_name *name;
x509_sequence *cur = NULL;
@ -3370,13 +3381,13 @@ int x509parse_verify( x509_cert *crt,
/*
* Part of the chain
*/
ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509parse_verify_top( crt, trust_ca, ca_crl, &pathlen, flags, f_vrfy, p_vrfy );
ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}

2
library/x509write.c
View file

@ -146,8 +146,6 @@ int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
/*
* Wrapper for x509 hashes.
*
* \param out Buffer to receive the hash (Should be at least 64 bytes)
*/
static void x509_hash( const unsigned char *in, size_t len, int alg,
unsigned char *out )