mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-26 03:40:26 +00:00
Manuel Pégourié-Gonnard
GitHub
commit
14c194aae9
@ -87,6 +87,13 @@
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT if some module needs it.
|
||||
*/
|
||||
#if defined(MBEDTLS_PEM_PARSE_C) || \
|
||||
defined(MBEDTLS_RSA_C)
|
||||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
* is defined as well to include all PSA code.
|
||||
*/
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
#include "mbedtls/base64.h"
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/aes.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
@ -99,26 +99,33 @@ static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
||||
unsigned char *iv,
|
||||
const unsigned char *pwd, size_t pwdlen)
|
||||
{
|
||||
mbedtls_md5_context md5_ctx;
|
||||
mbedtls_md_context_t md5_ctx;
|
||||
const mbedtls_md_info_t *md5_info;
|
||||
unsigned char md5sum[16];
|
||||
size_t use_len;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_md5_init(&md5_ctx);
|
||||
mbedtls_md_init(&md5_ctx);
|
||||
|
||||
/* Prepare the context. (setup() errors gracefully on NULL info.) */
|
||||
md5_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
|
||||
if ((ret = mbedtls_md_setup(&md5_ctx, md5_info, 0)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* key[ 0..15] = MD5(pwd || IV)
|
||||
*/
|
||||
if ((ret = mbedtls_md5_starts(&md5_ctx)) != 0) {
|
||||
if ((ret = mbedtls_md_starts(&md5_ctx)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_update(&md5_ctx, pwd, pwdlen)) != 0) {
|
||||
if ((ret = mbedtls_md_update(&md5_ctx, pwd, pwdlen)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_update(&md5_ctx, iv, 8)) != 0) {
|
||||
if ((ret = mbedtls_md_update(&md5_ctx, iv, 8)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_finish(&md5_ctx, md5sum)) != 0) {
|
||||
if ((ret = mbedtls_md_finish(&md5_ctx, md5sum)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@ -132,19 +139,19 @@ static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
||||
/*
|
||||
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
|
||||
*/
|
||||
if ((ret = mbedtls_md5_starts(&md5_ctx)) != 0) {
|
||||
if ((ret = mbedtls_md_starts(&md5_ctx)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_update(&md5_ctx, md5sum, 16)) != 0) {
|
||||
if ((ret = mbedtls_md_update(&md5_ctx, md5sum, 16)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_update(&md5_ctx, pwd, pwdlen)) != 0) {
|
||||
if ((ret = mbedtls_md_update(&md5_ctx, pwd, pwdlen)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_update(&md5_ctx, iv, 8)) != 0) {
|
||||
if ((ret = mbedtls_md_update(&md5_ctx, iv, 8)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mbedtls_md5_finish(&md5_ctx, md5sum)) != 0) {
|
||||
if ((ret = mbedtls_md_finish(&md5_ctx, md5sum)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@ -156,7 +163,7 @@ static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
||||
memcpy(key + 16, md5sum, use_len);
|
||||
|
||||
exit:
|
||||
mbedtls_md5_free(&md5_ctx);
|
||||
mbedtls_md_free(&md5_ctx);
|
||||
mbedtls_platform_zeroize(md5sum, 16);
|
||||
|
||||
return ret;
|
||||
|
||||
@ -2344,7 +2344,7 @@ void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#include "mbedtls/sha1.h"
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
/*
|
||||
* Example RSA-1024 keypair, for test purposes
|
||||
@ -2508,7 +2508,8 @@ int mbedtls_rsa_self_test(int verbose)
|
||||
mbedtls_printf(" PKCS#1 data sign : ");
|
||||
}
|
||||
|
||||
if (mbedtls_sha1(rsa_plaintext, PT_LEN, sha1sum) != 0) {
|
||||
if (mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
|
||||
rsa_plaintext, PT_LEN, sha1sum) != 0) {
|
||||
if (verbose != 0) {
|
||||
mbedtls_printf("failed\n");
|
||||
}
|
||||
|
||||
@ -1230,8 +1230,9 @@ component_test_crypto_full_md_light_only () {
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
# Disable indirect dependencies of MD
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
|
||||
# Enable "light" subset of MD
|
||||
make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_MD_LIGHT" LDFLAGS="$ASAN_CFLAGS"
|
||||
# Note: MD-light is auto-enabled in build_info.h by modules that need it,
|
||||
# which we haven't disabled, so no need to explicitly enable it.
|
||||
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Make sure we don't have the HMAC functions, but the hashing functions
|
||||
not grep mbedtls_md_hmac library/md.o
|
||||
@ -2616,8 +2617,9 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
||||
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
|
||||
|
||||
# There's a risk of something getting re-enabled via config_psa.h;
|
||||
# make sure it did not happen.
|
||||
not grep mbedtls_md library/md.o
|
||||
# make sure it did not happen. Note: it's OK for MD_LIGHT to be enabled,
|
||||
# but not the full MD_C (for now), so check mbedtls_md_hmac for that.
|
||||
not grep mbedtls_md_hmac library/md.o
|
||||
not grep mbedtls_md5 library/md5.o
|
||||
not grep mbedtls_sha1 library/sha1.o
|
||||
not grep mbedtls_sha256 library/sha256.o
|
||||
|
||||
@ -128,7 +128,7 @@ void md_info(int md_type, char *md_name, int md_size)
|
||||
(void) md_name;
|
||||
#endif
|
||||
|
||||
/* Note: PSA Crypto init not needed to info functions */
|
||||
/* Note: PSA Crypto init not needed for info functions */
|
||||
|
||||
md_info = mbedtls_md_info_from_type(md_type);
|
||||
TEST_ASSERT(md_info != NULL);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user