Merged Prime generation improvements
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 08cb9b5..422a7c4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,6 +7,8 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
+ set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations")
+ set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wcast-qual -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
diff --git a/ChangeLog b/ChangeLog
index 334d147..1d28f6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
PolarSSL ChangeLog (Sorted per branch, date)
+= PolarSSL 1.3 branch
+Bugfix
+ * Fixed X.509 hostname comparison (with non-regular characters)
+ * SSL now gracefully handles missing RNG
+
= PolarSSL 1.3.2 released on 2013-11-04
Features
* PK tests added to test framework
diff --git a/include/polarssl/compat-1.2.h b/include/polarssl/compat-1.2.h
index 64d1d63..0cc63ca 100644
--- a/include/polarssl/compat-1.2.h
+++ b/include/polarssl/compat-1.2.h
@@ -58,42 +58,42 @@
*/
typedef sha256_context sha2_context;
-inline void sha2_starts( sha256_context *ctx, int is224 ) {
+static inline void sha2_starts( sha256_context *ctx, int is224 ) {
sha256_starts( ctx, is224 );
}
-inline void sha2_update( sha256_context *ctx, const unsigned char *input,
+static inline void sha2_update( sha256_context *ctx, const unsigned char *input,
size_t ilen ) {
sha256_update( ctx, input, ilen );
}
-inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) {
+static inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) {
sha256_finish( ctx, output );
}
-inline int sha2_file( const char *path, unsigned char output[32], int is224 ) {
+static inline int sha2_file( const char *path, unsigned char output[32], int is224 ) {
return sha256_file( path, output, is224 );
}
-inline void sha2( const unsigned char *input, size_t ilen,
+static inline void sha2( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ) {
sha256( input, ilen, output, is224 );
}
-inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key,
+static inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key,
size_t keylen, int is224 ) {
sha256_hmac_starts( ctx, key, keylen, is224 );
}
-inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen ) {
+static inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen ) {
sha256_hmac_update( ctx, input, ilen );
}
-inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) {
+static inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) {
sha256_hmac_finish( ctx, output );
}
-inline void sha2_hmac_reset( sha256_context *ctx ) {
+static inline void sha2_hmac_reset( sha256_context *ctx ) {
sha256_hmac_reset( ctx );
}
-inline void sha2_hmac( const unsigned char *key, size_t keylen,
+static inline void sha2_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ) {
sha256_hmac( key, keylen, input, ilen, output, is224 );
}
-inline int sha2_self_test( int verbose ) {
+static inline int sha2_self_test( int verbose ) {
return sha256_self_test( verbose );
}
#endif /* POLARSSL_SHA256_C */
@@ -107,42 +107,42 @@
*/
typedef sha512_context sha4_context;
-inline void sha4_starts( sha512_context *ctx, int is384 ) {
+static inline void sha4_starts( sha512_context *ctx, int is384 ) {
sha512_starts( ctx, is384 );
}
-inline void sha4_update( sha512_context *ctx, const unsigned char *input,
+static inline void sha4_update( sha512_context *ctx, const unsigned char *input,
size_t ilen ) {
sha512_update( ctx, input, ilen );
}
-inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) {
+static inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) {
sha512_finish( ctx, output );
}
-inline int sha4_file( const char *path, unsigned char output[64], int is384 ) {
+static inline int sha4_file( const char *path, unsigned char output[64], int is384 ) {
return sha512_file( path, output, is384 );
}
-inline void sha4( const unsigned char *input, size_t ilen,
+static inline void sha4( const unsigned char *input, size_t ilen,
unsigned char output[32], int is384 ) {
sha512( input, ilen, output, is384 );
}
-inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key,
+static inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key,
size_t keylen, int is384 ) {
sha512_hmac_starts( ctx, key, keylen, is384 );
}
-inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen ) {
+static inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen ) {
sha512_hmac_update( ctx, input, ilen );
}
-inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) {
+static inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) {
sha512_hmac_finish( ctx, output );
}
-inline void sha4_hmac_reset( sha512_context *ctx ) {
+static inline void sha4_hmac_reset( sha512_context *ctx ) {
sha512_hmac_reset( ctx );
}
-inline void sha4_hmac( const unsigned char *key, size_t keylen,
+static inline void sha4_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char output[64], int is384 ) {
sha512_hmac( key, keylen, input, ilen, output, is384 );
}
-inline int sha4_self_test( int verbose ) {
+static inline int sha4_self_test( int verbose ) {
return sha512_self_test( verbose );
}
#endif /* POLARSSL_SHA512_C */
@@ -202,13 +202,13 @@
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL POLARSSL_ERR_X509_INVALID_SERIAL
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION POLARSSL_ERR_X509_UNKNOWN_VERSION
-inline int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial ) {
+static inline int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial ) {
return x509_serial_gets( buf, size, serial );
}
-inline int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn ) {
+static inline int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn ) {
return x509_dn_gets( buf, size, dn );
}
-inline int x509parse_time_expired( const x509_time *time ) {
+static inline int x509parse_time_expired( const x509_time *time ) {
return x509_time_expired( time );
}
#endif /* POLARSSL_X509_USE_C || POLARSSL_X509_CREATE_C */
@@ -218,33 +218,33 @@
#include "x509_crt.h"
typedef x509_crt x509_cert;
-inline int x509parse_crt_der( x509_cert *chain, const unsigned char *buf,
+static inline int x509parse_crt_der( x509_cert *chain, const unsigned char *buf,
size_t buflen ) {
return x509_crt_parse_der( chain, buf, buflen );
}
-inline int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen ) {
+static inline int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen ) {
return x509_crt_parse( chain, buf, buflen );
}
-inline int x509parse_crtfile( x509_cert *chain, const char *path ) {
+static inline int x509parse_crtfile( x509_cert *chain, const char *path ) {
return x509_crt_parse_file( chain, path );
}
-inline int x509parse_crtpath( x509_cert *chain, const char *path ) {
+static inline int x509parse_crtpath( x509_cert *chain, const char *path ) {
return x509_crt_parse_path( chain, path );
}
-inline int x509parse_cert_info( char *buf, size_t size, const char *prefix,
+static inline int x509parse_cert_info( char *buf, size_t size, const char *prefix,
const x509_cert *crt ) {
return x509_crt_info( buf, size, prefix, crt );
}
-inline int x509parse_verify( x509_cert *crt, x509_cert *trust_ca,
+static inline int x509parse_verify( x509_cert *crt, x509_cert *trust_ca,
x509_crl *ca_crl, const char *cn, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy ) {
return x509_crt_verify( crt, trust_ca, ca_crl, cn, flags, f_vrfy, p_vrfy );
}
-inline int x509parse_revoked( const x509_cert *crt, const x509_crl *crl ) {
+static inline int x509parse_revoked( const x509_cert *crt, const x509_crl *crl ) {
return x509_crt_revoked( crt, crl );
}
-inline void x509_free( x509_cert *crt ) {
+static inline void x509_free( x509_cert *crt ) {
x509_crt_free( crt );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
@@ -252,13 +252,13 @@
#if defined(POLARSSL_X509_CRL_PARSE_C)
#define POLARSSL_X509_PARSE_C
#include "x509_crl.h"
-inline int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) {
+static inline int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) {
return x509_crl_parse( chain, buf, buflen );
}
-inline int x509parse_crlfile( x509_crl *chain, const char *path ) {
+static inline int x509parse_crlfile( x509_crl *chain, const char *path ) {
return x509_crl_parse_file( chain, path );
}
-inline int x509parse_crl_info( char *buf, size_t size, const char *prefix,
+static inline int x509parse_crl_info( char *buf, size_t size, const char *prefix,
const x509_crl *crl ) {
return x509_crl_info( buf, size, prefix, crl );
}
@@ -267,13 +267,13 @@
#if defined(POLARSSL_X509_CSR_PARSE_C)
#define POLARSSL_X509_PARSE_C
#include "x509_csr.h"
-inline int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen ) {
+static inline int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen ) {
return x509_csr_parse( csr, buf, buflen );
}
-inline int x509parse_csrfile( x509_csr *csr, const char *path ) {
+static inline int x509parse_csrfile( x509_csr *csr, const char *path ) {
return x509_csr_parse_file( csr, path );
}
-inline int x509parse_csr_info( char *buf, size_t size, const char *prefix,
+static inline int x509parse_csr_info( char *buf, size_t size, const char *prefix,
const x509_csr *csr ) {
return x509_csr_info( buf, size, prefix, csr );
}
@@ -295,7 +295,7 @@
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY POLARSSL_ERR_PK_INVALID_PUBKEY
#if defined(POLARSSL_FS_IO)
-inline int x509parse_keyfile( rsa_context *rsa, const char *path,
+static inline int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *pwd ) {
int ret;
pk_context pk;
@@ -310,7 +310,7 @@
pk_free( &pk );
return( ret );
}
-inline int x509parse_public_keyfile( rsa_context *rsa, const char *path ) {
+static inline int x509parse_public_keyfile( rsa_context *rsa, const char *path ) {
int ret;
pk_context pk;
pk_init( &pk );
@@ -326,7 +326,7 @@
}
#endif /* POLARSSL_FS_IO */
-inline int x509parse_key( rsa_context *rsa, const unsigned char *key,
+static inline int x509parse_key( rsa_context *rsa, const unsigned char *key,
size_t keylen,
const unsigned char *pwd, size_t pwdlen ) {
int ret;
@@ -343,7 +343,7 @@
return( ret );
}
-inline int x509parse_public_key( rsa_context *rsa,
+static inline int x509parse_public_key( rsa_context *rsa,
const unsigned char *key, size_t keylen )
{
int ret;
@@ -363,7 +363,7 @@
#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_RSA_C)
#include "pk.h"
-inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
+static inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
int ret;
pk_context ctx;
if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
@@ -372,7 +372,7 @@
pk_free( &ctx );
return( ret );
}
-inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
+static inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) {
int ret;
pk_context ctx;
if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret );
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 251c690..958672b 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -188,7 +188,7 @@
size_t output_max_len );
typedef int (*pk_rsa_alt_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, int hash_id, unsigned int hashlen,
+ int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
diff --git a/include/polarssl/pkcs11.h b/include/polarssl/pkcs11.h
index c0515e6..707d00a 100644
--- a/include/polarssl/pkcs11.h
+++ b/include/polarssl/pkcs11.h
@@ -128,7 +128,7 @@
*/
int pkcs11_sign( pkcs11_context *ctx,
int mode,
- int hash_id,
+ md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
@@ -146,12 +146,12 @@
static inline int ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, int hash_id, unsigned int hashlen,
+ int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
((void) f_rng);
((void) p_rng);
- return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id,
+ return pkcs11_sign( (pkcs11_context *) ctx, mode, md_alg,
hashlen, hash, sig );
}
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index e51e507..fdb27f6 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -101,7 +101,7 @@
#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
-#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
+#define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
@@ -374,7 +374,7 @@
size_t output_max_len );
typedef int (*rsa_sign_func)( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, int hash_id, unsigned int hashlen,
+ int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*rsa_key_len_func)( void *ctx );
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index baaf822..c4060d1 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -82,6 +82,10 @@
target_link_libraries(polarssl ${libs})
+if(ZLIB_FOUND)
+target_link_libraries(polarssl ${ZLIB_LIBRARIES})
+endif(ZLIB_FOUND)
+
install(TARGETS polarssl
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/library/error.c b/library/error.c
index 9d76f19..6ef104d 100644
--- a/library/error.c
+++ b/library/error.c
@@ -358,8 +358,8 @@
snprintf( buf, buflen, "SSL - An unknown cipher was received" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN) )
snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
- if( use_ret == -(POLARSSL_ERR_SSL_NO_SESSION_FOUND) )
- snprintf( buf, buflen, "SSL - No session to recover was found" );
+ if( use_ret == -(POLARSSL_ERR_SSL_NO_RNG) )
+ snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
if( use_ret == -(POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE) )
snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
if( use_ret == -(POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE) )
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 6f22b09..eb87d3c 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -57,7 +57,7 @@
#if defined(POLARSSL_RSA_C)
static size_t rsa_get_size( const void *ctx )
{
- return( 8 * ((rsa_context *) ctx)->len );
+ return( 8 * ((const rsa_context *) ctx)->len );
}
static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
@@ -346,7 +346,7 @@
static size_t rsa_alt_get_size( const void *ctx )
{
- rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+ const rsa_alt_context *rsa_alt = (const rsa_alt_context *) ctx;
return( rsa_alt->key_len_func( rsa_alt->key ) );
}
diff --git a/library/pkcs11.c b/library/pkcs11.c
index 9f68d78..8a99f28 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -30,6 +30,9 @@
#include "polarssl/pkcs11.h"
#if defined(POLARSSL_PKCS11_C)
+#include "polarssl/md.h"
+#include "polarssl/oid.h"
+#include "polarssl/x509_crt.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
@@ -101,7 +104,7 @@
if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
goto cleanup;
- priv_key->len = cert.rsa.len;
+ priv_key->len = pk_get_len(&cert.pk);
priv_key->pkcs11h_cert = pkcs11_cert;
ret = 0;
@@ -129,7 +132,7 @@
if( NULL == ctx )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
- if( RSA_PUBLIC == mode )
+ if( RSA_PRIVATE != mode )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
output_len = input_len = ctx->len;
@@ -158,79 +161,67 @@
int pkcs11_sign( pkcs11_context *ctx,
int mode,
- int hash_id,
+ md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
- size_t olen, asn_len;
+ size_t olen, asn_len = 0, oid_size = 0;
unsigned char *p = sig;
+ const char *oid;
if( NULL == ctx )
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
- if( RSA_PUBLIC == mode )
+ if( RSA_PRIVATE != mode )
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
olen = ctx->len;
- switch( hash_id )
+ if( md_alg != POLARSSL_MD_NONE )
{
- case SIG_RSA_RAW:
- asn_len = 0;
- memcpy( p, hash, hashlen );
- break;
-
- case SIG_RSA_MD2:
- asn_len = OID_SIZE(ASN1_HASH_MDX);
- memcpy( p, ASN1_HASH_MDX, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[13] = 2; break;
-
- case SIG_RSA_MD4:
- asn_len = OID_SIZE(ASN1_HASH_MDX);
- memcpy( p, ASN1_HASH_MDX, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[13] = 4; break;
-
- case SIG_RSA_MD5:
- asn_len = OID_SIZE(ASN1_HASH_MDX);
- memcpy( p, ASN1_HASH_MDX, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[13] = 5; break;
-
- case SIG_RSA_SHA1:
- asn_len = OID_SIZE(ASN1_HASH_SHA1);
- memcpy( p, ASN1_HASH_SHA1, asn_len );
- memcpy( p + 15, hash, hashlen );
- break;
-
- case SIG_RSA_SHA224:
- asn_len = OID_SIZE(ASN1_HASH_SHA2X);
- memcpy( p, ASN1_HASH_SHA2X, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[1] += hashlen; p[14] = 4; p[18] += hashlen; break;
-
- case SIG_RSA_SHA256:
- asn_len = OID_SIZE(ASN1_HASH_SHA2X);
- memcpy( p, ASN1_HASH_SHA2X, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[1] += hashlen; p[14] = 1; p[18] += hashlen; break;
-
- case SIG_RSA_SHA384:
- asn_len = OID_SIZE(ASN1_HASH_SHA2X);
- memcpy( p, ASN1_HASH_SHA2X, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[1] += hashlen; p[14] = 2; p[18] += hashlen; break;
-
- case SIG_RSA_SHA512:
- asn_len = OID_SIZE(ASN1_HASH_SHA2X);
- memcpy( p, ASN1_HASH_SHA2X, asn_len );
- memcpy( p + asn_len, hash, hashlen );
- p[1] += hashlen; p[14] = 3; p[18] += hashlen; break;
-
- default:
+ const md_info_t *md_info = md_info_from_type( md_alg );
+ if( md_info == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ if( oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ hashlen = md_get_size( md_info );
+ }
+
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ memcpy( p, hash, hashlen );
+ }
+ else
+ {
+ /*
+ * DigestInfo ::= SEQUENCE {
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * digest Digest }
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * Digest ::= OCTET STRING
+ */
+ *p++ = ASN1_SEQUENCE | ASN1_CONSTRUCTED;
+ *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
+ *p++ = ASN1_SEQUENCE | ASN1_CONSTRUCTED;
+ *p++ = (unsigned char) ( 0x04 + oid_size );
+ *p++ = ASN1_OID;
+ *p++ = oid_size & 0xFF;
+ memcpy( p, oid, oid_size );
+ p += oid_size;
+ *p++ = ASN1_NULL;
+ *p++ = 0x00;
+ *p++ = ASN1_OCTET_STRING;
+ *p++ = hashlen;
+
+ /* Determine added ASN length */
+ asn_len = p - sig;
+
+ memcpy( p, hash, hashlen );
}
if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0eaa531..3cde375 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -390,6 +390,12 @@
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+ if( ssl->f_rng == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+ return( POLARSSL_ERR_SSL_NO_RNG );
+ }
+
if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
{
ssl->major_ver = ssl->min_major_ver;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e44bf72..12ccb12 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1594,6 +1594,12 @@
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+ if( ssl->f_rng == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+ return( POLARSSL_ERR_SSL_NO_RNG );
+ }
+
/*
* 0 . 0 handshake type
* 1 . 3 handshake length
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6a127b2..6382c53 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1273,11 +1273,15 @@
{
diff = n1[i] ^ n2[i];
- if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+ if( diff == 0 )
continue;
- if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+ if( diff == 32 &&
+ ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+ ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+ {
continue;
+ }
return( 1 );
}
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 948066a..3cba7e8 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -60,7 +60,7 @@
#else
#if defined(VERBOSE)
-static void dump_buf( char *title, unsigned char *buf, size_t len )
+static void dump_buf( const char *title, unsigned char *buf, size_t len )
{
size_t i;
@@ -71,7 +71,7 @@
printf( "\n" );
}
-static void dump_pubkey( char *title, ecdsa_context *key )
+static void dump_pubkey( const char *title, ecdsa_context *key )
{
unsigned char buf[300];
size_t len;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index 9364356..f372684 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -50,8 +50,8 @@
*/
struct options
{
- char *filename; /* filename of the input file */
- char *output_file; /* where to store the output */
+ const char *filename; /* filename of the input file */
+ const char *output_file; /* where to store the output */
} opt;
int convert_pem_to_der( const unsigned char *input, size_t ilen,
@@ -61,11 +61,11 @@
const unsigned char *s1, *s2, *end = input + ilen;
size_t len = 0;
- s1 = (unsigned char *) strstr( (char *) input, "-----BEGIN" );
+ s1 = (unsigned char *) strstr( (const char *) input, "-----BEGIN" );
if( s1 == NULL )
return( -1 );
- s2 = (unsigned char *) strstr( (char *) input, "-----END" );
+ s2 = (unsigned char *) strstr( (const char *) input, "-----END" );
if( s2 == NULL )
return( -1 );
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index dc45f94..2388dc9 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -62,15 +62,15 @@
*/
struct options
{
- char *filename; /* filename of the key file */
+ const char *filename; /* filename of the key file */
int debug_level; /* level of debugging */
- char *output_file; /* where to store the constructed key file */
- char *subject_name; /* subject name for certificate request */
+ const char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate request */
unsigned char key_usage; /* key usage flags */
unsigned char ns_cert_type; /* NS cert type */
} opt;
-int write_certificate_request( x509write_csr *req, char *output_file,
+int write_certificate_request( x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index f72f623..beac089 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -75,18 +75,18 @@
*/
struct options
{
- char *issuer_crt; /* filename of the issuer certificate */
- char *request_file; /* filename of the certificate request */
- char *subject_key; /* filename of the subject key file */
- char *issuer_key; /* filename of the issuer key file */
- char *subject_pwd; /* password for the subject key file */
- char *issuer_pwd; /* password for the issuer key file */
- char *output_file; /* where to store the constructed key file */
- char *subject_name; /* subject name for certificate */
- char *issuer_name; /* issuer name for certificate */
- char *not_before; /* validity period not before */
- char *not_after; /* validity period not after */
- char *serial; /* serial number string */
+ const char *issuer_crt; /* filename of the issuer certificate */
+ const char *request_file; /* filename of the certificate request */
+ const char *subject_key; /* filename of the subject key file */
+ const char *issuer_key; /* filename of the issuer key file */
+ const char *subject_pwd; /* password for the subject key file */
+ const char *issuer_pwd; /* password for the issuer key file */
+ const char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate */
+ const char *issuer_name; /* issuer name for certificate */
+ const char *not_before; /* validity period not before */
+ const char *not_after; /* validity period not after */
+ const char *serial; /* serial number string */
int selfsign; /* selfsign the certificate */
int is_ca; /* is a CA certificate */
int max_pathlen; /* maximum CA path length */
@@ -94,7 +94,7 @@
unsigned char ns_cert_type; /* NS cert type */
} opt;
-int write_certificate( x509write_cert *crt, char *output_file,
+int write_certificate( x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index 98b5765..969cd95 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -33,11 +33,8 @@
#include <string.h>
-#if defined(EFIX64) || defined(EFI32)
-#include <stdio.h>
-#endif
-
-#if defined(_MSC_VER) && !defined snprintf
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
#define snprintf _snprintf
#endif
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index c64d9be..67fb394 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -6,7 +6,7 @@
SUITE_PRE_DEP
#define TEST_SUITE_ACTIVE
-static int test_assert( int correct, char *test )
+static int test_assert( int correct, const char *test )
{
if( correct )
return( 0 );