diff --git a/contrib/bearssl/flist b/contrib/bearssl/flist deleted file mode 100644 index 9751ad231065..000000000000 --- a/contrib/bearssl/flist +++ /dev/null @@ -1,459 +0,0 @@ -T0/BlobWriter.cs -T0/CPU.cs -T0/CodeElement.cs -T0/CodeElementJump.cs -T0/CodeElementUInt.cs -T0/CodeElementUIntExpr.cs -T0/CodeElementUIntInt.cs -T0/CodeElementUIntUInt.cs -T0/ConstData.cs -T0/Opcode.cs -T0/OpcodeCall.cs -T0/OpcodeConst.cs -T0/OpcodeGetLocal.cs -T0/OpcodeJump.cs -T0/OpcodeJumpIf.cs -T0/OpcodeJumpIfNot.cs -T0/OpcodeJumpUncond.cs -T0/OpcodePutLocal.cs -T0/OpcodeRet.cs -T0/SType.cs -T0/T0Comp.cs -T0/TPointerBase.cs -T0/TPointerBlob.cs -T0/TPointerExpr.cs -T0/TPointerNull.cs -T0/TPointerXT.cs -T0/TValue.cs -T0/Word.cs -T0/WordBuilder.cs -T0/WordData.cs -T0/WordInterpreted.cs -T0/WordNative.cs -T0/kern.t0 -conf/Unix.mk -conf/Unix32.mk -conf/UnixClang.mk -conf/Win.mk -conf/samd20.mk -inc/bearssl.h -inc/bearssl_aead.h -inc/bearssl_block.h -inc/bearssl_ec.h -inc/bearssl_hash.h -inc/bearssl_hmac.h -inc/bearssl_kdf.h -inc/bearssl_pem.h -inc/bearssl_prf.h -inc/bearssl_rand.h -inc/bearssl_rsa.h -inc/bearssl_ssl.h -inc/bearssl_x509.h -mk/Defaults.mk -mk/NMake.mk -mk/Rules.mk -mk/SingleUnix.mk -mk/mkT0.cmd -mk/mkT0.sh -mk/mkrules.sh -samples/README.txt -samples/cert-ee-ec+rsa.pem -samples/cert-ee-ec.pem -samples/cert-ee-rsa.pem -samples/cert-ica-ec.pem -samples/cert-ica-rsa.pem -samples/cert-root-ec.pem -samples/cert-root-rsa.pem -samples/chain-ec+rsa.h -samples/chain-ec.h -samples/chain-rsa.h -samples/client_basic.c -samples/custom_profile.c -samples/key-ec.h -samples/key-ee-ec.pem -samples/key-ee-rsa.pem -samples/key-ica-ec.pem -samples/key-ica-rsa.pem -samples/key-root-ec.pem -samples/key-root-rsa.pem -samples/key-rsa.h -samples/server_basic.c -src/aead/ccm.c -src/aead/eax.c -src/aead/gcm.c -src/codec/ccopy.c -src/codec/dec16be.c -src/codec/dec16le.c -src/codec/dec32be.c -src/codec/dec32le.c -src/codec/dec64be.c -src/codec/dec64le.c -src/codec/enc16be.c -src/codec/enc16le.c -src/codec/enc32be.c -src/codec/enc32le.c -src/codec/enc64be.c -src/codec/enc64le.c -src/codec/pemdec.c -src/codec/pemdec.t0 -src/codec/pemenc.c -src/config.h -src/ec/ec_all_m15.c -src/ec/ec_all_m31.c -src/ec/ec_c25519_i15.c -src/ec/ec_c25519_i31.c -src/ec/ec_c25519_m15.c -src/ec/ec_c25519_m31.c -src/ec/ec_c25519_m62.c -src/ec/ec_c25519_m64.c -src/ec/ec_curve25519.c -src/ec/ec_default.c -src/ec/ec_keygen.c -src/ec/ec_p256_m15.c -src/ec/ec_p256_m31.c -src/ec/ec_p256_m62.c -src/ec/ec_p256_m64.c -src/ec/ec_prime_i15.c -src/ec/ec_prime_i31.c -src/ec/ec_pubkey.c -src/ec/ec_secp256r1.c -src/ec/ec_secp384r1.c -src/ec/ec_secp521r1.c -src/ec/ecdsa_atr.c -src/ec/ecdsa_default_sign_asn1.c -src/ec/ecdsa_default_sign_raw.c -src/ec/ecdsa_default_vrfy_asn1.c -src/ec/ecdsa_default_vrfy_raw.c -src/ec/ecdsa_i15_bits.c -src/ec/ecdsa_i15_sign_asn1.c -src/ec/ecdsa_i15_sign_raw.c -src/ec/ecdsa_i15_vrfy_asn1.c -src/ec/ecdsa_i15_vrfy_raw.c -src/ec/ecdsa_i31_bits.c -src/ec/ecdsa_i31_sign_asn1.c -src/ec/ecdsa_i31_sign_raw.c -src/ec/ecdsa_i31_vrfy_asn1.c -src/ec/ecdsa_i31_vrfy_raw.c -src/ec/ecdsa_rta.c -src/hash/dig_oid.c -src/hash/dig_size.c -src/hash/ghash_ctmul.c -src/hash/ghash_ctmul32.c -src/hash/ghash_ctmul64.c -src/hash/ghash_pclmul.c -src/hash/ghash_pwr8.c -src/hash/md5.c -src/hash/md5sha1.c -src/hash/mgf1.c -src/hash/multihash.c -src/hash/sha1.c -src/hash/sha2big.c -src/hash/sha2small.c -src/inner.h -src/int/i15_add.c -src/int/i15_bitlen.c -src/int/i15_decmod.c -src/int/i15_decode.c -src/int/i15_decred.c -src/int/i15_encode.c -src/int/i15_fmont.c -src/int/i15_iszero.c -src/int/i15_moddiv.c -src/int/i15_modpow.c -src/int/i15_modpow2.c -src/int/i15_montmul.c -src/int/i15_mulacc.c -src/int/i15_muladd.c -src/int/i15_ninv15.c -src/int/i15_reduce.c -src/int/i15_rshift.c -src/int/i15_sub.c -src/int/i15_tmont.c -src/int/i31_add.c -src/int/i31_bitlen.c -src/int/i31_decmod.c -src/int/i31_decode.c -src/int/i31_decred.c -src/int/i31_encode.c -src/int/i31_fmont.c -src/int/i31_iszero.c -src/int/i31_moddiv.c -src/int/i31_modpow.c -src/int/i31_modpow2.c -src/int/i31_montmul.c -src/int/i31_mulacc.c -src/int/i31_muladd.c -src/int/i31_ninv31.c -src/int/i31_reduce.c -src/int/i31_rshift.c -src/int/i31_sub.c -src/int/i31_tmont.c -src/int/i32_add.c -src/int/i32_bitlen.c -src/int/i32_decmod.c -src/int/i32_decode.c -src/int/i32_decred.c -src/int/i32_div32.c -src/int/i32_encode.c -src/int/i32_fmont.c -src/int/i32_iszero.c -src/int/i32_modpow.c -src/int/i32_montmul.c -src/int/i32_mulacc.c -src/int/i32_muladd.c -src/int/i32_ninv32.c -src/int/i32_reduce.c -src/int/i32_sub.c -src/int/i32_tmont.c -src/int/i62_modpow2.c -src/kdf/hkdf.c -src/kdf/shake.c -src/mac/hmac.c -src/mac/hmac_ct.c -src/rand/aesctr_drbg.c -src/rand/hmac_drbg.c -src/rand/sysrng.c -src/rsa/rsa_default_keygen.c -src/rsa/rsa_default_modulus.c -src/rsa/rsa_default_oaep_decrypt.c -src/rsa/rsa_default_oaep_encrypt.c -src/rsa/rsa_default_pkcs1_sign.c -src/rsa/rsa_default_pkcs1_vrfy.c -src/rsa/rsa_default_priv.c -src/rsa/rsa_default_privexp.c -src/rsa/rsa_default_pss_sign.c -src/rsa/rsa_default_pss_vrfy.c -src/rsa/rsa_default_pub.c -src/rsa/rsa_default_pubexp.c -src/rsa/rsa_i15_keygen.c -src/rsa/rsa_i15_modulus.c -src/rsa/rsa_i15_oaep_decrypt.c -src/rsa/rsa_i15_oaep_encrypt.c -src/rsa/rsa_i15_pkcs1_sign.c -src/rsa/rsa_i15_pkcs1_vrfy.c -src/rsa/rsa_i15_priv.c -src/rsa/rsa_i15_privexp.c -src/rsa/rsa_i15_pss_sign.c -src/rsa/rsa_i15_pss_vrfy.c -src/rsa/rsa_i15_pub.c -src/rsa/rsa_i15_pubexp.c -src/rsa/rsa_i31_keygen.c -src/rsa/rsa_i31_keygen_inner.c -src/rsa/rsa_i31_modulus.c -src/rsa/rsa_i31_oaep_decrypt.c -src/rsa/rsa_i31_oaep_encrypt.c -src/rsa/rsa_i31_pkcs1_sign.c -src/rsa/rsa_i31_pkcs1_vrfy.c -src/rsa/rsa_i31_priv.c -src/rsa/rsa_i31_privexp.c -src/rsa/rsa_i31_pss_sign.c -src/rsa/rsa_i31_pss_vrfy.c -src/rsa/rsa_i31_pub.c -src/rsa/rsa_i31_pubexp.c -src/rsa/rsa_i32_oaep_decrypt.c -src/rsa/rsa_i32_oaep_encrypt.c -src/rsa/rsa_i32_pkcs1_sign.c -src/rsa/rsa_i32_pkcs1_vrfy.c -src/rsa/rsa_i32_priv.c -src/rsa/rsa_i32_pss_sign.c -src/rsa/rsa_i32_pss_vrfy.c -src/rsa/rsa_i32_pub.c -src/rsa/rsa_i62_keygen.c -src/rsa/rsa_i62_oaep_decrypt.c -src/rsa/rsa_i62_oaep_encrypt.c -src/rsa/rsa_i62_pkcs1_sign.c -src/rsa/rsa_i62_pkcs1_vrfy.c -src/rsa/rsa_i62_priv.c -src/rsa/rsa_i62_pss_sign.c -src/rsa/rsa_i62_pss_vrfy.c -src/rsa/rsa_i62_pub.c -src/rsa/rsa_oaep_pad.c -src/rsa/rsa_oaep_unpad.c -src/rsa/rsa_pkcs1_sig_pad.c -src/rsa/rsa_pkcs1_sig_unpad.c -src/rsa/rsa_pss_sig_pad.c -src/rsa/rsa_pss_sig_unpad.c -src/rsa/rsa_ssl_decrypt.c -src/settings.c -src/ssl/prf.c -src/ssl/prf_md5sha1.c -src/ssl/prf_sha256.c -src/ssl/prf_sha384.c -src/ssl/ssl_ccert_single_ec.c -src/ssl/ssl_ccert_single_rsa.c -src/ssl/ssl_client.c -src/ssl/ssl_client_default_rsapub.c -src/ssl/ssl_client_full.c -src/ssl/ssl_engine.c -src/ssl/ssl_engine_default_aescbc.c -src/ssl/ssl_engine_default_aesccm.c -src/ssl/ssl_engine_default_aesgcm.c -src/ssl/ssl_engine_default_chapol.c -src/ssl/ssl_engine_default_descbc.c -src/ssl/ssl_engine_default_ec.c -src/ssl/ssl_engine_default_ecdsa.c -src/ssl/ssl_engine_default_rsavrfy.c -src/ssl/ssl_hashes.c -src/ssl/ssl_hs_client.c -src/ssl/ssl_hs_client.t0 -src/ssl/ssl_hs_common.t0 -src/ssl/ssl_hs_server.c -src/ssl/ssl_hs_server.t0 -src/ssl/ssl_io.c -src/ssl/ssl_keyexport.c -src/ssl/ssl_lru.c -src/ssl/ssl_rec_cbc.c -src/ssl/ssl_rec_ccm.c -src/ssl/ssl_rec_chapol.c -src/ssl/ssl_rec_gcm.c -src/ssl/ssl_scert_single_ec.c -src/ssl/ssl_scert_single_rsa.c -src/ssl/ssl_server.c -src/ssl/ssl_server_full_ec.c -src/ssl/ssl_server_full_rsa.c -src/ssl/ssl_server_mine2c.c -src/ssl/ssl_server_mine2g.c -src/ssl/ssl_server_minf2c.c -src/ssl/ssl_server_minf2g.c -src/ssl/ssl_server_minr2g.c -src/ssl/ssl_server_minu2g.c -src/ssl/ssl_server_minv2g.c -src/symcipher/aes_big_cbcdec.c -src/symcipher/aes_big_cbcenc.c -src/symcipher/aes_big_ctr.c -src/symcipher/aes_big_ctrcbc.c -src/symcipher/aes_big_dec.c -src/symcipher/aes_big_enc.c -src/symcipher/aes_common.c -src/symcipher/aes_ct.c -src/symcipher/aes_ct64.c -src/symcipher/aes_ct64_cbcdec.c -src/symcipher/aes_ct64_cbcenc.c -src/symcipher/aes_ct64_ctr.c -src/symcipher/aes_ct64_ctrcbc.c -src/symcipher/aes_ct64_dec.c -src/symcipher/aes_ct64_enc.c -src/symcipher/aes_ct_cbcdec.c -src/symcipher/aes_ct_cbcenc.c -src/symcipher/aes_ct_ctr.c -src/symcipher/aes_ct_ctrcbc.c -src/symcipher/aes_ct_dec.c -src/symcipher/aes_ct_enc.c -src/symcipher/aes_pwr8.c -src/symcipher/aes_pwr8_cbcdec.c -src/symcipher/aes_pwr8_cbcenc.c -src/symcipher/aes_pwr8_ctr.c -src/symcipher/aes_pwr8_ctrcbc.c -src/symcipher/aes_small_cbcdec.c -src/symcipher/aes_small_cbcenc.c -src/symcipher/aes_small_ctr.c -src/symcipher/aes_small_ctrcbc.c -src/symcipher/aes_small_dec.c -src/symcipher/aes_small_enc.c -src/symcipher/aes_x86ni.c -src/symcipher/aes_x86ni_cbcdec.c -src/symcipher/aes_x86ni_cbcenc.c -src/symcipher/aes_x86ni_ctr.c -src/symcipher/aes_x86ni_ctrcbc.c -src/symcipher/chacha20_ct.c -src/symcipher/chacha20_sse2.c -src/symcipher/des_ct.c -src/symcipher/des_ct_cbcdec.c -src/symcipher/des_ct_cbcenc.c -src/symcipher/des_support.c -src/symcipher/des_tab.c -src/symcipher/des_tab_cbcdec.c -src/symcipher/des_tab_cbcenc.c -src/symcipher/poly1305_ctmul.c -src/symcipher/poly1305_ctmul32.c -src/symcipher/poly1305_ctmulq.c -src/symcipher/poly1305_i15.c -src/x509/asn1.t0 -src/x509/asn1enc.c -src/x509/encode_ec_pk8der.c -src/x509/encode_ec_rawder.c -src/x509/encode_rsa_pk8der.c -src/x509/encode_rsa_rawder.c -src/x509/skey_decoder.c -src/x509/skey_decoder.t0 -src/x509/x509_decoder.c -src/x509/x509_decoder.t0 -src/x509/x509_knownkey.c -src/x509/x509_minimal.c -src/x509/x509_minimal.t0 -src/x509/x509_minimal_full.c -test/test_crypto.c -test/test_math.c -test/test_speed.c -test/test_x509.c -test/x509/alltests.txt -test/x509/dn-ee.der -test/x509/dn-ica1.der -test/x509/dn-ica2.der -test/x509/dn-root-new.der -test/x509/dn-root.der -test/x509/ee-badsig1.crt -test/x509/ee-badsig2.crt -test/x509/ee-cp1.crt -test/x509/ee-cp2.crt -test/x509/ee-cp3.crt -test/x509/ee-cp4.crt -test/x509/ee-dates.crt -test/x509/ee-md5.crt -test/x509/ee-names.crt -test/x509/ee-names2.crt -test/x509/ee-names3.crt -test/x509/ee-names4.crt -test/x509/ee-p256-sha1.crt -test/x509/ee-p256-sha224.crt -test/x509/ee-p256-sha256.crt -test/x509/ee-p256-sha384.crt -test/x509/ee-p256-sha512.crt -test/x509/ee-p256.crt -test/x509/ee-p384.crt -test/x509/ee-p521.crt -test/x509/ee-sha1.crt -test/x509/ee-sha224.crt -test/x509/ee-sha384.crt -test/x509/ee-sha512.crt -test/x509/ee-trailing.crt -test/x509/ee.crt -test/x509/ica1-1016.crt -test/x509/ica1-1017.crt -test/x509/ica1-4096.crt -test/x509/ica1-p256.crt -test/x509/ica1-p384.crt -test/x509/ica1-p521.crt -test/x509/ica1.crt -test/x509/ica2-1016.crt -test/x509/ica2-1017.crt -test/x509/ica2-4096.crt -test/x509/ica2-notCA.crt -test/x509/ica2-p256.crt -test/x509/ica2-p384.crt -test/x509/ica2-p521.crt -test/x509/ica2.crt -test/x509/junk.crt -test/x509/names.crt -test/x509/root-p256.crt -test/x509/root-p384.crt -test/x509/root-p521.crt -test/x509/root.crt -tools/brssl.c -tools/brssl.h -tools/certs.c -tools/chain.c -tools/client.c -tools/errors.c -tools/files.c -tools/impl.c -tools/keys.c -tools/names.c -tools/server.c -tools/skey.c -tools/sslio.c -tools/ta.c -tools/twrch.c -tools/vector.c -tools/verify.c -tools/xmem.c diff --git a/contrib/bearssl/inc/bearssl.h b/contrib/bearssl/inc/bearssl.h index 4f4797cf7937..310edb258d8d 100644 --- a/contrib/bearssl/inc/bearssl.h +++ b/contrib/bearssl/inc/bearssl.h @@ -1,170 +1,183 @@ /* * Copyright (c) 2016 Thomas Pornin * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #ifndef BR_BEARSSL_H__ #define BR_BEARSSL_H__ #include #include /** \mainpage BearSSL API * * # API Layout * * The functions and structures defined by the BearSSL API are located * in various header files: * * | Header file | Elements | * | :-------------- | :------------------------------------------------ | * | bearssl_hash.h | Hash functions | * | bearssl_hmac.h | HMAC | * | bearssl_kdf.h | Key Derivation Functions | * | bearssl_rand.h | Pseudorandom byte generators | * | bearssl_prf.h | PRF implementations (for SSL/TLS) | * | bearssl_block.h | Symmetric encryption | * | bearssl_aead.h | AEAD algorithms (combined encryption + MAC) | * | bearssl_rsa.h | RSA encryption and signatures | * | bearssl_ec.h | Elliptic curves support (including ECDSA) | * | bearssl_ssl.h | SSL/TLS engine interface | * | bearssl_x509.h | X.509 certificate decoding and validation | * | bearssl_pem.h | Base64/PEM decoding support functions | * * Applications using BearSSL are supposed to simply include `bearssl.h` * as follows: * * #include * * The `bearssl.h` file itself includes all the other header files. It is * possible to include specific header files, but it has no practical * advantage for the application. The API is separated into separate * header files only for documentation convenience. * * * # Conventions * * ## MUST and SHALL * * In all descriptions, the usual "MUST", "SHALL", "MAY",... terminology * is used. Failure to meet requirements expressed with a "MUST" or * "SHALL" implies undefined behaviour, which means that segmentation * faults, buffer overflows, and other similar adverse events, may occur. * * In general, BearSSL is not very forgiving of programming errors, and * does not include much failsafes or error reporting when the problem * does not arise from external transient conditions, and can be fixed * only in the application code. This is done so in order to make the * total code footprint lighter. * * * ## `NULL` values * * Function parameters with a pointer type shall not be `NULL` unless * explicitly authorised by the documentation. As an exception, when * the pointer aims at a sequence of bytes and is accompanied with * a length parameter, and the length is zero (meaning that there is * no byte at all to retrieve), then the pointer may be `NULL` even if * not explicitly allowed. * * * ## Memory Allocation * * BearSSL does not perform dynamic memory allocation. This implies that * for any functionality that requires a non-transient state, the caller * is responsible for allocating the relevant context structure. Such * allocation can be done in any appropriate area, including static data * segments, the heap, and the stack, provided that proper alignment is * respected. The header files define these context structures * (including size and contents), so the C compiler should handle * alignment automatically. * * Since there is no dynamic resource allocation, there is also nothing to * release. When the calling code is done with a BearSSL feature, it * may simple release the context structures it allocated itself, with * no "close function" to call. If the context structures were allocated * on the stack (as local variables), then even that release operation is * implicit. * * * ## Structure Contents * * Except when explicitly indicated, structure contents are opaque: they * are included in the header files so that calling code may know the * structure sizes and alignment requirements, but callers SHALL NOT * access individual fields directly. For fields that are supposed to * be read from or written to, the API defines accessor functions (the * simplest of these accessor functions are defined as `static inline` * functions, and the C compiler will optimise them away). * * * # API Usage * * BearSSL usage for running a SSL/TLS client or server is described * on the [BearSSL Web site](https://www.bearssl.org/api1.html). The * BearSSL source archive also comes with sample code. */ #include "bearssl_hash.h" #include "bearssl_hmac.h" #include "bearssl_kdf.h" #include "bearssl_rand.h" #include "bearssl_prf.h" #include "bearssl_block.h" #include "bearssl_aead.h" #include "bearssl_rsa.h" #include "bearssl_ec.h" #include "bearssl_ssl.h" #include "bearssl_x509.h" #include "bearssl_pem.h" +#ifdef __cplusplus +extern "C" { +#endif + /** \brief Type for a configuration option. * * A "configuration option" is a value that is selected when the BearSSL * library itself is compiled. Most options are boolean; their value is * then either 1 (option is enabled) or 0 (option is disabled). Some * values have other integer values. Option names correspond to macro * names. Some of the options can be explicitly set in the internal * `"config.h"` file. */ typedef struct { /** \brief Configurable option name. */ const char *name; /** \brief Configurable option value. */ long value; } br_config_option; /** \brief Get configuration report. * * This function returns compiled configuration options, each as a * 'long' value. Names match internal macro names, in particular those * that can be set in the `"config.h"` inner file. For boolean options, * the numerical value is 1 if enabled, 0 if disabled. For maximum * key sizes, values are expressed in bits. * * The returned array is terminated by an entry whose `name` is `NULL`. * * \return the configuration report. */ const br_config_option *br_get_config(void); +/* ======================================================================= */ + +/** \brief Version feature: support for time callback. */ +#define BR_FEATURE_X509_TIME_CALLBACK 1 + +#ifdef __cplusplus +} +#endif + #endif diff --git a/contrib/bearssl/src/rsa/rsa_i62_keygen.c b/contrib/bearssl/src/rsa/rsa_i62_keygen.c index 8f55c3759082..992fe97e6ff1 100644 --- a/contrib/bearssl/src/rsa/rsa_i62_keygen.c +++ b/contrib/bearssl/src/rsa/rsa_i62_keygen.c @@ -1,57 +1,57 @@ /* * Copyright (c) 2018 Thomas Pornin * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include "inner.h" #if BR_INT128 || BR_UMUL128 /* see bearssl_rsa.h */ uint32_t br_rsa_i62_keygen(const br_prng_class **rng, br_rsa_private_key *sk, void *kbuf_priv, br_rsa_public_key *pk, void *kbuf_pub, unsigned size, uint32_t pubexp) { return br_rsa_i31_keygen_inner(rng, sk, kbuf_priv, pk, kbuf_pub, size, pubexp, &br_i62_modpow_opt_as_i31); } /* see bearssl_rsa.h */ br_rsa_keygen -br_rsa_i62_keygen_get() +br_rsa_i62_keygen_get(void) { return &br_rsa_i62_keygen; } #else /* see bearssl_rsa.h */ br_rsa_keygen -br_rsa_i62_keygen_get() +br_rsa_i62_keygen_get(void) { return 0; } #endif diff --git a/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c b/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c index a9f8ca3ac10f..0c6ae9990a09 100644 --- a/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c +++ b/contrib/bearssl/src/rsa/rsa_pss_sig_unpad.c @@ -1,121 +1,121 @@ /* * Copyright (c) 2018 Thomas Pornin * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include "inner.h" /* see inner.h */ uint32_t br_rsa_pss_sig_unpad(const br_hash_class *hf_data, const br_hash_class *hf_mgf1, const unsigned char *hash, size_t salt_len, const br_rsa_public_key *pk, unsigned char *x) { size_t u, xlen, hash_len; br_hash_compat_context hc; unsigned char *seed, *salt; unsigned char tmp[64]; uint32_t r, n_bitlen; hash_len = br_digest_size(hf_data); /* * Value r will be set to a non-zero value is any test fails. */ r = 0; /* * The value bit length (as an integer) must be strictly less than * that of the modulus. */ for (u = 0; u < pk->nlen; u ++) { if (pk->n[u] != 0) { break; } } if (u == pk->nlen) { return 0; } n_bitlen = BIT_LENGTH(pk->n[u]) + ((uint32_t)(pk->nlen - u - 1) << 3); n_bitlen --; if ((n_bitlen & 7) == 0) { r |= *x ++; } else { r |= x[0] & (0xFF << (n_bitlen & 7)); } xlen = (n_bitlen + 7) >> 3; /* * Check that the modulus is large enough for the hash value * length combined with the intended salt length. */ if (hash_len > xlen || salt_len > xlen || (hash_len + salt_len + 2) > xlen) { return 0; } /* * Check value of rightmost byte. */ r |= x[xlen - 1] ^ 0xBC; /* * Generate the mask and XOR it into the first bytes to reveal PS; * we must also mask out the leading bits. */ seed = x + xlen - hash_len - 1; br_mgf1_xor(x, xlen - hash_len - 1, hf_mgf1, seed, hash_len); if ((n_bitlen & 7) != 0) { x[0] &= 0xFF >> (8 - (n_bitlen & 7)); } /* * Check that all padding bytes have the expected value. */ for (u = 0; u < (xlen - hash_len - salt_len - 2); u ++) { r |= x[u]; } r |= x[xlen - hash_len - salt_len - 2] ^ 0x01; /* * Recompute H. */ salt = x + xlen - hash_len - salt_len - 1; hf_data->init(&hc.vtable); memset(tmp, 0, 8); hf_data->update(&hc.vtable, tmp, 8); hf_data->update(&hc.vtable, hash, hash_len); hf_data->update(&hc.vtable, salt, salt_len); hf_data->out(&hc.vtable, tmp); /* * Check that the recomputed H value matches the one appearing * in the string. */ for (u = 0; u < hash_len; u ++) { - r |= tmp[u] ^ x[(xlen - salt_len - 1) + u]; + r |= tmp[u] ^ x[(xlen - hash_len - 1) + u]; } return EQ0(r); }