From a184fd0516b5a059d9e9a0ab3912345385ff9b72 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 Jan 2024 10:05:00 +0000 Subject: [PATCH 1/9] programs/dh_client/server: Replaced mbedtls_sha1 with mbedtls_sha256 Signed-off-by: Minos Galanakis --- programs/pkey/dh_client.c | 16 ++++++++-------- programs/pkey/dh_server.c | 15 +++++++-------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 0cb156268..d8fc86fa0 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -14,8 +14,7 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_MD_CAN_SHA1) + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -30,18 +29,19 @@ #define SERVER_NAME "localhost" #define SERVER_PORT "11999" +#define MBEDTLS_MD_CAN_SHA256_MAX_SIZE 32 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) + int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); + "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); } @@ -65,7 +65,7 @@ int main(void) unsigned char *p, *end; unsigned char buf[2048]; - unsigned char hash[32]; + unsigned char hash[MBEDTLS_MD_CAN_SHA256_MAX_SIZE]; const char *pers = "dh_client"; mbedtls_entropy_context entropy; @@ -187,13 +187,13 @@ int main(void) goto exit; } - if ((ret = mbedtls_sha1(buf, (int) (p - 2 - buf), hash)) != 0) { + if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); goto exit; } if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, p)) != 0) { + MBEDTLS_MD_CAN_SHA256_MAX_SIZE, hash, p)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index adddbf2fb..11c2b28c6 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -14,8 +14,7 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_MD_CAN_SHA1) + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -30,18 +29,18 @@ #define SERVER_PORT "11999" #define PLAINTEXT "==Hello there!==" +#define MBEDTLS_MD_CAN_SHA256_MAX_SIZE 32 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); + "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); } #else @@ -57,7 +56,7 @@ int main(void) mbedtls_net_context listen_fd, client_fd; unsigned char buf[2048]; - unsigned char hash[32]; + unsigned char hash[MBEDTLS_MD_CAN_SHA256_MAX_SIZE]; unsigned char buf2[2]; const char *pers = "dh_server"; @@ -186,7 +185,7 @@ int main(void) /* * 5. Sign the parameters and send them */ - if ((ret = mbedtls_sha1(buf, n, hash)) != 0) { + if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); goto exit; } @@ -195,7 +194,7 @@ int main(void) buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len)); if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf + n + 2)) != 0) { + MBEDTLS_MD_CAN_SHA256_MAX_SIZE, hash, buf + n + 2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); goto exit; } From f4dfd1c8a5282ea0a9d0641d2fd6dd0649a5c92f Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 16:06:15 +0000 Subject: [PATCH 2/9] programs/dh_client/server: Added entropy source to `mbedtls_rsa_pkcs1_sign()` Signed-off-by: Minos Galanakis --- programs/pkey/dh_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 11c2b28c6..7d7618be1 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -193,8 +193,9 @@ int main(void) buf[n] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len) >> 8); buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len)); - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - MBEDTLS_MD_CAN_SHA256_MAX_SIZE, hash, buf + n + 2)) != 0) { + if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, + MBEDTLS_MD_SHA256, MBEDTLS_MD_CAN_SHA256_MAX_SIZE, + hash, buf + n + 2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); goto exit; } From b6a96195fb188d9e0e0bc4b4e2c70a78db116d03 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 14:34:14 +0000 Subject: [PATCH 3/9] programs_dh_client/server: Updated programs to use `mbedtls_rsa_get_len()` Signed-off-by: Minos Galanakis --- programs/pkey/dh_client.c | 16 +++++++++------- programs/pkey/dh_server.c | 7 ++++--- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index d8fc86fa0..774051c5d 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -66,6 +66,7 @@ int main(void) unsigned char *p, *end; unsigned char buf[2048]; unsigned char hash[MBEDTLS_MD_CAN_SHA256_MAX_SIZE]; + mbedtls_mpi N, E; const char *pers = "dh_client"; mbedtls_entropy_context entropy; @@ -78,6 +79,8 @@ int main(void) mbedtls_dhm_init(&dhm); mbedtls_aes_init(&aes); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&E); /* * 1. Setup the RNG @@ -106,16 +109,13 @@ int main(void) } mbedtls_rsa_init(&rsa); - - if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) { + if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || + (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); fclose(f); goto exit; } - - rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3; - fclose(f); /* @@ -182,7 +182,7 @@ int main(void) p += 2; - if ((n = (size_t) (end - p)) != rsa.MBEDTLS_PRIVATE(len)) { + if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n"); goto exit; } @@ -273,6 +273,8 @@ exit: mbedtls_dhm_free(&dhm); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&E); mbedtls_exit(exit_code); } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 7d7618be1..0c6cebc10 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -190,8 +190,9 @@ int main(void) goto exit; } - buf[n] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len) >> 8); - buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len)); + const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa); + buf[n] = (unsigned char) (rsa_key_len >> 8); + buf[n + 1] = (unsigned char) (rsa_key_len); if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_MD_SHA256, MBEDTLS_MD_CAN_SHA256_MAX_SIZE, @@ -200,7 +201,7 @@ int main(void) goto exit; } - buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len); + buflen = n + 2 + rsa_key_len; buf2[0] = (unsigned char) (buflen >> 8); buf2[1] = (unsigned char) (buflen); From ee757d35dfaf370792408b7232d31783e9f94653 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 15:06:20 +0000 Subject: [PATCH 4/9] programs_rsa_encrypt/decrypt: Updated programs to use `mbedtls_rsa_get_len()` Signed-off-by: Minos Galanakis --- programs/pkey/rsa_decrypt.c | 2 +- programs/pkey/rsa_encrypt.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 76bfddf5c..a84af50d7 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -133,7 +133,7 @@ int main(int argc, char *argv[]) fclose(f); - if (i != rsa.MBEDTLS_PRIVATE(len)) { + if (i != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf("\n ! Invalid RSA signature format\n\n"); goto exit; } diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4bbb54e7d..6538f8a99 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -126,7 +126,7 @@ int main(int argc, char *argv[]) goto exit; } - for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) { + for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { mbedtls_fprintf(f, "%02X%s", buf[i], (i + 1) % 16 == 0 ? "\r\n" : " "); } From 992f0b8427d88dd3dd6e232406cc8271c3b32407 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 15:07:24 +0000 Subject: [PATCH 5/9] programs_rsa_rsa_sign: Updated program to use `mbedtls_rsa_get_len()` Signed-off-by: Minos Galanakis --- programs/pkey/rsa_sign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9d8ebe39a..e14953bc3 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -131,7 +131,7 @@ int main(int argc, char *argv[]) goto exit; } - for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) { + for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { mbedtls_fprintf(f, "%02X%s", buf[i], (i + 1) % 16 == 0 ? "\r\n" : " "); } From 6e92df12c272a6a8ba328e1de1f5290442345989 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 Jan 2024 15:13:47 +0000 Subject: [PATCH 6/9] programs_rsa_rsa_verify: Updated program to use `mbedtls_rsa_get_len()` Signed-off-by: Minos Galanakis --- programs/pkey/rsa_verify.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index e7d72fd52..4a9af77fa 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -37,11 +37,14 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; size_t i; mbedtls_rsa_context rsa; + mbedtls_mpi N, E; unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; mbedtls_rsa_init(&rsa); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&E); if (argc != 2) { mbedtls_printf("usage: rsa_verify \n"); @@ -62,15 +65,13 @@ int main(int argc, char *argv[]) goto exit; } - if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) { + if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || + (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); fclose(f); goto exit; } - - rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3; - fclose(f); /* @@ -91,7 +92,7 @@ int main(int argc, char *argv[]) fclose(f); - if (i != rsa.MBEDTLS_PRIVATE(len)) { + if (i != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf("\n ! Invalid RSA signature format\n\n"); goto exit; } @@ -124,6 +125,8 @@ int main(int argc, char *argv[]) exit: mbedtls_rsa_free(&rsa); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&E); mbedtls_exit(exit_code); } From 7c8448842dd461e69290c794e70662ab2e25c5f3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 15 Jan 2024 17:03:58 +0000 Subject: [PATCH 7/9] programs_dh_client/server: Updated to query digest size using `mbedtls_md_info_from_type()`. Signed-off-by: Minos Galanakis --- programs/pkey/dh_client.c | 13 +++++++++---- programs/pkey/dh_server.c | 14 ++++++++++---- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 774051c5d..1b5ba407e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -29,7 +29,6 @@ #define SERVER_NAME "localhost" #define SERVER_PORT "11999" -#define MBEDTLS_MD_CAN_SHA256_MAX_SIZE 32 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ @@ -60,12 +59,12 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - size_t n, buflen; + size_t n, buflen, mdlen; mbedtls_net_context server_fd; unsigned char *p, *end; unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_CAN_SHA256_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_mpi N, E; const char *pers = "dh_client"; @@ -187,13 +186,19 @@ int main(void) goto exit; } + mdlen = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + if (mdlen == 0) { + mbedtls_printf(" failed\n ! Invalid digest type\n\n"); + goto exit; + } + if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); goto exit; } if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - MBEDTLS_MD_CAN_SHA256_MAX_SIZE, hash, p)) != 0) { + mdlen, hash, p)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 0c6cebc10..11c28fb51 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -29,7 +29,6 @@ #define SERVER_PORT "11999" #define PLAINTEXT "==Hello there!==" -#define MBEDTLS_MD_CAN_SHA256_MAX_SIZE 32 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ @@ -52,11 +51,11 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - size_t n, buflen; + size_t n, buflen, mdlen; mbedtls_net_context listen_fd, client_fd; unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_CAN_SHA256_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char buf2[2]; const char *pers = "dh_server"; @@ -185,6 +184,13 @@ int main(void) /* * 5. Sign the parameters and send them */ + + mdlen = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + if (mdlen == 0) { + mbedtls_printf(" failed\n ! Invalid digest type\n\n"); + goto exit; + } + if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); goto exit; @@ -195,7 +201,7 @@ int main(void) buf[n + 1] = (unsigned char) (rsa_key_len); if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_MD_SHA256, MBEDTLS_MD_CAN_SHA256_MAX_SIZE, + MBEDTLS_MD_SHA256, mdlen, hash, buf + n + 2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); goto exit; From db8915287e183e642254565f9058ace93aabcf8a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 16 Jan 2024 13:32:31 +0000 Subject: [PATCH 8/9] programs_dh_client/server: Changed mdlen type to unsigned integer. Signed-off-by: Minos Galanakis --- programs/pkey/dh_client.c | 5 +++-- programs/pkey/dh_server.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 1b5ba407e..e8469141a 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -59,7 +59,8 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - size_t n, buflen, mdlen; + unsigned int mdlen; + size_t n, buflen; mbedtls_net_context server_fd; unsigned char *p, *end; @@ -186,7 +187,7 @@ int main(void) goto exit; } - mdlen = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); if (mdlen == 0) { mbedtls_printf(" failed\n ! Invalid digest type\n\n"); goto exit; diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 11c28fb51..c08b0dc39 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -51,7 +51,8 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; - size_t n, buflen, mdlen; + unsigned int mdlen; + size_t n, buflen; mbedtls_net_context listen_fd, client_fd; unsigned char buf[2048]; @@ -185,7 +186,7 @@ int main(void) * 5. Sign the parameters and send them */ - mdlen = mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); if (mdlen == 0) { mbedtls_printf(" failed\n ! Invalid digest type\n\n"); goto exit; From 42151380aff54e6f76ee428a2bc57ec825bd3a6f Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 19 Jan 2024 13:36:57 +0000 Subject: [PATCH 9/9] programs_dh_client/server: Updated config guards. Adjusted to use `MBEDTLS_SHA256_C` instead of `MBEDTLS_MD_CAN_SHA256` since the former is being used in accelerated driver configurations. Signed-off-by: Minos Galanakis --- programs/pkey/dh_client.c | 11 +++++------ programs/pkey/dh_server.c | 10 +++++----- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index e8469141a..165cee240 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -13,13 +13,13 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -32,15 +32,14 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) - int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); + "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); mbedtls_exit(0); } @@ -194,7 +193,7 @@ int main(void) } if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); + mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c08b0dc39..91bac0ef4 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -13,13 +13,13 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -32,14 +32,14 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); + "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); mbedtls_exit(0); } #else @@ -193,7 +193,7 @@ int main(void) } if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); + mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); goto exit; }