summaryrefslogtreecommitdiffstats
path: root/thirdparty/mbedtls/library/x509write_csr.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/mbedtls/library/x509write_csr.c')
-rw-r--r--thirdparty/mbedtls/library/x509write_csr.c53
1 files changed, 30 insertions, 23 deletions
diff --git a/thirdparty/mbedtls/library/x509write_csr.c b/thirdparty/mbedtls/library/x509write_csr.c
index 3c3ab3a078..d3ddbcc03d 100644
--- a/thirdparty/mbedtls/library/x509write_csr.c
+++ b/thirdparty/mbedtls/library/x509write_csr.c
@@ -14,6 +14,7 @@
#if defined(MBEDTLS_X509_CSR_WRITE_C)
+#include "x509_internal.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
@@ -22,8 +23,9 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
+#include "psa_util_internal.h"
#include "mbedtls/psa_util.h"
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
#include <stdlib.h>
@@ -65,10 +67,17 @@ int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,
+ int critical,
const unsigned char *val, size_t val_len)
{
return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
- 0, val, val_len);
+ critical, val, val_len);
+}
+
+int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ctx,
+ const mbedtls_x509_san_list *san_list)
+{
+ return mbedtls_x509_write_set_san_common(&ctx->extensions, san_list);
}
int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
@@ -86,7 +95,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha
ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
- c, (size_t) ret);
+ 0, c, (size_t) ret);
if (ret != 0) {
return ret;
}
@@ -110,7 +119,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
- c, (size_t) ret);
+ 0, c, (size_t) ret);
if (ret != 0) {
return ret;
}
@@ -121,7 +130,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
- unsigned char *sig,
+ unsigned char *sig, size_t sig_size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
@@ -129,14 +138,13 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
- unsigned char hash[64];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
size_t hash_len;
- psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Write the CSR backwards starting from the end of buf */
@@ -177,7 +185,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
- buf, c - buf));
+ buf, (size_t) (c - buf)));
c -= pub_len;
len += pub_len;
@@ -203,17 +211,13 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
* Note: hash errors can happen only after an internal error
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
- return MBEDTLS_ERR_X509_FATAL_ERROR;
- }
-
- if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) {
- return MBEDTLS_ERR_X509_FATAL_ERROR;
- }
-
- if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
- != PSA_SUCCESS) {
- return MBEDTLS_ERR_X509_FATAL_ERROR;
+ if (psa_hash_compute(hash_alg,
+ c,
+ len,
+ hash,
+ sizeof(hash),
+ &hash_len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
@@ -221,7 +225,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
return ret;
}
#endif
- if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
+ if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
+ sig, sig_size, &sig_len,
f_rng, p_rng)) != 0) {
return ret;
}
@@ -271,7 +276,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
/* Zero the unused bytes at the start of buf */
- memset(buf, 0, c2 - buf);
+ memset(buf, 0, (size_t) (c2 - buf));
return (int) len;
}
@@ -288,7 +293,9 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
- ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng);
+ ret = x509write_csr_der_internal(ctx, buf, size,
+ sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
+ f_rng, p_rng);
mbedtls_free(sig);