Move up to mbed TLS 2.x

The mbed TLS library has introduced some changes in the API from the 1.3.x to the 2.x releases. Using the 2.x releases requires some changes to the crypto and transport modules. This patch updates both modules to the mbed TLS 2.x API. All references to the mbed TLS library in the code or documentation have been updated to 'mbed TLS'. Old references to PolarSSL have been updated to 'mbed TLS'. User guide updated to use mbed TLS 2.2.0. NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible. Applying this patch will require an mbed TLS 2.x release to be used. Also note that the mbed TLS license changed to Apache version 2.0. Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4
author: Juan Castillo <juan.castillo@arm.com> 2015-11-05 09:24:53 +0000
committer: Juan Castillo <juan.castillo@arm.com> 2015-12-10 15:58:29 +0000
commit: 649dbf6f3666fa4ec8bad318d01b946fb89063e0 (patch)
tree: 076f37f1a3530c80552891dbf9d9e735460d7048 /drivers/auth
parent: f3974ea5b17b0ec88091a8a8c59e56da0fe507f0 (diff)
5 files changed, 119 insertions, 105 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_common.c b/drivers/auth/mbedtls/mbedtls_common.c
index 29782609..053bf1a4 100644
--- a/drivers/auth/mbedtls/mbedtls_common.c
+++ b/drivers/auth/mbedtls/mbedtls_common.c
@@ -30,11 +30,11 @@
 
 #include <assert.h>
 
-/* mbedTLS headers */
-#include <polarssl/memory_buffer_alloc.h>
+/* mbed TLS headers */
+#include <mbedtls/memory_buffer_alloc.h>
 
 /*
- * mbedTLS heap
+ * mbed TLS heap
  */
 #if (MBEDTLS_KEY_ALG_ID == MBEDTLS_ECDSA)
 #define MBEDTLS_HEAP_SIZE		(14*1024)
@@ -44,22 +44,15 @@
 static unsigned char heap[MBEDTLS_HEAP_SIZE];
 
 /*
- * mbedTLS initialization function
- *
- * Return: 0 = success, Otherwise = error
+ * mbed TLS initialization function
  */
 void mbedtls_init(void)
 {
 	static int ready;
-	int rc;
 
 	if (!ready) {
-		/* Initialize the mbedTLS heap */
-		rc = memory_buffer_alloc_init(heap, MBEDTLS_HEAP_SIZE);
-		if (rc == 0) {
-			ready = 1;
-		} else {
-			assert(0);
-		}
+		/* Initialize the mbed TLS heap */
+		mbedtls_memory_buffer_alloc_init(heap, MBEDTLS_HEAP_SIZE);
+		ready = 1;
 	}
 }
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index b71bbc96..bc381d5e 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -31,7 +31,7 @@
 ifneq (${MBEDTLS_COMMON_MK},1)
 MBEDTLS_COMMON_MK	:=	1
 
-# MBEDTLS_DIR must be set to the mbedTLS main directory (it must contain
+# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain
 # the 'include' and 'library' subdirectories).
 ifeq (${MBEDTLS_DIR},)
   $(error Error: MBEDTLS_DIR not set)
@@ -40,9 +40,9 @@ endif
 INCLUDES		+=	-I${MBEDTLS_DIR}/include		\
 				-Iinclude/drivers/auth/mbedtls
 
-# Specify mbedTLS configuration file
-POLARSSL_CONFIG_FILE	:=	"<mbedtls_config.h>"
-$(eval $(call add_define,POLARSSL_CONFIG_FILE))
+# Specify mbed TLS configuration file
+MBEDTLS_CONFIG_FILE	:=	"<mbedtls_config.h>"
+$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
 
 MBEDTLS_COMMON_SOURCES	:=	drivers/auth/mbedtls/mbedtls_common.c	\
 				$(addprefix ${MBEDTLS_DIR}/library/,	\
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index f69f9308..6a898ddc 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -35,13 +35,13 @@
 #include <stddef.h>
 #include <string.h>
 
-/* mbedTLS headers */
-#include <polarssl/md_wrap.h>
-#include <polarssl/memory_buffer_alloc.h>
-#include <polarssl/oid.h>
-#include <polarssl/platform.h>
+/* mbed TLS headers */
+#include <mbedtls/md.h>
+#include <mbedtls/memory_buffer_alloc.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/platform.h>
 
-#define LIB_NAME		"mbedTLS"
+#define LIB_NAME		"mbed TLS"
 
 /*
  * AlgorithmIdentifier  ::=  SEQUENCE  {
@@ -65,7 +65,7 @@
  */
 static void init(void)
 {
-	/* Initialize mbedTLS */
+	/* Initialize mbed TLS */
 	mbedtls_init();
 }
 
@@ -80,36 +80,36 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 			    void *sig_alg, unsigned int sig_alg_len,
 			    void *pk_ptr, unsigned int pk_len)
 {
-	asn1_buf sig_oid, sig_params;
-	asn1_buf signature;
-	md_type_t md_alg;
-	pk_type_t pk_alg;
-	pk_context pk;
+	mbedtls_asn1_buf sig_oid, sig_params;
+	mbedtls_asn1_buf signature;
+	mbedtls_md_type_t md_alg;
+	mbedtls_pk_type_t pk_alg;
+	mbedtls_pk_context pk;
 	int rc;
 	void *sig_opts = NULL;
-	const md_info_t *md_info;
+	const mbedtls_md_info_t *md_info;
 	unsigned char *p, *end;
-	unsigned char hash[POLARSSL_MD_MAX_SIZE];
+	unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
 	/* Get pointers to signature OID and parameters */
 	p = (unsigned char *)sig_alg;
 	end = (unsigned char *)(p + sig_alg_len);
-	rc = asn1_get_alg(&p, end, &sig_oid, &sig_params);
+	rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);
 	if (rc != 0) {
 		return CRYPTO_ERR_SIGNATURE;
 	}
 
 	/* Get the actual signature algorithm (MD + PK) */
-	rc = oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
+	rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
 	if (rc != 0) {
 		return CRYPTO_ERR_SIGNATURE;
 	}
 
 	/* Parse the public key */
-	pk_init(&pk);
+	mbedtls_pk_init(&pk);
 	p = (unsigned char *)pk_ptr;
 	end = (unsigned char *)(p + pk_len);
-	rc = pk_parse_subpubkey(&p, end, &pk);
+	rc = mbedtls_pk_parse_subpubkey(&p, end, &pk);
 	if (rc != 0) {
 		return CRYPTO_ERR_SIGNATURE;
 	}
@@ -118,7 +118,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	p = (unsigned char *)sig_ptr;
 	end = (unsigned char *)(p + sig_len);
 	signature.tag = *p;
-	rc = asn1_get_bitstring_null(&p, end, &signature.len);
+	rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
 	if (rc != 0) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end;
@@ -126,21 +126,22 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	signature.p = p;
 
 	/* Calculate the hash of the data */
-	md_info = md_info_from_type(md_alg);
+	md_info = mbedtls_md_info_from_type(md_alg);
 	if (md_info == NULL) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end;
 	}
 	p = (unsigned char *)data_ptr;
-	rc = md(md_info, p, data_len, hash);
+	rc = mbedtls_md(md_info, p, data_len, hash);
 	if (rc != 0) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end;
 	}
 
 	/* Verify the signature */
-	rc = pk_verify_ext(pk_alg, sig_opts, &pk, md_alg, hash,
-			md_info->size, signature.p, signature.len);
+	rc = mbedtls_pk_verify_ext(pk_alg, sig_opts, &pk, md_alg, hash,
+			mbedtls_md_get_size(md_info),
+			signature.p, signature.len);
 	if (rc != 0) {
 		rc = CRYPTO_ERR_SIGNATURE;
 		goto end;
@@ -150,7 +151,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	rc = CRYPTO_SUCCESS;
 
 end:
-	pk_free(&pk);
+	mbedtls_pk_free(&pk);
 	return rc;
 }
 
@@ -163,59 +164,60 @@ end:
 static int verify_hash(void *data_ptr, unsigned int data_len,
 		       void *digest_info_ptr, unsigned int digest_info_len)
 {
-	asn1_buf hash_oid, params;
-	md_type_t md_alg;
-	const md_info_t *md_info;
+	mbedtls_asn1_buf hash_oid, params;
+	mbedtls_md_type_t md_alg;
+	const mbedtls_md_info_t *md_info;
 	unsigned char *p, *end, *hash;
-	unsigned char data_hash[POLARSSL_MD_MAX_SIZE];
+	unsigned char data_hash[MBEDTLS_MD_MAX_SIZE];
 	size_t len;
 	int rc;
 
-	/* Digest info should be an ASN1_SEQUENCE */
+	/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
 	p = (unsigned char *)digest_info_ptr;
 	end = (unsigned char *)(digest_info_ptr + digest_info_len);
-	rc = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				  MBEDTLS_ASN1_SEQUENCE);
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
 
 	/* Get the hash algorithm */
-	rc = asn1_get_alg(&p, end, &hash_oid, &params);
+	rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
 
-	rc = oid_get_md_alg(&hash_oid, &md_alg);
+	rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
 
-	md_info = md_info_from_type(md_alg);
+	md_info = mbedtls_md_info_from_type(md_alg);
 	if (md_info == NULL) {
 		return CRYPTO_ERR_HASH;
 	}
 
 	/* Hash should be octet string type */
-	rc = asn1_get_tag(&p, end, &len, ASN1_OCTET_STRING);
+	rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
 
 	/* Length of hash must match the algorithm's size */
-	if (len != md_info->size) {
+	if (len != mbedtls_md_get_size(md_info)) {
 		return CRYPTO_ERR_HASH;
 	}
 	hash = p;
 
 	/* Calculate the hash of the data */
 	p = (unsigned char *)data_ptr;
-	rc = md(md_info, p, data_len, data_hash);
+	rc = mbedtls_md(md_info, p, data_len, data_hash);
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
 
 	/* Compare values */
-	rc = memcmp(data_hash, hash, md_info->size);
+	rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk
index 67d2eb46..275ed557 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.mk
+++ b/drivers/auth/mbedtls/mbedtls_crypto.mk
@@ -62,10 +62,10 @@ else ifeq (${MBEDTLS_KEY_ALG},rsa)
     					)
     MBEDTLS_KEY_ALG_ID		:=	MBEDTLS_RSA
 else
-    $(error "MBEDTLS_KEY_ALG=${MBEDTLS_KEY_ALG} not supported on mbedTLS")
+    $(error "MBEDTLS_KEY_ALG=${MBEDTLS_KEY_ALG} not supported on mbed TLS")
 endif
 
-# mbedTLS libraries rely on this define to build correctly
+# mbed TLS libraries rely on this define to build correctly
 $(eval $(call add_define,MBEDTLS_KEY_ALG_ID))
 
 BL1_SOURCES			+=	${MBEDTLS_CRYPTO_SOURCES}
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c
index a8605ce0..52e69719 100644
--- a/drivers/auth/mbedtls/mbedtls_x509_parser.c
+++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c
@@ -29,7 +29,7 @@
  */
 
 /*
- * X509 parser based on PolarSSL
+ * X509 parser based on mbed TLS
  *
  * This module implements functions to check the integrity of a X509v3
  * certificate ASN.1 structure and extract authentication parameters from the
@@ -43,25 +43,25 @@
 #include <stdint.h>
 #include <string.h>
 
-/* mbedTLS headers */
-#include <polarssl/asn1.h>
-#include <polarssl/oid.h>
-#include <polarssl/platform.h>
+/* mbed TLS headers */
+#include <mbedtls/asn1.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/platform.h>
 
 /* Maximum OID string length ("a.b.c.d.e.f ...") */
 #define MAX_OID_STR_LEN			64
 
-#define LIB_NAME	"mbedTLS X509v3"
+#define LIB_NAME	"mbed TLS X509v3"
 
 /* Temporary variables to speed up the authentication parameters search. These
  * variables are assigned once during the integrity check and used any time an
  * authentication parameter is requested, so we do not have to parse the image
  * again */
-static asn1_buf tbs;
-static asn1_buf v3_ext;
-static asn1_buf pk;
-static asn1_buf sig_alg;
-static asn1_buf signature;
+static mbedtls_asn1_buf tbs;
+static mbedtls_asn1_buf v3_ext;
+static mbedtls_asn1_buf pk;
+static mbedtls_asn1_buf sig_alg;
+static mbedtls_asn1_buf signature;
 
 /*
  * Get X509v3 extension
@@ -78,7 +78,7 @@ static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
 	unsigned char *p;
 	const unsigned char *end;
 	char oid_str[MAX_OID_STR_LEN];
-	asn1_buf extn_oid;
+	mbedtls_asn1_buf extn_oid;
 	int is_critical;
 
 	assert(oid != NULL);
@@ -86,32 +86,36 @@ static int get_ext(const char *oid, void **ext, unsigned int *ext_len)
 	p = v3_ext.p;
 	end = v3_ext.p + v3_ext.len;
 
-	asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+			     MBEDTLS_ASN1_SEQUENCE);
 
 	while (p < end) {
 		memset(&extn_oid, 0x0, sizeof(extn_oid));
 		is_critical = 0; /* DEFAULT FALSE */
 
-		asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+		mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				     MBEDTLS_ASN1_SEQUENCE);
 		end_ext_data = p + len;
 
 		/* Get extension ID */
 		extn_oid.tag = *p;
-		asn1_get_tag(&p, end, &extn_oid.len, ASN1_OID);
+		mbedtls_asn1_get_tag(&p, end, &extn_oid.len, MBEDTLS_ASN1_OID);
 		extn_oid.p = p;
 		p += extn_oid.len;
 
 		/* Get optional critical */
-		asn1_get_bool(&p, end_ext_data, &is_critical);
+		mbedtls_asn1_get_bool(&p, end_ext_data, &is_critical);
 
 		/* Extension data */
-		asn1_get_tag(&p, end_ext_data, &len, ASN1_OCTET_STRING);
+		mbedtls_asn1_get_tag(&p, end_ext_data, &len,
+				     MBEDTLS_ASN1_OCTET_STRING);
 		end_ext_octet = p + len;
 
 		/* Detect requested extension */
-		oid_len = oid_get_numeric_string(oid_str,
-				MAX_OID_STR_LEN, &extn_oid);
-		if (oid_len == POLARSSL_ERR_OID_BUF_TOO_SMALL) {
+		oid_len = mbedtls_oid_get_numeric_string(oid_str,
+							 MAX_OID_STR_LEN,
+							 &extn_oid);
+		if (oid_len == MBEDTLS_ERR_OID_BUF_TOO_SMALL) {
 			return IMG_PARSER_ERR;
 		}
 		if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
@@ -137,7 +141,7 @@ static int cert_parse(void *img, unsigned int img_len)
 	int ret, is_critical;
 	size_t len;
 	unsigned char *p, *end, *crt_end;
-	asn1_buf sig_alg1, sig_alg2;
+	mbedtls_asn1_buf sig_alg1, sig_alg2;
 
 	p = (unsigned char *)img;
 	len = img_len;
@@ -149,7 +153,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 *      signatureAlgorithm   AlgorithmIdentifier,
 	 *      signatureValue       BIT STRING  }
 	 */
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -163,7 +168,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * TBSCertificate  ::=  SEQUENCE  {
 	 */
 	tbs.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -173,8 +179,9 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 	 */
-	ret = asn1_get_tag(&p, end, &len,
-			ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0);
+	ret = mbedtls_asn1_get_tag(&p, end, &len,
+				   MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+				   MBEDTLS_ASN1_CONSTRUCTED | 0);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -183,7 +190,7 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * CertificateSerialNumber  ::=  INTEGER
 	 */
-	ret = asn1_get_tag(&p, end, &len, ASN1_INTEGER);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -193,7 +200,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * signature            AlgorithmIdentifier
 	 */
 	sig_alg1.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -206,7 +214,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * issuer               Name
 	 */
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -218,7 +227,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 *      notAfter       Time }
 	 *
 	 */
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -227,7 +237,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * subject              Name
 	 */
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -237,7 +248,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * SubjectPublicKeyInfo
 	 */
 	pk.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -247,10 +259,11 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 	 */
-	ret = asn1_get_tag(&p, end, &len,
-			ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1);
+	ret = mbedtls_asn1_get_tag(&p, end, &len,
+				   MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+				   MBEDTLS_ASN1_CONSTRUCTED | 1);
 	if (ret != 0) {
-		if (ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG) {
+		if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
 	} else {
@@ -260,10 +273,11 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
 	 */
-	ret = asn1_get_tag(&p, end, &len,
-			ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2);
+	ret = mbedtls_asn1_get_tag(&p, end, &len,
+				   MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+				   MBEDTLS_ASN1_CONSTRUCTED | 2);
 	if (ret != 0) {
-		if (ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG) {
+		if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
 	} else {
@@ -273,8 +287,9 @@ static int cert_parse(void *img, unsigned int img_len)
 	/*
 	 * extensions      [3]  EXPLICIT Extensions OPTIONAL
 	 */
-	ret = asn1_get_tag(&p, end, &len,
-			ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3);
+	ret = mbedtls_asn1_get_tag(&p, end, &len,
+				   MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+				   MBEDTLS_ASN1_CONSTRUCTED | 3);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -283,7 +298,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 	 */
 	v3_ext.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -293,27 +309,29 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * Check extensions integrity
 	 */
 	while (p < end) {
-		ret = asn1_get_tag(&p, end, &len,
-				ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+		ret = mbedtls_asn1_get_tag(&p, end, &len,
+					   MBEDTLS_ASN1_CONSTRUCTED |
+					   MBEDTLS_ASN1_SEQUENCE);
 		if (ret != 0) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
 
 		/* Get extension ID */
-		ret = asn1_get_tag(&p, end, &len, ASN1_OID);
+		ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
 		if (ret != 0) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
 		p += len;
 
 		/* Get optional critical */
-		ret = asn1_get_bool(&p, end, &is_critical);
-		if ((ret != 0) && (ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG)) {
+		ret = mbedtls_asn1_get_bool(&p, end, &is_critical);
+		if ((ret != 0) && (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
 
 		/* Data should be octet string type */
-		ret = asn1_get_tag(&p, end, &len, ASN1_OCTET_STRING);
+		ret = mbedtls_asn1_get_tag(&p, end, &len,
+					   MBEDTLS_ASN1_OCTET_STRING);
 		if (ret != 0) {
 			return IMG_PARSER_ERR_FORMAT;
 		}
@@ -333,7 +351,8 @@ static int cert_parse(void *img, unsigned int img_len)
 	 *  signatureAlgorithm   AlgorithmIdentifier
 	 */
 	sig_alg2.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
+				   MBEDTLS_ASN1_SEQUENCE);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
@@ -356,7 +375,7 @@ static int cert_parse(void *img, unsigned int img_len)
 	 * signatureValue       BIT STRING
 	 */
 	signature.p = p;
-	ret = asn1_get_tag(&p, end, &len, ASN1_BIT_STRING);
+	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_BIT_STRING);
 	if (ret != 0) {
 		return IMG_PARSER_ERR_FORMAT;
 	}
author	Juan Castillo <juan.castillo@arm.com>	2015-11-05 09:24:53 +0000
committer	Juan Castillo <juan.castillo@arm.com>	2015-12-10 15:58:29 +0000
commit	649dbf6f3666fa4ec8bad318d01b946fb89063e0 (patch)
tree	076f37f1a3530c80552891dbf9d9e735460d7048 /drivers/auth
parent	f3974ea5b17b0ec88091a8a8c59e56da0fe507f0 (diff)