mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:05:32 +00:00
Merge tag 'mbedtls-2.8.0' into iotssl-1381-x509-verify-refactor-restricted
Conflict resolution: * ChangeLog * tests/data_files/Makefile: concurrent additions, order irrelevant * tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant * tests/scripts/all.sh: one comment change conflicted with a code addition. In addition some of the additions in the iotssl-1381-x509-verify-refactor-restricted branch need support for keep-going mode, this will be added in a subsequent commit.
This commit is contained in:
commit
15ad579895
63
CONTRIBUTING.md
Normal file
63
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,63 @@
|
|||
Contributing
|
||||
============
|
||||
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
|
||||
|
||||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||
- The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
|
||||
|
||||
Contributor License Agreement (CLA)
|
||||
-----------------------------------
|
||||
- All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
|
||||
- To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||
|
||||
Coding Standards
|
||||
----------------
|
||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
|
||||
- The code should be written in a clean and readable style.
|
||||
- The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs.
|
||||
- The code should be secure, and will be reviewed from a security point of view as well.
|
||||
|
||||
Making a Contribution
|
||||
---------------------
|
||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
|
||||
1. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
|
||||
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
|
||||
1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
|
||||
|
||||
Backports
|
||||
---------
|
||||
Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules:
|
||||
|
||||
1. If the contribution is a new feature or enhancement, no backporting is needed.
|
||||
1. Bug fixes should be backported to the legacy branches containing these bugs.
|
||||
1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch.
|
||||
|
||||
It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
|
||||
At the moment, the legacy branches are:
|
||||
|
||||
1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3)
|
||||
1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
|
||||
|
||||
Tests
|
||||
-----
|
||||
As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
|
||||
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
|
||||
|
||||
Sample applications, if needed, should be modified as well.
|
||||
|
||||
Continuous Integration Tests
|
||||
----------------------------
|
||||
Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
|
||||
It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
Mbed TLS should be well documented. If documentation is needed, speak out!
|
||||
|
||||
1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
|
||||
1. Complex parts in the code should include comments.
|
||||
1. If needed, a Readme file is advised.
|
||||
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
|
||||
1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
|
53
ChangeLog
53
ChangeLog
|
@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix a bug in the X.509 module potentially leading to a buffer overread
|
||||
during CRT verification or to invalid or omitted checks for certificate
|
||||
validity. The former can be triggered remotely, while the latter requires
|
||||
a non DER-compliant certificate correctly signed by a trusted CA, or a
|
||||
trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
|
||||
Fixes #825.
|
||||
|
||||
= mbed TLS 2.8.0 branch released 2018-03-16
|
||||
|
||||
Default behavior changes
|
||||
* The truncated HMAC extension now conforms to RFC 6066. This means
|
||||
that when both sides of a TLS connection negotiate the truncated
|
||||
|
@ -17,12 +27,14 @@ Security
|
|||
implementation allowed an offline 2^80 brute force attack on the
|
||||
HMAC key of a single, uninterrupted connection (with no
|
||||
resumption of the session).
|
||||
* Fix a bug in the X.509 module potentially leading to a buffer overread
|
||||
during CRT verification or to invalid or omitted checks for certificate
|
||||
validity. The former can be triggered remotely, while the latter requires
|
||||
a non DER-compliant certificate correctly signed by a trusted CA, or a
|
||||
trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
|
||||
Fixes #825.
|
||||
* Verify results of RSA private key operations to defend
|
||||
against Bellcore glitch attack.
|
||||
* Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
|
||||
a crash on invalid input.
|
||||
* Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
|
||||
crash on invalid input.
|
||||
* Fix CRL parsing to reject CRLs containing unsupported critical
|
||||
extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
|
||||
|
||||
Features
|
||||
* Extend PKCS#8 interface by introducing support for the entire SHA
|
||||
|
@ -32,6 +44,10 @@ Features
|
|||
OpenVPN Inc. Fixes #1339
|
||||
* Add support for public keys encoded in PKCS#1 format. #1122
|
||||
|
||||
New deprecations
|
||||
* Deprecate support for record compression (configuration option
|
||||
MBEDTLS_ZLIB_SUPPORT).
|
||||
|
||||
Bugfix
|
||||
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
||||
Fixes #1358.
|
||||
|
@ -41,6 +57,28 @@ Bugfix
|
|||
In the context of SSL, this resulted in handshake failure. Reported by
|
||||
daniel in the Mbed TLS forum. #1351
|
||||
* Fix Windows x64 builds with the included mbedTLS.sln file. #1347
|
||||
* Fix setting version TLSv1 as minimal version, even if TLS 1
|
||||
is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
|
||||
and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
|
||||
* Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
|
||||
only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and
|
||||
Nick Wilson on issue #355
|
||||
* In test_suite_pk, pass valid parameters when testing for hash length
|
||||
overflow. #1179
|
||||
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
|
||||
by Guido Vranken. #639
|
||||
* Log correct number of ciphersuites used in Client Hello message. #918
|
||||
* Fix X509 CRT parsing that would potentially accept an invalid tag when
|
||||
parsing the subject alternative names.
|
||||
* Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
|
||||
that could cause a key exchange to fail on valid data.
|
||||
* Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
|
||||
could cause a key exchange to fail on valid data.
|
||||
* Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under
|
||||
MBEDTLS_DEPRECATED_REMOVED. #1388
|
||||
* Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
|
||||
Found through fuzz testing.
|
||||
|
||||
Changes
|
||||
* Fix tag lengths and value ranges in the documentation of CCM encryption.
|
||||
|
@ -49,6 +87,9 @@ Changes
|
|||
* Remove support for the library reference configuration for picocoin.
|
||||
* MD functions deprecated in 2.7.0 are no longer inline, to provide
|
||||
a migration path for those depending on the library's ABI.
|
||||
* Clarify the documentation of mbedtls_ssl_setup.
|
||||
* Use (void) when defining functions with no parameters. Contributed by
|
||||
Joris Aerts. #678
|
||||
|
||||
= mbed TLS 2.7.0 branch released 2018-02-03
|
||||
|
||||
|
|
63
README.md
63
README.md
|
@ -76,7 +76,9 @@ You'll still be able to run a much smaller set of tests with:
|
|||
|
||||
In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
|
||||
|
||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
|
||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
|
||||
|
||||
Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
|
||||
|
||||
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
||||
|
||||
|
@ -84,9 +86,10 @@ In case you find that you need to do something else as well, please let us know
|
|||
|
||||
### CMake
|
||||
|
||||
In order to build the source using CMake, just enter at the command line:
|
||||
In order to build the source using CMake in a separate directory (recommended), just enter at the command line:
|
||||
|
||||
cmake .
|
||||
mkdir /path/to/build_dir && cd /path/to/build_dir
|
||||
cmake /path/to/mbedtls_source
|
||||
make
|
||||
|
||||
In order to run the tests, enter:
|
||||
|
@ -95,7 +98,7 @@ In order to run the tests, enter:
|
|||
|
||||
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
|
||||
|
||||
cmake -DENABLE_TESTING=Off .
|
||||
cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
|
||||
|
||||
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
|
||||
|
||||
|
@ -103,31 +106,59 @@ If you disabled the test suites, but kept the programs enabled, you can still ru
|
|||
|
||||
To configure CMake for building shared libraries, use:
|
||||
|
||||
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
||||
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source
|
||||
|
||||
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
|
||||
|
||||
- Release. This generates the default code without any unnecessary information in the binary files.
|
||||
- Debug. This generates debug information and disables optimization of the code.
|
||||
- Coverage. This generates code coverage information in addition to debug information.
|
||||
- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
|
||||
- ASanDbg. Same as ASan but slower, with debug information and better stack traces.
|
||||
- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
|
||||
- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
|
||||
- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
|
||||
- `Release`. This generates the default code without any unnecessary information in the binary files.
|
||||
- `Debug`. This generates debug information and disables optimization of the code.
|
||||
- `Coverage`. This generates code coverage information in addition to debug information.
|
||||
- `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
|
||||
- `ASanDbg`. Same as ASan but slower, with debug information and better stack traces.
|
||||
- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
|
||||
- `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
|
||||
- `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
|
||||
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line:
|
||||
|
||||
cmake -D CMAKE_BUILD_TYPE=Debug .
|
||||
cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source
|
||||
|
||||
To list other available CMake options, use:
|
||||
|
||||
cmake -LH
|
||||
|
||||
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find):
|
||||
Note that, with CMake, you can't adjust the compiler or its flags after the
|
||||
initial invocation of cmake. This means that `CC=your_cc make` and `make
|
||||
CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
|
||||
These variables need to be adjusted when invoking cmake for the first time,
|
||||
for example:
|
||||
|
||||
CC=your_cc cmake /path/to/mbedtls_source
|
||||
|
||||
If you already invoked cmake and want to change those settings, you need to
|
||||
remove the build directory and create it again.
|
||||
|
||||
Note that it is possible to build in-place; this will however overwrite the
|
||||
provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to
|
||||
prevent `git status` from showing them as modified). In order to do so, from
|
||||
the Mbed TLS source directory, use:
|
||||
|
||||
cmake .
|
||||
make
|
||||
|
||||
If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the
|
||||
CMake cache. This can be done with the following command using GNU find:
|
||||
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
|
||||
|
||||
You can now make the desired change:
|
||||
|
||||
CC=your_cc cmake .
|
||||
make
|
||||
|
||||
Regarding variables, also note that if you set CFLAGS when invoking cmake,
|
||||
your value of CFLAGS doesn't override the content provided by cmake (depending
|
||||
on the build mode as seen above), it's merely prepended to it.
|
||||
|
||||
### Microsoft Visual Studio
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v2.7.0 source code documentation
|
||||
* @mainpage mbed TLS v2.8.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v2.7.0"
|
||||
PROJECT_NAME = "mbed TLS v2.8.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
|
|
@ -88,6 +88,21 @@
|
|||
#define MBEDTLS_ASN1_PRIMITIVE 0x00
|
||||
#define MBEDTLS_ASN1_CONSTRUCTED 0x20
|
||||
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||
|
||||
/*
|
||||
* Bit masks for each of the components of an ASN.1 tag as specified in
|
||||
* ITU X.690 (08/2015), section 8.1 "General rules for encoding",
|
||||
* paragraph 8.1.2.2:
|
||||
*
|
||||
* Bit 8 7 6 5 1
|
||||
* +-------+-----+------------+
|
||||
* | Class | P/C | Tag number |
|
||||
* +-------+-----+------------+
|
||||
*/
|
||||
#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
|
||||
#define MBEDTLS_ASN1_TAG_PC_MASK 0x20
|
||||
#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
|
||||
|
||||
/* \} name */
|
||||
/* \} addtogroup asn1_module */
|
||||
|
||||
|
|
|
@ -1049,7 +1049,8 @@
|
|||
/**
|
||||
* \def MBEDTLS_RSA_NO_CRT
|
||||
*
|
||||
* Do not use the Chinese Remainder Theorem for the RSA private operation.
|
||||
* Do not use the Chinese Remainder Theorem
|
||||
* for the RSA private operation.
|
||||
*
|
||||
* Uncomment this macro to disable the use of CRT in RSA.
|
||||
*
|
||||
|
@ -1541,6 +1542,9 @@
|
|||
*
|
||||
* \note Currently compression can't be used with DTLS.
|
||||
*
|
||||
* \deprecated This feature is deprecated and will be removed
|
||||
* in the next major revision of the library.
|
||||
*
|
||||
* Used in: library/ssl_tls.c
|
||||
* library/ssl_cli.c
|
||||
* library/ssl_srv.c
|
||||
|
|
|
@ -518,6 +518,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
*
|
||||
* \note The input and output buffers must be large
|
||||
* enough. For example, 128 Bytes if RSA-1024 is used.
|
||||
*
|
||||
* \note Blinding is used if and only if a PRNG is provided.
|
||||
*
|
||||
* \note If blinding is used, both the base of exponentation
|
||||
* and the exponent are blinded, providing protection
|
||||
* against some side-channel attacks.
|
||||
*
|
||||
* \warning It is deprecated and a security risk to not provide
|
||||
* a PRNG here and thereby prevent the use of blinding.
|
||||
* Future versions of the library may enforce the presence
|
||||
* of a PRNG.
|
||||
*
|
||||
*/
|
||||
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
|
|
@ -49,6 +49,15 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
|
||||
#endif
|
||||
|
||||
#include "zlib.h"
|
||||
#endif
|
||||
|
||||
|
@ -971,8 +980,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
|
|||
* \note No copy of the configuration context is made, it can be
|
||||
* shared by many mbedtls_ssl_context structures.
|
||||
*
|
||||
* \warning Modifying the conf structure after it has been used in this
|
||||
* function is unsupported!
|
||||
* \warning The conf structure will be accessed during the session.
|
||||
* It must not be modified or freed as long as the session
|
||||
* is active.
|
||||
*
|
||||
* \warning This function must be called exactly once per context.
|
||||
* Calling mbedtls_ssl_setup again is not supported, even
|
||||
* if no session is active.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration to use
|
||||
|
|
|
@ -71,6 +71,9 @@
|
|||
#endif /* MBEDTLS_SSL_PROTO_TLS1 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||
|
||||
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
|
||||
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
/* Determine maximum supported version */
|
||||
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 2
|
||||
#define MBEDTLS_VERSION_MINOR 7
|
||||
#define MBEDTLS_VERSION_MINOR 8
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
|
@ -47,9 +47,9 @@
|
|||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02070000
|
||||
#define MBEDTLS_VERSION_STRING "2.7.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.7.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x02080000
|
||||
#define MBEDTLS_VERSION_STRING "2.8.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.8.0"
|
||||
|
||||
#if defined(MBEDTLS_VERSION_C)
|
||||
|
||||
|
|
|
@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(mbedcrypto SHARED ${src_crypto})
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.7.0 SOVERSION 1)
|
||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.8.0 SOVERSION 1)
|
||||
target_link_libraries(mbedcrypto ${libs})
|
||||
|
||||
add_library(mbedx509 SHARED ${src_x509})
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.7.0 SOVERSION 0)
|
||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.8.0 SOVERSION 0)
|
||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||
|
||||
add_library(mbedtls SHARED ${src_tls})
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.7.0 SOVERSION 10)
|
||||
set_target_properties(mbedtls PROPERTIES VERSION 2.8.0 SOVERSION 10)
|
||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||
|
||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||
|
|
|
@ -765,12 +765,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_encrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block decryption
|
||||
|
@ -831,12 +833,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/*
|
||||
* AES-ECB block encryption/decryption
|
||||
|
|
|
@ -1623,7 +1623,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
|
|||
mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
|
||||
int neg;
|
||||
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
|
||||
if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
|
||||
|
|
|
@ -91,7 +91,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||
|
||||
va_start( argp, format );
|
||||
#if defined(_WIN32)
|
||||
#if defined(_TRUNCATE)
|
||||
#if defined(_TRUNCATE) && !defined(__MINGW32__)
|
||||
ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
|
||||
#else
|
||||
ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
|
||||
|
|
|
@ -113,7 +113,7 @@ static void debug_header( memory_header *hdr )
|
|||
#endif
|
||||
}
|
||||
|
||||
static void debug_chain()
|
||||
static void debug_chain( void )
|
||||
{
|
||||
memory_header *cur = heap.first;
|
||||
|
||||
|
@ -180,11 +180,11 @@ static int verify_header( memory_header *hdr )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
static int verify_chain()
|
||||
static int verify_chain( void )
|
||||
{
|
||||
memory_header *prv = heap.first, *cur = heap.first->next;
|
||||
memory_header *prv = heap.first, *cur;
|
||||
|
||||
if( verify_header( heap.first ) != 0 )
|
||||
if( prv == NULL || verify_header( prv ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: verification of first header "
|
||||
|
@ -202,6 +202,8 @@ static int verify_chain()
|
|||
return( 1 );
|
||||
}
|
||||
|
||||
cur = heap.first->next;
|
||||
|
||||
while( cur != NULL )
|
||||
{
|
||||
if( verify_header( cur ) != 0 )
|
||||
|
@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
|
|||
|
||||
original_len = len = n * size;
|
||||
|
||||
if( n != 0 && len / n != size )
|
||||
if( n == 0 || size == 0 || len / n != size )
|
||||
return( NULL );
|
||||
else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return( NULL );
|
||||
|
||||
if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
|
@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr )
|
|||
if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
|
||||
return;
|
||||
|
||||
if( p < heap.buf || p > heap.buf + heap.len )
|
||||
if( p < heap.buf || p >= heap.buf + heap.len )
|
||||
{
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
|
||||
|
@ -500,13 +504,13 @@ void mbedtls_memory_buffer_set_verify( int verify )
|
|||
heap.verify = verify;
|
||||
}
|
||||
|
||||
int mbedtls_memory_buffer_alloc_verify()
|
||||
int mbedtls_memory_buffer_alloc_verify( void )
|
||||
{
|
||||
return verify_chain();
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
void mbedtls_memory_buffer_alloc_status()
|
||||
void mbedtls_memory_buffer_alloc_status( void )
|
||||
{
|
||||
mbedtls_fprintf( stderr,
|
||||
"Current use: %zu blocks / %zu bytes, max: %zu blocks / "
|
||||
|
@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
|
|||
|
||||
void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
||||
{
|
||||
memset( &heap, 0, sizeof(buffer_alloc_ctx) );
|
||||
memset( buf, 0, len );
|
||||
memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &heap.mutex );
|
||||
|
@ -581,26 +584,30 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
|
|||
mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
|
||||
#endif
|
||||
|
||||
if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
return;
|
||||
else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
|
||||
{
|
||||
/* Adjust len first since buf is used in the computation */
|
||||
len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
|
||||
- (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
- (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
|
||||
}
|
||||
|
||||
memset( buf, 0, len );
|
||||
|
||||
heap.buf = buf;
|
||||
heap.len = len;
|
||||
|
||||
heap.first = (memory_header *) buf;
|
||||
heap.first->size = len - sizeof(memory_header);
|
||||
heap.first = (memory_header *)buf;
|
||||
heap.first->size = len - sizeof( memory_header );
|
||||
heap.first->magic1 = MAGIC1;
|
||||
heap.first->magic2 = MAGIC2;
|
||||
heap.first_free = heap.first;
|
||||
}
|
||||
|
||||
void mbedtls_memory_buffer_alloc_free()
|
||||
void mbedtls_memory_buffer_alloc_free( void )
|
||||
{
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &heap.mutex );
|
||||
|
@ -620,7 +627,7 @@ static int check_pointer( void *p )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
static int check_all_free( )
|
||||
static int check_all_free( void )
|
||||
{
|
||||
if(
|
||||
#if defined(MBEDTLS_MEMORY_DEBUG)
|
||||
|
|
|
@ -442,7 +442,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
|||
unsigned char *buf, size_t buf_len, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *encode_buf, *c, *p = buf;
|
||||
unsigned char *encode_buf = NULL, *c, *p = buf;
|
||||
size_t len = 0, use_len, add_len = 0;
|
||||
|
||||
mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
|
||||
|
@ -454,7 +454,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
|
|||
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
|
||||
if( use_len != 0 &&
|
||||
( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
|
||||
return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
|
||||
|
||||
if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
|
||||
|
|
|
@ -181,6 +181,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if ( end - *p < 1 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
|
||||
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
/* Tag may be either OID or SEQUENCE */
|
||||
params->tag = **p;
|
||||
if( params->tag != MBEDTLS_ASN1_OID
|
||||
|
@ -1277,6 +1281,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||
{
|
||||
unsigned char *key_copy;
|
||||
|
||||
if( keylen == 0 )
|
||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||
|
||||
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
|
|||
return( -1 );
|
||||
|
||||
va_start( argp, fmt );
|
||||
#if defined(_TRUNCATE)
|
||||
#if defined(_TRUNCATE) && !defined(__MINGW32__)
|
||||
ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
|
||||
#else
|
||||
ret = _vsnprintf( s, n, fmt, argp );
|
||||
|
|
124
library/rsa.c
124
library/rsa.c
|
@ -775,16 +775,38 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
size_t olen;
|
||||
mbedtls_mpi T, T1, T2;
|
||||
|
||||
/* Temporary holding the result */
|
||||
mbedtls_mpi T;
|
||||
|
||||
/* Temporaries holding P-1, Q-1 and the
|
||||
* exponent blinding factor, respectively. */
|
||||
mbedtls_mpi P1, Q1, R;
|
||||
#if defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi D_blind;
|
||||
mbedtls_mpi *D = &ctx->D;
|
||||
#else
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
/* Temporaries holding the results mod p resp. mod q. */
|
||||
mbedtls_mpi TP, TQ;
|
||||
|
||||
/* Temporaries holding the blinded exponents for
|
||||
* the mod p resp. mod q computation (if used). */
|
||||
mbedtls_mpi DP_blind, DQ_blind;
|
||||
|
||||
/* Pointers to actual exponents to be used - either the unblinded
|
||||
* or the blinded ones, depending on the presence of a PRNG. */
|
||||
mbedtls_mpi *DP = &ctx->DP;
|
||||
mbedtls_mpi *DQ = &ctx->DQ;
|
||||
#endif
|
||||
#else
|
||||
/* Temporary holding the blinded exponent (if used). */
|
||||
mbedtls_mpi D_blind;
|
||||
|
||||
/* Pointer to actual exponent to be used - either the unblinded
|
||||
* or the blinded one, depending on the presence of a PRNG. */
|
||||
mbedtls_mpi *D = &ctx->D;
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
||||
/* Temporaries holding the initial input and the double
|
||||
* checked result; should be the same in the end. */
|
||||
mbedtls_mpi I, C;
|
||||
|
||||
if( rsa_check_context( ctx, 1 /* private key checks */,
|
||||
f_rng != NULL /* blinding y/n */ ) != 0 )
|
||||
|
@ -792,8 +814,17 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
|
||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
/* MPI Initialization */
|
||||
mbedtls_mpi_init( &T );
|
||||
|
||||
mbedtls_mpi_init( &P1 );
|
||||
mbedtls_mpi_init( &Q1 );
|
||||
mbedtls_mpi_init( &R );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
|
@ -805,12 +836,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
#endif
|
||||
}
|
||||
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_init( &I );
|
||||
mbedtls_mpi_init( &C );
|
||||
|
||||
/* End of MPI initialization */
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
|
||||
if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
|
||||
{
|
||||
|
@ -818,6 +852,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
/*
|
||||
|
@ -876,24 +912,25 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
/*
|
||||
* Faster decryption using the CRT
|
||||
*
|
||||
* T1 = input ^ dP mod P
|
||||
* T2 = input ^ dQ mod Q
|
||||
* TP = input ^ dP mod P
|
||||
* TQ = input ^ dQ mod Q
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
|
||||
|
||||
/*
|
||||
* T = (T1 - T2) * (Q^-1 mod P) mod P
|
||||
* T = (TP - TQ) * (Q^-1 mod P) mod P
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
|
||||
|
||||
/*
|
||||
* T = T2 + T * Q
|
||||
* T = TQ + T * Q
|
||||
*/
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
|
||||
#endif /* MBEDTLS_RSA_NO_CRT */
|
||||
|
||||
if( f_rng != NULL )
|
||||
|
@ -906,6 +943,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
/* Verify the result to prevent glitching attacks. */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
|
||||
&ctx->N, &ctx->RN ) );
|
||||
if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
olen = ctx->len;
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
|
||||
|
||||
|
@ -915,8 +961,9 @@ cleanup:
|
|||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
|
||||
mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R );
|
||||
mbedtls_mpi_free( &P1 );
|
||||
mbedtls_mpi_free( &Q1 );
|
||||
mbedtls_mpi_free( &R );
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
|
@ -928,6 +975,15 @@ cleanup:
|
|||
#endif
|
||||
}
|
||||
|
||||
mbedtls_mpi_free( &T );
|
||||
|
||||
#if !defined(MBEDTLS_RSA_NO_CRT)
|
||||
mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
|
||||
#endif
|
||||
|
||||
mbedtls_mpi_free( &C );
|
||||
mbedtls_mpi_free( &I );
|
||||
|
||||
if( ret != 0 )
|
||||
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
|
||||
|
||||
|
@ -2224,7 +2280,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2239,7 +2296,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2252,7 +2310,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
|
||||
|
@ -2260,7 +2319,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2285,7 +2345,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
@ -2298,7 +2359,8 @@ int mbedtls_rsa_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
ret = 1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
|
|
|
@ -902,6 +902,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
*p++ = (unsigned char)( ciphersuites[i] );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
|
||||
|
||||
/*
|
||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
*/
|
||||
|
@ -909,6 +911,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
|
||||
n++;
|
||||
|
@ -928,8 +931,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
*q++ = (unsigned char)( n >> 7 );
|
||||
*q++ = (unsigned char)( n << 1 );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
|
||||
|
||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||
offer_compress = 1;
|
||||
#else
|
||||
|
@ -2057,10 +2058,16 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
*
|
||||
* opaque psk_identity_hint<0..2^16-1>;
|
||||
*/
|
||||
if( (*p) > end - 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
len = (*p)[0] << 8 | (*p)[1];
|
||||
*p += 2;
|
||||
|
||||
if( (*p) + len > end )
|
||||
if( (*p) > end - len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
|
||||
"(psk_identity_hint length)" ) );
|
||||
|
@ -2478,10 +2485,18 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Read signature
|
||||
*/
|
||||
|
||||
if( p > end - 2 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
sig_len = ( p[0] << 8 ) | p[1];
|
||||
p += 2;
|
||||
|
||||
if( end != p + sig_len )
|
||||
if( p != end - sig_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
|
|
|
@ -7685,8 +7685,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
* Default
|
||||
*/
|
||||
default:
|
||||
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
|
||||
conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
|
||||
MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
|
||||
MBEDTLS_SSL_MIN_MAJOR_VERSION :
|
||||
MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
|
||||
conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
|
||||
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
|
||||
MBEDTLS_SSL_MIN_MINOR_VERSION :
|
||||
MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
|
||||
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
||||
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include "mbedtls/version.h"
|
||||
#include <string.h>
|
||||
|
||||
unsigned int mbedtls_version_get_number()
|
||||
unsigned int mbedtls_version_get_number( void )
|
||||
{
|
||||
return( MBEDTLS_VERSION_NUMBER );
|
||||
}
|
||||
|
|
|
@ -95,17 +95,23 @@ static int x509_crl_get_version( unsigned char **p,
|
|||
}
|
||||
|
||||
/*
|
||||
* X.509 CRL v2 extensions (no extensions parsed yet.)
|
||||
* X.509 CRL v2 extensions
|
||||
*
|
||||
* We currently don't parse any extension's content, but we do check that the
|
||||
* list of extensions is well-formed and abort on critical extensions (that
|
||||
* are unsupported as we don't support any extension so far)
|
||||
*/
|
||||
static int x509_get_crl_ext( unsigned char **p,
|
||||
const unsigned char *end,
|
||||
mbedtls_x509_buf *ext )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
/* Get explicit tag */
|
||||
if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
|
||||
/*
|
||||
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
||||
* -- if present, version MUST be v2
|
||||
*/
|
||||
if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
|
||||
return( 0 );
|
||||
|
@ -115,11 +121,54 @@ static int x509_get_crl_ext( unsigned char **p,
|
|||
|
||||
while( *p < end )
|
||||
{
|
||||
/*
|
||||
* Extension ::= SEQUENCE {
|
||||
* extnID OBJECT IDENTIFIER,
|
||||
* critical BOOLEAN DEFAULT FALSE,
|
||||
* extnValue OCTET STRING }
|
||||
*/
|
||||
int is_critical = 0;
|
||||
const unsigned char *end_ext_data;
|
||||
size_t len;
|
||||
|
||||
/* Get enclosing sequence tag */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
end_ext_data = *p + len;
|
||||
|
||||
/* Get OID (currently ignored) */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
|
||||
MBEDTLS_ASN1_OID ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
}
|
||||
*p += len;
|
||||
|
||||
/* Get optional critical */
|
||||
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
|
||||
&is_critical ) ) != 0 &&
|
||||
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
}
|
||||
|
||||
/* Data should be octet string type */
|
||||
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
|
||||
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
/* Ignore data so far and just check its length */
|
||||
*p += len;
|
||||
if( *p != end_ext_data )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
/* Abort on (unsupported) critical extensions */
|
||||
if( is_critical )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
}
|
||||
|
||||
if( *p != end )
|
||||
|
@ -257,7 +306,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
|||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
unsigned char *p = NULL, *end = NULL;
|
||||
mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
|
||||
mbedtls_x509_crl *crl = chain;
|
||||
|
||||
|
@ -294,7 +343,11 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
|||
/*
|
||||
* Copy raw DER-encoded CRL
|
||||
*/
|
||||
if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
|
||||
if( buflen == 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
p = mbedtls_calloc( 1, buflen );
|
||||
if( p == NULL )
|
||||
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
|
|
@ -489,9 +489,12 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||
|
||||
if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
||||
if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
|
||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
||||
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
|
||||
}
|
||||
|
||||
/* Skip everything but DNS name */
|
||||
if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
#
|
||||
# Full usage description provided below.
|
||||
#
|
||||
# Things that shouldn't be enabled with "full".
|
||||
# The following options are disabled instead of enabled with "full".
|
||||
#
|
||||
# MBEDTLS_TEST_NULL_ENTROPY
|
||||
# MBEDTLS_DEPRECATED_REMOVED
|
||||
|
@ -30,6 +30,7 @@
|
|||
# MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
# MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
# MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
# MBEDTLS_RSA_NO_CRT
|
||||
# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
# - this could be enabled if the respective tests were adapted
|
||||
|
@ -86,6 +87,7 @@ MBEDTLS_ECP_DP_M383_ENABLED
|
|||
MBEDTLS_ECP_DP_M511_ENABLED
|
||||
MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
MBEDTLS_RSA_NO_CRT
|
||||
MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
#
|
||||
# Configurations included:
|
||||
# default include/mbedtls/config.h
|
||||
# yotta yotta/module/mbedtls/config.h
|
||||
# thread configs/config-thread.h
|
||||
# suite-b configs/config-suite-b.h
|
||||
# psk configs/config-ccm-psk-tls1_2.h
|
||||
|
@ -102,11 +101,7 @@ log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
|
|||
log "$( arm-none-eabi-gcc --version | head -n1 )"
|
||||
log "CFLAGS=$ARMGCC_FLAGS"
|
||||
|
||||
# creates the yotta config
|
||||
yotta/create-module.sh >/dev/null
|
||||
|
||||
doit default include/mbedtls/config.h
|
||||
doit yotta yotta/module/mbedtls/config.h
|
||||
doit thread configs/config-thread.h
|
||||
doit suite-b configs/config-suite-b.h
|
||||
doit psk configs/config-ccm-psk-tls1_2.h
|
||||
|
|
|
@ -74,6 +74,13 @@ test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_con
|
|||
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
|
||||
all_final += test-int-ca-exp.crt
|
||||
|
||||
crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
|
||||
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
|
||||
all_final += crl-idp.pem
|
||||
crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
|
||||
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
|
||||
all_final += crl-idpnc.pem
|
||||
|
||||
cli_crt_key_file_rsa = cli-rsa.key
|
||||
cli_crt_extensions_file = cli.opensslconf
|
||||
|
||||
|
|
12
tests/data_files/crl-idp.pem
Normal file
12
tests/data_files/crl-idp.pem
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
|
||||
ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3
|
||||
MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw
|
||||
Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/
|
||||
YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3
|
||||
dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob
|
||||
nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm
|
||||
JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU
|
||||
j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r
|
||||
16/9upL64w==
|
||||
-----END X509 CRL-----
|
12
tests/data_files/crl-idpnc.pem
Normal file
12
tests/data_files/crl-idpnc.pem
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
|
||||
ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx
|
||||
MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v
|
||||
cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti
|
||||
H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK
|
||||
x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN
|
||||
vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd
|
||||
B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm
|
||||
k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi
|
||||
cxyjQQ==
|
||||
-----END X509 CRL-----
|
|
@ -14,3 +14,15 @@ basicConstraints = CA:true
|
|||
|
||||
[noext_ca]
|
||||
basicConstraints = CA:true
|
||||
|
||||
[test_ca]
|
||||
database = /dev/null
|
||||
|
||||
[crl_ext_idp]
|
||||
issuingDistributionPoint=critical, @idpdata
|
||||
|
||||
[crl_ext_idp_nc]
|
||||
issuingDistributionPoint=@idpdata
|
||||
|
||||
[idpdata]
|
||||
fullname=URI:http://pki.example.com/
|
||||
|
|
|
@ -328,7 +328,7 @@ if [ $KEEP_GOING -eq 1 ]; then
|
|||
start_red=
|
||||
end_color=
|
||||
if [ -t 1 ]; then
|
||||
case "$TERM" in
|
||||
case "${TERM:-}" in
|
||||
*color*|cygwin|linux|rxvt*|screen|[Eex]term*)
|
||||
start_red=$(printf '\033[31m')
|
||||
end_color=$(printf '\033[0m')
|
||||
|
@ -530,6 +530,22 @@ make test
|
|||
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
|
||||
if_build_succeeded tests/ssl-opt.sh
|
||||
|
||||
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set MBEDTLS_RSA_NO_CRT
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||
make test
|
||||
|
||||
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
|
||||
tests/ssl-opt.sh -f RSA
|
||||
|
||||
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
|
||||
tests/compat.sh -t RSA
|
||||
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
|
|
@ -16,3 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0
|
|||
Memory buffer alloc - Out of Memory test
|
||||
memory_buffer_alloc_oom_test:
|
||||
|
||||
Memory buffer small buffer
|
||||
memory_buffer_small_buffer:
|
||||
|
||||
Memory buffer underalloc
|
||||
memory_buffer_underalloc:
|
||||
|
|
|
@ -232,3 +232,31 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
|
||||
void memory_buffer_small_buffer( )
|
||||
{
|
||||
unsigned char buf[1];
|
||||
|
||||
mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
|
||||
TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
|
||||
void memory_buffer_underalloc( )
|
||||
{
|
||||
unsigned char buf[100];
|
||||
size_t i;
|
||||
|
||||
mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
|
||||
for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_calloc( 1,
|
||||
(size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL );
|
||||
TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_memory_buffer_alloc_free();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -43,15 +43,18 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
|||
const unsigned char *input, unsigned char *output,
|
||||
size_t output_max_len )
|
||||
{
|
||||
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
|
||||
input, output, output_max_len ) );
|
||||
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
|
||||
rnd_std_rand, NULL, mode, olen,
|
||||
input, output, output_max_len ) );
|
||||
}
|
||||
int mbedtls_rsa_sign_func( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
}
|
||||
size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
|
@ -105,7 +108,8 @@ void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret )
|
|||
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
|
||||
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
|
||||
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
|
||||
mbedtls_rsa_key_len_func ) == 0 );
|
||||
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret );
|
||||
}
|
||||
#endif
|
||||
|
@ -417,11 +421,15 @@ exit:
|
|||
void pk_rsa_overflow( )
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
size_t hash_len = SIZE_MAX;
|
||||
size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
|
||||
unsigned char hash[50], sig[100];
|
||||
|
||||
if( SIZE_MAX <= UINT_MAX )
|
||||
return;
|
||||
|
||||
memset( hash, 0x2a, sizeof hash );
|
||||
memset( sig, 0, sizeof sig );
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_setup( &pk,
|
||||
|
@ -429,14 +437,14 @@ void pk_rsa_overflow( )
|
|||
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
|
||||
MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
|
||||
MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
|
||||
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
|
||||
NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
|
||||
sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
|
||||
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
|
||||
rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
exit:
|
||||
|
|
|
@ -1053,22 +1053,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MB
|
|||
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
|
||||
|
||||
Key ASN1 (Incorrect first tag)
|
||||
pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, incorrect version tag)
|
||||
pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, version tag missing)
|
||||
pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, invalid version)
|
||||
pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
|
||||
pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, values present, length mismatch)
|
||||
pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
|
||||
pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
depends_on:MBEDTLS_RSA_C
|
||||
pk_parse_key:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Key ASN1 (ECPrivateKey, empty parameters)
|
||||
depends_on:MBEDTLS_ECP_C
|
||||
pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
|
|
@ -113,8 +113,8 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
void pk_parse_key_rsa( char *key_data, char *result_str, int result )
|
||||
/* BEGIN_CASE */
|
||||
void pk_parse_key( char *key_data, char *result_str, int result )
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char buf[2000];
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
Check compiletime library version
|
||||
check_compiletime_version:"2.7.0"
|
||||
check_compiletime_version:"2.8.0"
|
||||
|
||||
Check runtime library version
|
||||
check_runtime_version:"2.7.0"
|
||||
check_runtime_version:"2.8.0"
|
||||
|
||||
Check for MBEDTLS_VERSION_C
|
||||
check_feature:"MBEDTLS_VERSION_C":0
|
||||
|
|
|
@ -202,6 +202,14 @@ X509 CRL Malformed Input (trailing spaces at end of file)
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
|
||||
mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
|
||||
|
||||
X509 CRL Unsupported critical extension (issuingDistributionPoint)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
|
||||
|
||||
X509 CSR Information RSA with MD4
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
|
||||
mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
|
||||
|
@ -1216,6 +1224,10 @@ x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ER
|
|||
X509 Certificate ASN1 (invalid version overflow)
|
||||
x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
|
||||
|
||||
X509 Certificate ASN1 (invalid SubjectAltNames tag)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||
x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRL ASN1 (Incorrect first tag)
|
||||
x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
|
||||
|
||||
|
@ -1286,6 +1298,24 @@ x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b060355040
|
|||
X509 CRL ASN1 (invalid version overflow)
|
||||
x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
|
||||
|
||||
X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
|
||||
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
|
||||
|
||||
X509 CRT parse path #2 (one cert)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
|
||||
mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
|
||||
|
|
Loading…
Reference in a new issue