From f5e753a942053df4be097b19242e33d9d7870ddb Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 30 May 2017 17:18:06 +0100
Subject: [PATCH 01/18] Add missing ret code checks in PEM module

Add missing return code checks in the functions pem_des_decrypt(),
pem_3des_decrypt() and pem_aes_decrypt() so that the calling function
pem_read_buffer() is notified of errors reported by the crypto
primitives AES, DES and 3DES.
---
 ChangeLog     |  9 +++++++
 library/pem.c | 66 +++++++++++++++++++++++++++++++++------------------
 2 files changed, 52 insertions(+), 23 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b46c72879..0638b6959 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix unchecked return codes from AES, DES and 3DES functions in
+     pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
+     If a call to one of the functions of the cryptographic primitive modules
+     failed, the error may not be noticed by the function pem_read_buffer()
+     causing it to return invalid values. Found by Guido Vranken. #756
+
 = mbed TLS 1.3.19 branch released 2017-03-08
 
 Security
diff --git a/library/pem.c b/library/pem.c
index b2c16c292..08c182f18 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -135,45 +135,53 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
 /*
  * Decrypt with DES-CBC, using PBKDF1 for key derivation
  */
-static void pem_des_decrypt( unsigned char des_iv[8],
-                               unsigned char *buf, size_t buflen,
-                               const unsigned char *pwd, size_t pwdlen )
+static int pem_des_decrypt( unsigned char des_iv[8],
+                            unsigned char *buf, size_t buflen,
+                            const unsigned char *pwd, size_t pwdlen )
 {
     des_context des_ctx;
     unsigned char des_key[8];
+    int ret;
 
     des_init( &des_ctx );
 
     pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
 
-    des_setkey_dec( &des_ctx, des_key );
-    des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
-                     des_iv, buf, buf );
+    if( ( ret = des_setkey_dec( &des_ctx, des_key ) ) != 0 )
+        goto exit;
+    ret = des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf );
 
+exit:
     des_free( &des_ctx );
     polarssl_zeroize( des_key, 8 );
+
+    return( ret );
 }
 
 /*
  * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
  */
-static void pem_des3_decrypt( unsigned char des3_iv[8],
-                               unsigned char *buf, size_t buflen,
-                               const unsigned char *pwd, size_t pwdlen )
+static int pem_des3_decrypt( unsigned char des3_iv[8],
+                             unsigned char *buf, size_t buflen,
+                             const unsigned char *pwd, size_t pwdlen )
 {
     des3_context des3_ctx;
     unsigned char des3_key[24];
+    int ret;
 
     des3_init( &des3_ctx );
 
     pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
 
-    des3_set3key_dec( &des3_ctx, des3_key );
-    des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
-                     des3_iv, buf, buf );
+    if( ( ret = des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
+        goto exit;
+    ret = des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf );
 
+exit:
     des3_free( &des3_ctx );
     polarssl_zeroize( des3_key, 24 );
+
+    return( ret );
 }
 #endif /* POLARSSL_DES_C */
 
@@ -181,23 +189,27 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
 /*
  * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
  */
-static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
-                               unsigned char *buf, size_t buflen,
-                               const unsigned char *pwd, size_t pwdlen )
+static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
+                            unsigned char *buf, size_t buflen,
+                            const unsigned char *pwd, size_t pwdlen )
 {
     aes_context aes_ctx;
     unsigned char aes_key[32];
+    int ret;
 
     aes_init( &aes_ctx );
 
     pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
 
-    aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
-    aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
-                     aes_iv, buf, buf );
+    if( ( ret = aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
+        goto exit;
+    ret = aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf );
 
+exit:
     aes_free( &aes_ctx );
     polarssl_zeroize( aes_key, keylen );
+
+    return( ret );
 }
 #endif /* POLARSSL_AES_C */
 
@@ -347,22 +359,30 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
             return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
         }
 
+        ret = 0;
+
 #if defined(POLARSSL_DES_C)
         if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
-            pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
+            ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
         else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
-            pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
+            ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
 #endif /* POLARSSL_DES_C */
 
 #if defined(POLARSSL_AES_C)
         if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
-            pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
+            ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
         else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
-            pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
+            ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
         else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
-            pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
+            ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
 #endif /* POLARSSL_AES_C */
 
+        if( ret != 0 )
+        {
+            polarssl_free( buf );
+            return( ret );
+        }
+
         /*
          * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
          * length bytes (allow 4 to be sure) in all known use cases.

From e633ef7ed460615f86d1fe441aca85d666d9a611 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 30 May 2017 17:30:09 +0100
Subject: [PATCH 02/18] Add negative testing for pem_read_buffer()

---
 tests/suites/test_suite_pem.data     | 18 +++++++++++++++---
 tests/suites/test_suite_pem.function | 13 +++++++++----
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index b5f63e550..416cf8422 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -17,10 +17,22 @@ PEM write (exactly two lines + 1)
 pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
 
 PEM read (DES-EDE3-CBC + invalid iv)
-pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
 
 PEM read (DES-CBC + invalid iv)
-pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
 
 PEM read (unknown encryption algorithm)
-pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
+pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
+
+PEM read (malformed PEM DES-CBC)
+depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
+pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
+
+PEM read (malformed PEM DES-EDE3-CBC)
+depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
+pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
+
+PEM read (malformed PEM AES-128-CBC)
+depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CBC
+pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index e0b767984..e96c83ff2 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -1,6 +1,8 @@
 /* BEGIN_HEADER */
 #include "polarssl/base64.h"
 #include "polarssl/pem.h"
+#include "polarssl/des.h"
+#include "polarssl/aes.h"
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
@@ -35,16 +37,19 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */
-void pem_read_buffer( char *header, char *footer, char *data, int ret )
+void pem_read_buffer( char *header, char *footer, char *data, char *pwd,
+                      int res )
 {
     pem_context ctx;
+    int ret;
     size_t use_len = 0;
+    size_t pwd_len = strlen( pwd );
 
     pem_init( &ctx );
 
-    TEST_ASSERT( pem_read_buffer( &ctx, header, footer,
-                                  (const unsigned char *)data, NULL, 0,
-                                  &use_len ) == ret );
+    ret = pem_read_buffer( &ctx, header, footer, (const unsigned char *)data,
+                           (unsigned char *)pwd, pwd_len, &use_len );
+    TEST_ASSERT( ret == res );
 
 exit:
     pem_free( &ctx );

From bc3fa39f0e47641fb7ea3ca55415ee47d9222815 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 7 Sep 2017 16:58:41 +0300
Subject: [PATCH 03/18] Backport 1.3:Add configuration file in md.h

include *`config.h`* in md.h as MACROS in the header file get ignored.Backport to
Backport of #1055 to mbedtls-1.3
---
 ChangeLog             | 6 ++++++
 include/polarssl/md.h | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a3171d7eb..cd7fc4187 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.xx branch released xxxx-xx-xx
+
+Bugfix
+    * Include configuration file in md.h, to fix compilation warnings.
+      Reported by aaronmdjones in #1001
+
 = mbed TLS 1.3.21 branch released 2017-08-10
 
 Security
diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index fc7482a4b..e3958702f 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -33,6 +33,12 @@
 #define inline __inline
 #endif
 
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
 #define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
 #define POLARSSL_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
 #define POLARSSL_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */

From 3216c1a82a30eb752faa294d6ca572c426c1012b Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 7 Sep 2017 17:15:47 +0300
Subject: [PATCH 04/18] Fix after Andres comments

Move the include of the configuration file to the begninnig
---
 include/polarssl/md.h | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index e3958702f..9be55a989 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -27,18 +27,17 @@
 #define POLARSSL_MD_H
 
 #include <stddef.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
 #if !defined(POLARSSL_CONFIG_FILE)
 #include "config.h"
 #else
 #include POLARSSL_CONFIG_FILE
 #endif
 
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 #define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
 #define POLARSSL_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
 #define POLARSSL_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */

From 8cd5d436394f5aeb7c500f3c695aba8d64b10ded Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Sep 2017 10:35:32 +0100
Subject: [PATCH 05/18] Initialize RSA context in RSA test suite before first
 potentially failing operation

The function `rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
---
 tests/suites/test_suite_rsa.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index d4f330805..7cfc09f7f 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -667,12 +667,12 @@ void rsa_gen_key( int nrbits, int exponent, int result)
     const char *pers = "test_suite_rsa";
 
     entropy_init( &entropy );
+    rsa_init( &ctx, 0, 0 );
+
     TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
                                 (const unsigned char *) pers,
                                 strlen( pers ) ) == 0 );
 
-    rsa_init( &ctx, 0, 0 );
-
     TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, nrbits,
                  exponent ) == result );
     if( result == 0 )

From 65382c38e865bb4470539a81cf4034257f94fedf Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Sep 2017 10:36:26 +0100
Subject: [PATCH 06/18] Fix typos in entropy test data

---
 tests/suites/test_suite_entropy.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data
index d81061cf1..4a2c13721 100644
--- a/tests/suites/test_suite_entropy.data
+++ b/tests/suites/test_suite_entropy.data
@@ -31,10 +31,10 @@ entropy_threshold:16:2:8
 Entropy threshold #2
 entropy_threshold:32:1:32
 
-Entropy thershold #3
+Entropy threshold #3
 entropy_threshold:16:0:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
 
-Entropy thershold #4
+Entropy threshold #4
 entropy_threshold:1024:1:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
 
 Entropy self test

From cffe2daf254834da119e5c3509ed405ea3fef6b5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Sep 2017 10:39:07 +0100
Subject: [PATCH 07/18] Support negative dependencies in test cases

The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
---
 tests/scripts/generate_code.pl | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index e13a2d0da..5d7d2193c 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -194,7 +194,7 @@ END
 # and make check code
 my $dep_check_code;
 
-my @res = $test_data =~ /^depends_on:([\w:]+)/msg;
+my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
 my %case_deps;
 foreach my $deps (@res)
 {
@@ -205,7 +205,23 @@ foreach my $deps (@res)
 }
 while( my ($key, $value) = each(%case_deps) )
 {
-    $dep_check_code .= << "END";
+    if( substr($key, 0, 1) eq "!" )
+    {
+        my $key = substr($key, 1);
+        $dep_check_code .= << "END";
+    if( strcmp( str, "!$key" ) == 0 )
+    {
+#if !defined($key)
+        return( 0 );
+#else
+        return( 1 );
+#endif
+    }
+END
+    }
+    else
+    {
+        $dep_check_code .= << "END";
     if( strcmp( str, "$key" ) == 0 )
     {
 #if defined($key)
@@ -215,6 +231,7 @@ while( my ($key, $value) = each(%case_deps) )
 #endif
     }
 END
+    }
 }
 
 # Make mapping code

From adb9bd23d9e96b8b6494edd41bf866ece61f9ffa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Sep 2017 10:53:30 +0100
Subject: [PATCH 08/18] Add internal macro ENTROPY_HAVE_DEFAULT indicating
 default entropy

This commit adds the macro ENTROPY_HAVE_DEFAULT to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of a default entropy source.
---
 library/entropy.c             |  3 +++
 tests/suites/helpers.function | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/library/entropy.c b/library/entropy.c
index c6f44df3b..edd5721ad 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -61,6 +61,9 @@ void entropy_init( entropy_context *ctx )
 {
     memset( ctx, 0, sizeof(entropy_context) );
 
+    /* Reminder: Update ENTROPY_HAVE_DEFAULT in the test files
+      * when adding more strong entropy sources here. */
+
 #if defined(POLARSSL_THREADING_C)
     polarssl_mutex_init( &ctx->mutex );
 #endif
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 0f074859c..ddc29f602 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -53,6 +53,17 @@ typedef UINT32 uint32_t;
 }
 #endif
 
+/* Helper flags for complex dependencies */
+
+/* Indicates whether we expect mbedtls_entropy_init
+ * to initialize some strong entropy source. */
+#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) &&   \
+      ( !defined(POLARSSL_NO_PLATFORM_ENTROPY)  ||     \
+         defined(POLARSSL_HAVEGE_C)             ||     \
+         defined(POLARSSL_TIMING_C) )
+#define ENTROPY_HAVE_DEFAULT
+#endif
+
 static int unhexify( unsigned char *obuf, const char *ibuf )
 {
     unsigned char c, c2;
@@ -212,7 +223,7 @@ typedef struct
  * This function returns random based on a buffer it receives.
  *
  * rng_state shall be a pointer to a rnd_buf_info structure.
- * 
+ *
  * The number of bytes released from the buffer on each call to
  * the random function is specified by per_call. (Can be between
  * 1 and 4)

From 3674a4865c95f615c8fe93116bfbe0023e7b7513 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 8 Sep 2017 10:56:19 +0100
Subject: [PATCH 09/18] Guard some tests by presence of default entropy

---
 tests/suites/test_suite_entropy.function | 8 ++++----
 tests/suites/test_suite_rsa.function     | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index c46246c47..50f783077 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -40,7 +40,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
  * END_DEPENDENCIES
  */
 
-/* BEGIN_CASE depends_on:POLARSSL_FS_IO */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:ENTROPY_HAVE_DEFAULT */
 void entropy_seed_file( char *path, int ret )
 {
     entropy_context ctx;
@@ -78,7 +78,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
 void entropy_func_len( int len, int ret )
 {
     entropy_context ctx;
@@ -137,7 +137,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
 void entropy_threshold( int threshold, int chunk_size, int result )
 {
     entropy_context ctx;
@@ -167,7 +167,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */
+/* BEGIN_CASEdepends_on:ENTROPY_HAVE_DEFAULT:POLARSSL_SELF_TEST */
 void entropy_selftest( )
 {
     TEST_ASSERT( entropy_self_test( 0 ) == 0 );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 7cfc09f7f..3d13edd9a 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -658,7 +658,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
+/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C:ENTROPY_HAVE_DEFAULT */
 void rsa_gen_key( int nrbits, int exponent, int result)
 {
     rsa_context ctx;

From 2bc85eb7aa33507e3c0827be5ae3b5f62c535300 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 28 Sep 2017 14:43:04 +0100
Subject: [PATCH 10/18] Fix extraction of signature-type from PK context
 instance

---
 library/x509write_crt.c | 10 ++++++++--
 library/x509write_csr.c | 19 +++++++++++++------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 446a8e937..1d9f0d2d8 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -308,9 +308,15 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
     c = tmp_buf + sizeof( tmp_buf );
 
     /* Signature algorithm needed in TBS, and later for actual signature */
-    pk_alg = pk_get_type( ctx->issuer_key );
-    if( pk_alg == POLARSSL_PK_ECKEY )
+
+    /* There's no direct way of extracting a signature algorithm
+     * (represented as an element of pk_type_t) from a PK instance. */
+    if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) )
+        pk_alg = POLARSSL_PK_RSA;
+    else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) )
         pk_alg = POLARSSL_PK_ECDSA;
+    else
+        return( POLARSSL_ERR_X509_INVALID_ALG );
 
     if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
                                         &sig_oid, &sig_oid_len ) ) != 0 )
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 1b3d2f58b..4a5e5ca88 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -195,13 +195,20 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
      */
     md( md_info_from_type( ctx->md_alg ), c, len, hash );
 
-    pk_alg = pk_get_type( ctx->key );
-    if( pk_alg == POLARSSL_PK_ECKEY )
-        pk_alg = POLARSSL_PK_ECDSA;
-
     if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
-                         f_rng, p_rng ) ) != 0 ||
-        ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+                         f_rng, p_rng ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
+        pk_alg = POLARSSL_PK_RSA;
+    else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) )
+        pk_alg = POLARSSL_PK_ECDSA;
+    else
+        return( POLARSSL_ERR_X509_INVALID_ALG );
+
+    if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
                                         &sig_oid, &sig_oid_len ) ) != 0 )
     {
         return( ret );

From 234d503b3abcdd4a7bb2c14867332cab86a4fda3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 28 Sep 2017 14:45:35 +0100
Subject: [PATCH 11/18] Adapt ChangeLog

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a3171d7eb..e67e603d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Correct extraction of signature-type from PK instance in X.509 CRT and CSR
+     writing routines that prevented these functions to work with alternative
+     RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
+
 = mbed TLS 1.3.21 branch released 2017-08-10
 
 Security

From 3c89dca09e4445ef0748be201609cabd9bc4ed03 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 5 Oct 2017 07:39:45 +0100
Subject: [PATCH 12/18] Omit version from X.509 v1 certificates

The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
---
 library/x509write_crt.c         | 18 +++++++++++-------
 tests/data_files/server1.v1.crt | 32 ++++++++++++++++----------------
 2 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 1d9f0d2d8..b64499593 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -385,16 +385,20 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
     /*
      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      */
-    sub_len = 0;
-    ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
-    len += sub_len;
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
-                                                    ASN1_CONSTRUCTED | 0 ) );
+
+    if( ctx->version != X509_CRT_VERSION_1 )
+    {
+        sub_len = 0;
+        ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
+        len += sub_len;
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
+                                           ASN1_CONSTRUCTED | 0 ) );
+    }
 
     ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
     ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
-                                                    ASN1_SEQUENCE ) );
+                                       ASN1_SEQUENCE ) );
 
     /*
      * Make signature
diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt
index 0a4b2a5cc..b13be4351 100644
--- a/tests/data_files/server1.v1.crt
+++ b/tests/data_files/server1.v1.crt
@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
-uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
-d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
-CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
-lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
-bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
-owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK
-b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd
-Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/
-9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u
-6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m
-OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A==
+MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV
+BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx
+MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT
+CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb
+7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ
+BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw
+fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B
+Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y
+ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq
+hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB
+tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5
+T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh
+zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi
+U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay
+IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ==
 -----END CERTIFICATE-----

From 7c3c97ac13070a8aba2599262ef6c1f4b4446193 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 5 Oct 2017 07:49:21 +0100
Subject: [PATCH 13/18] Don't add extensions for X.509 non-v3 certificates

This commit removes extension-writing code for X.509 non-v3 certificates from
x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
---
 library/x509write_crt.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index b64499593..a6b095a24 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -327,13 +327,19 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
     /*
      *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
      */
-    ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
-                                                    ASN1_SEQUENCE ) );
-    ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
-    ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
-                                                    ASN1_CONSTRUCTED | 3 ) );
+
+    /* Only for v3 */
+    if( ctx->version == X509_CRT_VERSION_3 )
+    {
+        ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf,
+                                                  ctx->extensions ) );
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
+                                           ASN1_SEQUENCE ) );
+        ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
+        ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
+                                           ASN1_CONSTRUCTED | 3 ) );
+    }
 
     /*
      *  SubjectPublicKeyInfo

From e87e5f6c71c2d967f462b878153ac02102abcc55 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 13 Sep 2017 12:49:22 +0100
Subject: [PATCH 14/18] Extend cert_write example program by multiple cmd line
 options

This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
---
 programs/x509/cert_write.c | 239 +++++++++++++++++++++++++++++--------
 1 file changed, 189 insertions(+), 50 deletions(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 290eebcf2..12461585c 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -54,6 +54,7 @@ int main( void )
 #include "polarssl/x509_csr.h"
 #include "polarssl/entropy.h"
 #include "polarssl/ctr_drbg.h"
+#include "polarssl/md.h"
 #include "polarssl/error.h"
 
 #include <stdio.h>
@@ -86,6 +87,11 @@ int main( void )
 #define DFL_MAX_PATHLEN         -1
 #define DFL_KEY_USAGE           0
 #define DFL_NS_CERT_TYPE        0
+#define DFL_VERSION             3
+#define DFL_AUTH_IDENT          1
+#define DFL_SUBJ_IDENT          1
+#define DFL_CONSTRAINTS         1
+#define DFL_DIGEST              POLARSSL_MD_SHA256
 
 #define USAGE \
     "\n usage: cert_write param=<>...\n"                \
@@ -112,6 +118,20 @@ int main( void )
     "    not_after=%%s        default: 20301231235959\n"\
     "    is_ca=%%d            default: 0 (disabled)\n"  \
     "    max_pathlen=%%d      default: -1 (none)\n"     \
+    "    md=%%s               default: SHA256\n"        \
+    "                        Supported values:\n"       \
+    "                        MD5, SHA1, SHA256, SHA512\n"\
+    "    version=%%d           default: 3\n"            \
+    "                        Possible values: 1, 2, 3\n"\
+    "    subject_identifier   default: 1\n"             \
+    "                        Possible values: 0, 1\n"   \
+    "                        (Considered for v3 only)\n"\
+    "    authority_identifier default: 1\n"             \
+    "                        Possible values: 0, 1\n"   \
+    "                        (Considered for v3 only)\n"\
+    "    basic_constraints    default: 1\n"             \
+    "                        Possible values: 0, 1\n"   \
+    "                        (Considered for v3 only)\n"\
     "    key_usage=%%s        default: (empty)\n"       \
     "                        Comma-separated-list of values:\n"     \
     "                          digital_signature\n"     \
@@ -121,6 +141,7 @@ int main( void )
     "                          key_agreement\n"         \
     "                          key_certificate_sign\n"  \
     "                          crl_sign\n"              \
+    "                        (Considered for v3 only)\n"\
     "    ns_cert_type=%%s     default: (empty)\n"       \
     "                        Comma-separated-list of values:\n"     \
     "                          ssl_client\n"            \
@@ -152,6 +173,11 @@ struct options
     int selfsign;               /* selfsign the certificate             */
     int is_ca;                  /* is a CA certificate                  */
     int max_pathlen;            /* maximum CA path length               */
+    int authority_identifier;   /* add authority identifier to CRT      */
+    int subject_identifier;     /* add subject identifier to CRT        */
+    int basic_constraints;      /* add basic constraints ext to CRT     */
+    int version;                /* CRT version                          */
+    md_type_t md;               /* Hash used for signing                */
     unsigned char key_usage;    /* key usage flags                      */
     unsigned char ns_cert_type; /* NS cert type                         */
 } opt;
@@ -246,6 +272,11 @@ int main( int argc, char *argv[] )
     opt.max_pathlen         = DFL_MAX_PATHLEN;
     opt.key_usage           = DFL_KEY_USAGE;
     opt.ns_cert_type        = DFL_NS_CERT_TYPE;
+    opt.version             = DFL_VERSION - 1;
+    opt.md                  = DFL_DIGEST;
+    opt.subject_identifier   = DFL_SUBJ_IDENT;
+    opt.authority_identifier = DFL_AUTH_IDENT;
+    opt.basic_constraints    = DFL_CONSTRAINTS;
 
     for( i = 1; i < argc; i++ )
     {
@@ -289,23 +320,88 @@ int main( int argc, char *argv[] )
         {
             opt.serial = q;
         }
+        else if( strcmp( p, "authority_identifier" ) == 0 )
+        {
+            opt.authority_identifier = atoi( q );
+            if( opt.authority_identifier != 0 &&
+                opt.authority_identifier != 1 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
+                goto usage;
+            }
+        }
+        else if( strcmp( p, "subject_identifier" ) == 0 )
+        {
+            opt.subject_identifier = atoi( q );
+            if( opt.subject_identifier != 0 &&
+                opt.subject_identifier != 1 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
+                goto usage;
+            }
+        }
+        else if( strcmp( p, "basic_constraints" ) == 0 )
+        {
+            opt.basic_constraints = atoi( q );
+            if( opt.basic_constraints != 0 &&
+                opt.basic_constraints != 1 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
+                goto usage;
+            }
+        }
+        else if( strcmp( p, "md" ) == 0 )
+        {
+            if( strcmp( q, "SHA1" ) == 0 )
+                opt.md = POLARSSL_MD_SHA1;
+            else if( strcmp( q, "SHA256" ) == 0 )
+                opt.md = POLARSSL_MD_SHA256;
+            else if( strcmp( q, "SHA512" ) == 0 )
+                opt.md = POLARSSL_MD_SHA512;
+            else if( strcmp( q, "MD5" ) == 0 )
+                opt.md = POLARSSL_MD_MD5;
+            else
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
+                goto usage;
+            }
+        }
+        else if( strcmp( p, "version" ) == 0 )
+        {
+            opt.version = atoi( q );
+            if( opt.version < 1 || opt.version > 3 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
+                goto usage;
+            }
+            opt.version--;
+        }
         else if( strcmp( p, "selfsign" ) == 0 )
         {
             opt.selfsign = atoi( q );
             if( opt.selfsign < 0 || opt.selfsign > 1 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
                 goto usage;
+            }
         }
         else if( strcmp( p, "is_ca" ) == 0 )
         {
             opt.is_ca = atoi( q );
             if( opt.is_ca < 0 || opt.is_ca > 1 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
                 goto usage;
+            }
         }
         else if( strcmp( p, "max_pathlen" ) == 0 )
         {
             opt.max_pathlen = atoi( q );
             if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
+            {
+                polarssl_printf( "Invalid argument for option %s\n", p );
                 goto usage;
+            }
         }
         else if( strcmp( p, "key_usage" ) == 0 )
         {
@@ -329,7 +425,10 @@ int main( int argc, char *argv[] )
                 else if( strcmp( q, "crl_sign" ) == 0 )
                     opt.key_usage |= KU_CRL_SIGN;
                 else
+                {
+                    polarssl_printf( "Invalid argument for option %s\n", p );
                     goto usage;
+                }
 
                 q = r;
             }
@@ -356,7 +455,10 @@ int main( int argc, char *argv[] )
                 else if( strcmp( q, "object_signing_ca" ) == 0 )
                     opt.ns_cert_type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
                 else
+                {
+                    polarssl_printf( "Invalid argument for option %s\n", p );
                     goto usage;
+                }
 
                 q = r;
             }
@@ -379,7 +481,8 @@ int main( int argc, char *argv[] )
                                strlen( pers ) ) ) != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  ctr_drbg_init returned %d - %s\n", ret, buf );
+        polarssl_printf( " failed\n  !  ctr_drbg_init "
+                         "returned %d - %s\n", ret, buf );
         goto exit;
     }
 
@@ -393,7 +496,8 @@ int main( int argc, char *argv[] )
     if( ( ret = mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  mpi_read_string "
+                         "returned -0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 
@@ -412,7 +516,8 @@ int main( int argc, char *argv[] )
         if( ( ret = x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509_crt_parse_file returned "
+                             "-0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -421,7 +526,8 @@ int main( int argc, char *argv[] )
         if( ret < 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509_dn_gets returned "
+                             "-0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -444,7 +550,8 @@ int main( int argc, char *argv[] )
         if( ( ret = x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509_csr_parse_file returned "
+                             "-0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -453,7 +560,8 @@ int main( int argc, char *argv[] )
         if( ret < 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509_dn_gets returned "
+                             "-0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -477,7 +585,8 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  pk_parse_keyfile returned "
+                             "-0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -492,7 +601,8 @@ int main( int argc, char *argv[] )
     if( ret != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  pk_parse_keyfile returned "
+                         "-x%02x - %s\n\n", -ret, buf );
         goto exit;
     }
 
@@ -506,7 +616,8 @@ int main( int argc, char *argv[] )
             mpi_cmp_mpi( &pk_rsa( issuer_crt.pk )->E,
                          &pk_rsa( *issuer_key )->E ) != 0 )
         {
-            polarssl_printf( " failed\n  !  issuer_key does not match issuer certificate\n\n" );
+            polarssl_printf( " failed\n  !  issuer_key does not match "
+                             "issuer certificate\n\n" );
             ret = -1;
             goto exit;
         }
@@ -526,28 +637,35 @@ int main( int argc, char *argv[] )
     /*
      * 1.0. Check the names for validity
      */
-    if( ( ret = x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
+    if( ( ret = x509write_crt_set_subject_name( &crt,
+                                                opt.subject_name ) ) != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  x509write_crt_set_subject_name returned"
+                         " -0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 
     if( ( ret = x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  x509write_crt_set_issuer_name returned "
+                         "-0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 
     polarssl_printf( "  . Setting certificate values ..." );
     fflush( stdout );
 
+    x509write_crt_set_version( &crt, opt.version );
+    x509write_crt_set_md_alg( &crt, opt.md );
+
     ret = x509write_crt_set_serial( &crt, &serial );
     if( ret != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  x509write_crt_set_serial returned "
+                         "-0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 
@@ -555,55 +673,72 @@ int main( int argc, char *argv[] )
     if( ret != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  x509write_crt_set_validity returned "
+                         "-0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 
     polarssl_printf( " ok\n" );
 
-    polarssl_printf( "  . Adding the Basic Constraints extension ..." );
-    fflush( stdout );
-
-    ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
-                                               opt.max_pathlen );
-    if( ret != 0 )
+    if( opt.version == 3 && opt.basic_constraints )
     {
-        polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
-        goto exit;
-    }
+        polarssl_printf( "  . Adding the Basic Constraints extension ..." );
+        fflush( stdout );
 
-    polarssl_printf( " ok\n" );
+        ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
+                                                           opt.max_pathlen );
+        if( ret != 0 )
+        {
+            polarssl_strerror( ret, buf, 1024 );
+            polarssl_printf( " failed\n  !  x509write_crt_set_basic_contraints "
+                             "returned -0x%04x - %s\n\n", -ret, buf );
+            goto exit;
+        }
+
+        polarssl_printf( " ok\n" );
+    }
 
 #if defined(POLARSSL_SHA1_C)
-    polarssl_printf( "  . Adding the Subject Key Identifier ..." );
-    fflush( stdout );
-
-    ret = x509write_crt_set_subject_key_identifier( &crt );
-    if( ret != 0 )
+    if( opt.version == 3 && opt.subject_identifier )
     {
-        polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
-        goto exit;
+        polarssl_printf( "  . Adding the Subject Key Identifier ..." );
+        fflush( stdout );
+
+        ret = x509write_crt_set_subject_key_identifier( &crt );
+        if( ret != 0 )
+        {
+            polarssl_strerror( ret, buf, 1024 );
+            polarssl_printf( " failed\n  !  x509write_crt_set_subject"
+                            "_key_identifier returned -0x%04x - %s\n\n",
+                            -ret, buf );
+            goto exit;
+        }
+
+        polarssl_printf( " ok\n" );
     }
 
-    polarssl_printf( " ok\n" );
-
-    polarssl_printf( "  . Adding the Authority Key Identifier ..." );
-    fflush( stdout );
-
-    ret = x509write_crt_set_authority_key_identifier( &crt );
-    if( ret != 0 )
+    if( opt.version == X509_CRT_VERSION_3 &&
+        opt.authority_identifier != 0 )
     {
-        polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
-        goto exit;
-    }
+        polarssl_printf( "  . Adding the Authority Key Identifier ..." );
+        fflush( stdout );
 
-    polarssl_printf( " ok\n" );
+        ret = x509write_crt_set_authority_key_identifier( &crt );
+        if( ret != 0 )
+        {
+            polarssl_strerror( ret, buf, 1024 );
+            polarssl_printf( " failed\n  !  x509write_crt_set_authority_"
+                            "key_identifier returned -0x%04x - %s\n\n",
+                            -ret, buf );
+            goto exit;
+        }
+
+        polarssl_printf( " ok\n" );
+    }
 #endif /* POLARSSL_SHA1_C */
 
-    if( opt.key_usage )
+    if( opt.version == X509_CRT_VERSION_3 &&
+        opt.key_usage != 0 )
     {
         polarssl_printf( "  . Adding the Key Usage extension ..." );
         fflush( stdout );
@@ -612,14 +747,16 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509write_crt_set_key_usage "
+                             "returned -0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
         polarssl_printf( " ok\n" );
     }
 
-    if( opt.ns_cert_type )
+    if( opt.version == X509_CRT_VERSION_3 &&
+        opt.ns_cert_type != 0 )
     {
         polarssl_printf( "  . Adding the NS Cert Type extension ..." );
         fflush( stdout );
@@ -628,7 +765,8 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             polarssl_strerror( ret, buf, 1024 );
-            polarssl_printf( " failed\n  !  x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
+            polarssl_printf( " failed\n  !  x509write_crt_set_ns_cert_type "
+                             "returned -0x%04x - %s\n\n", -ret, buf );
             goto exit;
         }
 
@@ -645,7 +783,8 @@ int main( int argc, char *argv[] )
                                    ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         polarssl_strerror( ret, buf, 1024 );
-        polarssl_printf( " failed\n  !  write_certifcate -0x%02x - %s\n\n", -ret, buf );
+        polarssl_printf( " failed\n  !  write_certifcate returned "
+                         "-0x%04x - %s\n\n", -ret, buf );
         goto exit;
     }
 

From 524f255c5b5ed85b21708a5cfa107296ab07fb73 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 5 Oct 2017 08:32:38 +0100
Subject: [PATCH 15/18] Extend x509write_crt suite by RSA_ALT signing test

---
 .../data_files/server1.cert_type_noauthid.crt | 20 +++++++
 .../data_files/server1.key_usage_noauthid.crt | 20 +++++++
 tests/data_files/server1.noauthid.crt         | 19 +++++++
 tests/suites/test_suite_x509write.data        | 24 ++++++--
 tests/suites/test_suite_x509write.function    | 55 +++++++++++++++++--
 5 files changed, 128 insertions(+), 10 deletions(-)
 create mode 100644 tests/data_files/server1.cert_type_noauthid.crt
 create mode 100644 tests/data_files/server1.key_usage_noauthid.crt
 create mode 100644 tests/data_files/server1.noauthid.crt

diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt
new file mode 100644
index 000000000..3c0f23752
--- /dev/null
+++ b/tests/data_files/server1.cert_type_noauthid.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
+BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
+mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
+FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
+prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
+9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
+HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
+jz0b2l4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt
new file mode 100644
index 000000000..2223807f2
--- /dev/null
+++ b/tests/data_files/server1.key_usage_noauthid.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
+BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
+shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
+3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
+q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
+37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
+VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
+JTo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt
new file mode 100644
index 000000000..99c004f62
--- /dev/null
+++ b/tests/data_files/server1.noauthid.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
+BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
+UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
+5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
+avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
+q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
+1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 66f099387..a8e7f25cb 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS
 
 Certificate write check Server1 SHA1
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
 
 Certificate write check Server1 SHA1, key_usage
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
 
 Certificate write check Server1 SHA1, ns_cert_type
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
 
 Certificate write check Server1 SHA1, version 1
 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
+
+Certificate write check Server1 SHA1, RSA_ALT
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":0
+
+Certificate write check Server1 SHA1, RSA_ALT, key_usage
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":0
+
+Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":0
+
+Certificate write check Server1 SHA1, RSA_ALT, version 1
+depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
 
 X509 String to Names #1
 x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 825a59313..1ab43c511 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -3,6 +3,30 @@
 #include "polarssl/x509_csr.h"
 #include "polarssl/pem.h"
 #include "polarssl/oid.h"
+#include "polarssl/rsa.h"
+
+#if defined(POLARSSL_RSA_C)
+int rsa_decrypt_func( void *ctx, int mode, size_t *olen,
+                       const unsigned char *input, unsigned char *output,
+                       size_t output_max_len )
+{
+    return( rsa_pkcs1_decrypt( (rsa_context *) ctx, NULL, NULL, mode, olen,
+                               input, output, output_max_len ) );
+}
+int rsa_sign_func( void *ctx,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                   int mode, md_type_t md_alg, unsigned int hashlen,
+                   const unsigned char *hash, unsigned char *sig )
+{
+    return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode,
+                            md_alg, hashlen, hash, sig ) );
+}
+size_t rsa_key_len_func( void *ctx )
+{
+    return( ((const rsa_context *) ctx)->len );
+}
+#endif /* POLARSSL_RSA_C */
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
                      char *subject_name, char *issuer_key_file,
                      char *issuer_pwd, char *issuer_name,
                      char *serial_str, char *not_before, char *not_after,
-                     int md_type, int key_usage, int cert_type, int ver,
-                     char *cert_check_file )
+                     int md_type, int key_usage, int cert_type, int auth_ident,
+                     int ver, char *cert_check_file, int rsa_alt )
 {
-    pk_context subject_key, issuer_key;
+    pk_context subject_key, issuer_key, issuer_key_alt;
+    pk_context *key = &issuer_key;
+
     x509write_cert crt;
     unsigned char buf[4096];
     unsigned char check_buf[5000];
@@ -93,14 +119,29 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
     mpi_init( &serial );
     pk_init( &subject_key );
     pk_init( &issuer_key );
+    pk_init( &issuer_key_alt );
+
+    x509write_crt_init( &crt );
 
     TEST_ASSERT( pk_parse_keyfile( &subject_key, subject_key_file,
                                          subject_pwd ) == 0 );
     TEST_ASSERT( pk_parse_keyfile( &issuer_key, issuer_key_file,
                                          issuer_pwd ) == 0 );
+
+    /* For RSA PK contexts, create a copy as an alternative RSA context. */
+    if( rsa_alt == 1 && pk_get_type( &issuer_key ) == POLARSSL_PK_RSA )
+    {
+        TEST_ASSERT( pk_init_ctx_rsa_alt( &issuer_key_alt,
+                                          pk_rsa( issuer_key ),
+                                          rsa_decrypt_func,
+                                          rsa_sign_func,
+                                          rsa_key_len_func ) == 0 );
+
+        key = &issuer_key_alt;
+    }
+
     TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 );
 
-    x509write_crt_init( &crt );
     if( ver != -1 )
         x509write_crt_set_version( &crt, ver );
     TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 );
@@ -110,13 +151,14 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
     TEST_ASSERT( x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
     TEST_ASSERT( x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
     x509write_crt_set_subject_key( &crt, &subject_key );
-    x509write_crt_set_issuer_key( &crt, &issuer_key );
+    x509write_crt_set_issuer_key( &crt, key );
 
     if( crt.version >= X509_CRT_VERSION_3 )
     {
         TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
         TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
-        TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
+        if( auth_ident != 0 )
+            TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
         if( key_usage != 0 )
             TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
         if( cert_type != 0 )
@@ -152,6 +194,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
 exit:
     x509write_crt_free( &crt );
     pk_free( &issuer_key );
+    pk_free( &issuer_key_alt );
     pk_free( &subject_key );
     mpi_free( &serial );
 }

From ef4acc569de547e7f604f8eb5262a48a88feb07a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 5 Oct 2017 08:35:48 +0100
Subject: [PATCH 16/18] Minor style and typo corrections

---
 library/x509write_crt.c                    | 30 +++++++++++-----------
 library/x509write_csr.c                    |  4 +--
 tests/suites/test_suite_x509write.function |  6 ++---
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index a6b095a24..19dd0beae 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -52,7 +52,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
 
 void x509write_crt_init( x509write_cert *ctx )
 {
-    memset( ctx, 0, sizeof(x509write_cert) );
+    memset( ctx, 0, sizeof( x509write_cert ) );
 
     mpi_init( &ctx->serial );
     ctx->version = X509_CRT_VERSION_3;
@@ -66,7 +66,7 @@ void x509write_crt_free( x509write_cert *ctx )
     asn1_free_named_data_list( &ctx->issuer );
     asn1_free_named_data_list( &ctx->extensions );
 
-    polarssl_zeroize( ctx, sizeof(x509write_cert) );
+    polarssl_zeroize( ctx, sizeof( x509write_cert ) );
 }
 
 void x509write_crt_set_version( x509write_cert *ctx, int version )
@@ -141,10 +141,10 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
 {
     int ret;
     unsigned char buf[9];
-    unsigned char *c = buf + sizeof(buf);
+    unsigned char *c = buf + sizeof( buf );
     size_t len = 0;
 
-    memset( buf, 0, sizeof(buf) );
+    memset( buf, 0, sizeof( buf ) );
 
     if( is_ca && max_pathlen > 127 )
         return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
@@ -164,7 +164,7 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
 
     return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS,
                                         OID_SIZE( OID_BASIC_CONSTRAINTS ),
-                                        0, buf + sizeof(buf) - len, len );
+                                        0, buf + sizeof( buf ) - len, len );
 }
 
 #if defined(POLARSSL_SHA1_C)
@@ -172,14 +172,14 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
 {
     int ret;
     unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
-    unsigned char *c = buf + sizeof(buf);
+    unsigned char *c = buf + sizeof( buf );
     size_t len = 0;
 
-    memset( buf, 0, sizeof(buf) );
+    memset( buf, 0, sizeof( buf ) );
     ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) );
 
-    sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
-    c = buf + sizeof(buf) - 20;
+    sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
+    c = buf + sizeof( buf ) - 20;
     len = 20;
 
     ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
@@ -187,21 +187,21 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
 
     return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER,
                                         OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ),
-                                        0, buf + sizeof(buf) - len, len );
+                                        0, buf + sizeof( buf ) - len, len );
 }
 
 int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
 {
     int ret;
     unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
-    unsigned char *c = buf + sizeof(buf);
+    unsigned char *c = buf + sizeof( buf );
     size_t len = 0;
 
-    memset( buf, 0, sizeof(buf) );
+    memset( buf, 0, sizeof( buf ) );
     ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) );
 
-    sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
-    c = buf + sizeof(buf) - 20;
+    sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
+    c = buf + sizeof( buf ) - 20;
     len = 20;
 
     ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
@@ -213,7 +213,7 @@ int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
 
     return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER,
                                    OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ),
-                                   0, buf + sizeof(buf) - len, len );
+                                   0, buf + sizeof( buf ) - len, len );
 }
 #endif /* POLARSSL_SHA1_C */
 
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 4a5e5ca88..74188823d 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -51,7 +51,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
 
 void x509write_csr_init( x509write_csr *ctx )
 {
-    memset( ctx, 0, sizeof(x509write_csr) );
+    memset( ctx, 0, sizeof( x509write_csr ) );
 }
 
 void x509write_csr_free( x509write_csr *ctx )
@@ -59,7 +59,7 @@ void x509write_csr_free( x509write_csr *ctx )
     asn1_free_named_data_list( &ctx->subject );
     asn1_free_named_data_list( &ctx->extensions );
 
-    polarssl_zeroize( ctx, sizeof(x509write_csr) );
+    polarssl_zeroize( ctx, sizeof( x509write_csr ) );
 }
 
 void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg )
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1ab43c511..1cfa40295 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -165,7 +165,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
             TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
     }
 
-    ret = x509write_crt_pem( &crt, buf, sizeof(buf),
+    ret = x509write_crt_pem( &crt, buf, sizeof( buf ),
                              rnd_pseudo_rand, &rnd_info );
     TEST_ASSERT( ret == 0 );
 
@@ -173,8 +173,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
 
     f = fopen( cert_check_file, "r" );
     TEST_ASSERT( f != NULL );
-    olen = fread( check_buf, 1, sizeof(check_buf), f );
-    TEST_ASSERT( olen < sizeof(check_buf) );
+    olen = fread( check_buf, 1, sizeof( check_buf ), f );
+    TEST_ASSERT( olen < sizeof( check_buf ) );
     fclose( f );
 
     TEST_ASSERT( olen >= pem_len - 1 );

From a6cffa5eddb9315df2deabd1fb14760c2e354fcb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 5 Oct 2017 08:58:00 +0100
Subject: [PATCH 17/18] Adapt ChangeLog

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index e67e603d3..42e7d454c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,13 @@ Bugfix
    * Correct extraction of signature-type from PK instance in X.509 CRT and CSR
      writing routines that prevented these functions to work with alternative
      RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
+   * Don't print X.509 version tag for v1 CRT's, and omit extensions for
+     non-v3 CRT's.
+
+Changes
+   * Extend cert_write example program by options to set the CRT version
+     and the message digest. Further, allow enabling/disabling of authority
+     identifier, subject identifier and basic constraints extensions.
 
 = mbed TLS 1.3.21 branch released 2017-08-10
 

From d2e8affa66da0501842dba12c13708abae21354b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 28 Nov 2017 17:40:56 +0100
Subject: [PATCH 18/18] Add ChangeLog entry

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index a3171d7eb..eb392cc10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@ Bugfix
      encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
      to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
      KNOX Security, Samsung Research America
+   * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
 
 Changes
    * Avoid shadowing of time and index functions through mbed TLS function