mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-08 10:09:54 +00:00
Merge branch 'mbedtls-2.1'
This commit is contained in:
commit
35d0d94f5b
|
@ -30,9 +30,16 @@ Bugfix
|
|||
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
||||
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
||||
by inestlerode. #559.
|
||||
* Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
|
||||
data structure until after error checks are successful. Found by
|
||||
subramanyam-c. #622
|
||||
* Fix documentation and implementation missmatch for function arguments of
|
||||
mbedtls_gcm_finish(). Found by cmiatpaar. #602
|
||||
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
|
||||
* Fix potential byte overread when verifying malformed SERVER_HELLO in
|
||||
ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken.
|
||||
* Fix check for validity of date when parsing in mbedtls_x509_get_time().
|
||||
Found by subramanyam-c. #626
|
||||
* Fix missing return code check after call to mbedtls_md_setup() that could
|
||||
result in usage of invalid md_ctx in mbedtls_rsa_rsaes_oaep_encrypt(),
|
||||
mbedtls_rsa_rsaes_oaep_decrypt(), mbedtls_rsa_rsassa_pss_sign() and
|
||||
|
|
|
@ -1226,6 +1226,15 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
cookie_len = *p++;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
|
||||
|
||||
if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||
( "cookie length does not match incoming message size" ) );
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
mbedtls_free( ssl->handshake->verify_cookie );
|
||||
|
||||
ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
|
||||
|
|
|
@ -75,6 +75,7 @@
|
|||
#endif
|
||||
|
||||
#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
|
||||
#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
|
||||
|
||||
/*
|
||||
* CertificateSerialNumber ::= INTEGER
|
||||
|
@ -484,6 +485,33 @@ static int x509_parse_int(unsigned char **p, unsigned n, int *res){
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int x509_date_is_valid(const mbedtls_x509_time *time)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
|
||||
|
||||
CHECK_RANGE( 0, 9999, time->year );
|
||||
CHECK_RANGE( 0, 23, time->hour );
|
||||
CHECK_RANGE( 0, 59, time->min );
|
||||
CHECK_RANGE( 0, 59, time->sec );
|
||||
|
||||
switch( time->mon )
|
||||
{
|
||||
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
|
||||
CHECK_RANGE( 1, 31, time->day );
|
||||
break;
|
||||
case 4: case 6: case 9: case 11:
|
||||
CHECK_RANGE( 1, 30, time->day );
|
||||
break;
|
||||
case 2:
|
||||
CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
|
||||
break;
|
||||
default:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Time ::= CHOICE {
|
||||
* utcTime UTCTime,
|
||||
|
@ -523,6 +551,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
|||
time->year += 100 * ( time->year < 50 );
|
||||
time->year += 1900;
|
||||
|
||||
CHECK( x509_date_is_valid( time ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
|
||||
|
@ -543,6 +573,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
|||
if( len > 14 && *(*p)++ != 'Z' )
|
||||
return( MBEDTLS_ERR_X509_INVALID_DATE );
|
||||
|
||||
CHECK( x509_date_is_valid( time ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
else
|
||||
|
@ -554,16 +586,18 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x
|
|||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
int tag_type;
|
||||
|
||||
if( ( end - *p ) < 1 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
|
||||
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
|
||||
|
||||
sig->tag = **p;
|
||||
tag_type = **p;
|
||||
|
||||
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
|
||||
|
||||
sig->tag = tag_type;
|
||||
sig->len = len;
|
||||
sig->p = *p;
|
||||
|
||||
|
|
|
@ -1,19 +1,29 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Run all available tests (mostly).
|
||||
# all.sh
|
||||
#
|
||||
# Warning: includes various build modes, so it will mess with the current
|
||||
# CMake configuration. After this script is run, the CMake cache is lost and
|
||||
# CMake is not initialised any more!
|
||||
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||
#
|
||||
# Assumes gcc and clang (recent enough for using ASan with gcc and MemSan with
|
||||
# clang, or valgrind) are available, as well as cmake and a "good" find.
|
||||
# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# To run all tests possible or available on the platform.
|
||||
#
|
||||
# Warning: the test is destructive. It includes various build modes and
|
||||
# configurations, and can and will arbitrarily change the current CMake
|
||||
# configuration. After this script has been run, the CMake cache will be lost
|
||||
# and CMake will no longer be initialised.
|
||||
#
|
||||
# The script assumes the presence of gcc and clang (recent enough for using
|
||||
# ASan with gcc and MemSan with clang, or valgrind) are available, as well as
|
||||
# cmake and a "good" find.
|
||||
|
||||
# Abort on errors (and uninitiliased variables)
|
||||
# Abort on errors (and uninitialised variables)
|
||||
set -eu
|
||||
|
||||
if [ -d library -a -d include -a -d tests ]; then :; else
|
||||
echo "Must be run from mbed TLS root" >&2
|
||||
err_msg "Must be run from mbed TLS root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -21,20 +31,34 @@ CONFIG_H='include/mbedtls/config.h'
|
|||
CONFIG_BAK="$CONFIG_H.bak"
|
||||
|
||||
MEMORY=0
|
||||
FORCE=0
|
||||
RELEASE=0
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-m*)
|
||||
MEMORY=${1#-m}
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: '$1'" >&2
|
||||
echo "Use the source, Luke!" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
# Default commands, can be overriden by the environment
|
||||
: ${OPENSSL:="openssl"}
|
||||
: ${OPENSSL_LEGACY:="$OPENSSL"}
|
||||
: ${GNUTLS_CLI:="gnutls-cli"}
|
||||
: ${GNUTLS_SERV:="gnutls-serv"}
|
||||
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
|
||||
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
|
||||
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
|
||||
|
||||
usage()
|
||||
{
|
||||
printf "Usage: $0\n"
|
||||
printf " -h|--help\t\tPrint this help.\n"
|
||||
printf " -m|--memory\t\tAdditional optional memory tests.\n"
|
||||
printf " -f|--force\t\tForce the tests to overwrite any modified files.\n"
|
||||
printf " -s|--seed\t\tInteger seed value to use for this test run.\n"
|
||||
printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n"
|
||||
printf " --out-of-source-dir=<path>\t\tDirectory used for CMake out-of-source build tests."
|
||||
printf " --openssl=<OpenSSL_path>\t\tPath to OpenSSL executable to use for most tests.\n"
|
||||
printf " --openssl-legacy=<OpenSSL_path>\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n"
|
||||
printf " --gnutls-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for most tests.\n"
|
||||
printf " --gnutls-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for most tests.\n"
|
||||
printf " --gnutls-legacy-cli=<GnuTLS_cli_path>\t\tPath to GnuTLS client executable to use for legacy tests.\n"
|
||||
printf " --gnutls-legacy-serv=<GnuTLS_serv_path>\t\tPath to GnuTLS server executable to use for legacy tests.\n"
|
||||
}
|
||||
|
||||
# remove built files as well as the cmake cache/config
|
||||
cleanup()
|
||||
|
@ -62,6 +86,134 @@ msg()
|
|||
echo "******************************************************************"
|
||||
}
|
||||
|
||||
err_msg()
|
||||
{
|
||||
echo "$1" >&2
|
||||
}
|
||||
|
||||
check_tools()
|
||||
{
|
||||
for TOOL in "$@"; do
|
||||
if ! `hash "$TOOL" >/dev/null 2>&1`; then
|
||||
err_msg "$TOOL not found!"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
--memory|-m*)
|
||||
MEMORY=${1#-m}
|
||||
;;
|
||||
--force|-f)
|
||||
FORCE=1
|
||||
;;
|
||||
--seed|-s)
|
||||
shift
|
||||
SEED="$1"
|
||||
;;
|
||||
--release-test|-r)
|
||||
RELEASE=1
|
||||
;;
|
||||
--out-of-source-dir)
|
||||
shift
|
||||
OUT_OF_SOURCE_DIR="$1"
|
||||
;;
|
||||
--openssl)
|
||||
shift
|
||||
OPENSSL="$1"
|
||||
;;
|
||||
--openssl-legacy)
|
||||
shift
|
||||
OPENSSL_LEGACY="$1"
|
||||
;;
|
||||
--gnutls-cli)
|
||||
shift
|
||||
GNUTLS_CLI="$1"
|
||||
;;
|
||||
--gnutls-serv)
|
||||
shift
|
||||
GNUTLS_SERV="$1"
|
||||
;;
|
||||
--gnutls-legacy-cli)
|
||||
shift
|
||||
GNUTLS_LEGACY_CLI="$1"
|
||||
;;
|
||||
--gnutls-legacy-serv)
|
||||
shift
|
||||
GNUTLS_LEGACY_SERV="$1"
|
||||
;;
|
||||
--help|-h|*)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ $FORCE -eq 1 ]; then
|
||||
rm -rf yotta/module "$OUT_OF_SOURCE_DIR"
|
||||
git checkout-index -f -q $CONFIG_H
|
||||
cleanup
|
||||
else
|
||||
|
||||
if [ -d yotta/module ]; then
|
||||
err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'"
|
||||
echo "You can either delete your work and retry, or force the test to overwrite the"
|
||||
echo "test by rerunning the script as: $0 --force"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "$OUT_OF_SOURCE_DIR" ]; then
|
||||
echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
|
||||
echo "You can either delete this directory manually, or force the test by rerunning"
|
||||
echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! git diff-files --quiet include/mbedtls/config.h; then
|
||||
echo $?
|
||||
err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. "
|
||||
echo "You can either delete or preserve your work, or force the test by rerunning the"
|
||||
echo "script as: $0 --force"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $RELEASE -eq 1 ]; then
|
||||
# Fix the seed value to 1 to ensure that the tests are deterministic.
|
||||
SEED=1
|
||||
fi
|
||||
|
||||
msg "info: $0 configuration"
|
||||
echo "MEMORY: $MEMORY"
|
||||
echo "FORCE: $FORCE"
|
||||
echo "SEED: ${SEED-"UNSET"}"
|
||||
echo "OPENSSL: $OPENSSL"
|
||||
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
|
||||
echo "GNUTLS_CLI: $GNUTLS_CLI"
|
||||
echo "GNUTLS_SERV: $GNUTLS_SERV"
|
||||
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
|
||||
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
|
||||
|
||||
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
|
||||
# we just export the variables they require
|
||||
export OPENSSL_CMD="$OPENSSL"
|
||||
export GNUTLS_CLI="$GNUTLS_CLI"
|
||||
export GNUTLS_SERV="$GNUTLS_SERV"
|
||||
|
||||
# Avoid passing --seed flag in every call to ssl-opt.sh
|
||||
[ ! -z ${SEED+set} ] && export SEED
|
||||
|
||||
# Make sure the tools we need are available.
|
||||
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \
|
||||
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \
|
||||
"arm-none-eabi-gcc" "armcc"
|
||||
|
||||
#
|
||||
# Test Suites to be executed
|
||||
#
|
||||
# The test ordering tries to optimize for the following criteria:
|
||||
# 1. Catch possible problems early, by running first tests that run quickly
|
||||
# and/or are more likely to fail than others (eg I use Clang most of the
|
||||
|
@ -93,7 +245,7 @@ cleanup
|
|||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: main suites and selftest (ASan build)" # ~ 50s
|
||||
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
|
@ -103,8 +255,6 @@ tests/ssl-opt.sh
|
|||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
tests/scripts/test-ref-configs.pl
|
||||
|
||||
# Most frequent issues are likely to be caught at this point
|
||||
|
||||
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
|
||||
make
|
||||
|
||||
|
@ -118,12 +268,13 @@ scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
|
|||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s
|
||||
msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
|
||||
tests/compat.sh -m 'ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||
tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||
OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
|
||||
|
||||
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
|
||||
tests/ssl-opt.sh
|
||||
|
@ -143,7 +294,7 @@ msg "test: ssl-opt.sh default (full config)" # ~ 1s
|
|||
tests/ssl-opt.sh -f Default
|
||||
|
||||
msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
|
||||
tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
|
||||
|
||||
msg "test/build: curves.pl (gcc)" # ~ 4 min
|
||||
cleanup
|
||||
|
@ -217,7 +368,6 @@ cleanup
|
|||
CC=gcc CFLAGS='-Werror -m32' make
|
||||
fi # x86_64
|
||||
|
||||
if which arm-none-eabi-gcc >/dev/null; then
|
||||
msg "build: arm-none-eabi-gcc, make" # ~ 10s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
@ -225,6 +375,7 @@ scripts/config.pl full
|
|||
scripts/config.pl unset MBEDTLS_NET_C
|
||||
scripts/config.pl unset MBEDTLS_TIMING_C
|
||||
scripts/config.pl unset MBEDTLS_FS_IO
|
||||
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
# following things are not in the default config
|
||||
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
|
||||
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
|
||||
|
@ -232,9 +383,7 @@ scripts/config.pl unset MBEDTLS_THREADING_C
|
|||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS=-Werror make lib
|
||||
fi # arm-gcc
|
||||
|
||||
if which armcc >/dev/null && armcc --help >/dev/null 2>&1; then
|
||||
msg "build: armcc, make"
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
@ -244,6 +393,7 @@ scripts/config.pl unset MBEDTLS_TIMING_C
|
|||
scripts/config.pl unset MBEDTLS_FS_IO
|
||||
scripts/config.pl unset MBEDTLS_HAVE_TIME
|
||||
scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
|
||||
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
# following things are not in the default config
|
||||
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
|
||||
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
|
||||
|
@ -251,13 +401,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
|
|||
scripts/config.pl unset MBEDTLS_THREADING_C
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
|
||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
|
||||
CC=armcc AR=armar WARNING_CFLAGS= make lib 2> armcc.stderr
|
||||
if [ -s armcc.stderr ]; then
|
||||
cat armcc.stderr
|
||||
exit 1;
|
||||
fi
|
||||
rm armcc.stderr
|
||||
fi # armcc
|
||||
CC=armcc AR=armar WARNING_CFLAGS= make lib
|
||||
|
||||
if which i686-w64-mingw32-gcc >/dev/null; then
|
||||
msg "build: cross-mingw64, make" # ~ 30s
|
||||
|
@ -317,6 +461,19 @@ fi
|
|||
|
||||
fi # MemSan
|
||||
|
||||
msg "build: cmake 'out-of-source' build"
|
||||
cleanup
|
||||
MBEDTLS_ROOT_DIR="$PWD"
|
||||
mkdir "$OUT_OF_SOURCE_DIR"
|
||||
cd "$OUT_OF_SOURCE_DIR"
|
||||
cmake "$MBEDTLS_ROOT_DIR"
|
||||
make
|
||||
|
||||
msg "test: cmake 'out-of-source' build"
|
||||
make test
|
||||
cd "$MBEDTLS_ROOT_DIR"
|
||||
rm -rf "$OUT_OF_SOURCE_DIR"
|
||||
|
||||
msg "Done, cleaning up"
|
||||
cleanup
|
||||
|
||||
|
|
|
@ -1476,3 +1476,39 @@ x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DA
|
|||
X509 File parse (trailing spaces, OK)
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt_file:"data_files/server7_trailing_space.crt":0
|
||||
|
||||
X509 Get time (UTC no issues)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
|
||||
|
||||
X509 Get time (Generalized Time no issues)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"99991231235959Z":0:9999:12:31:23:59:59
|
||||
|
||||
X509 Get time (UTC year without leap day)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"490229121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
||||
X509 Get time (UTC year with leap day)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000229121212Z":0:2000:2:29:12:12:12
|
||||
|
||||
X509 Get time (UTC invalid day of month #1)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"000132121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
||||
X509 Get time (UTC invalid day of month #2)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001131121212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
||||
X509 Get time (UTC invalid hour)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130241212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
||||
X509 Get time (UTC invalid min)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130236012Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
||||
X509 Get time (UTC invalid sec)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"001130235960Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/x509.h"
|
||||
#include "mbedtls/x509_crt.h"
|
||||
#include "mbedtls/x509_crl.h"
|
||||
#include "mbedtls/x509_csr.h"
|
||||
|
@ -590,6 +591,39 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
|
||||
void x509_get_time( int tag, char *time_str, int ret,
|
||||
int year, int mon, int day,
|
||||
int hour, int min, int sec )
|
||||
{
|
||||
mbedtls_x509_time time;
|
||||
unsigned char buf[17];
|
||||
unsigned char* start = buf;
|
||||
unsigned char* end = buf;
|
||||
|
||||
memset( &time, 0x00, sizeof( time ) );
|
||||
*end = (unsigned char)tag; end++;
|
||||
if( tag == MBEDTLS_ASN1_UTC_TIME )
|
||||
*end = 13;
|
||||
else
|
||||
*end = 15;
|
||||
end++;
|
||||
memcpy( end, time_str, (size_t)*(end - 1) );
|
||||
end += *(end - 1);
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
|
||||
if( ret == 0 )
|
||||
{
|
||||
TEST_ASSERT( year == time.year );
|
||||
TEST_ASSERT( mon == time.mon );
|
||||
TEST_ASSERT( day == time.day );
|
||||
TEST_ASSERT( hour == time.hour );
|
||||
TEST_ASSERT( min == time.min );
|
||||
TEST_ASSERT( sec == time.sec );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||
void x509_parse_rsassa_pss_params( char *hex_params, int params_tag,
|
||||
int ref_msg_md, int ref_mgf_md,
|
||||
|
|
Loading…
Reference in a new issue