mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 11:05:39 +00:00
Merge branch 'pr_1352' into mbedtls-2.7-proposed
This commit is contained in:
commit
420386d61d
|
@ -6,6 +6,9 @@ Bugfix
|
||||||
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
* Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
|
||||||
Fixes #1358.
|
Fixes #1358.
|
||||||
* Fix test_suite_pk to work on 64-bit ILP32 systems. #849
|
* Fix test_suite_pk to work on 64-bit ILP32 systems. #849
|
||||||
|
* Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
|
||||||
|
with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
|
||||||
|
In the context of SSL, this resulted in handshake failure. #1351
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Fix tag lengths and value ranges in the documentation of CCM encryption.
|
* Fix tag lengths and value ranges in the documentation of CCM encryption.
|
||||||
|
|
|
@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
|
||||||
/* Only ECDSA */
|
/* Only ECDSA */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
|
||||||
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
/* Only NIST P-256 and P-384 */
|
/* Only NIST P-256 and P-384 */
|
||||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
|
||||||
|
|
|
@ -735,6 +735,26 @@ X509 Certificate verification #87 (Expired CA and invalid CA)
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
|
||||||
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #88 (Suite B invalid, EC cert, RSA CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||||
|
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #89 (Suite B invalid, RSA cert, EC CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
|
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #90 (Suite B Valid, EC cert, EC CA)
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
|
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #91 (next profile Invalid Cert SHA224 Digest)
|
||||||
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
|
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
|
||||||
|
|
||||||
|
X509 Certificate verification #92 (next profile Valid Cert SHA256 Digest)
|
||||||
|
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||||
|
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL"
|
||||||
|
|
||||||
X509 Certificate verification callback: trusted EE cert
|
X509 Certificate verification callback: trusted EE cert
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"
|
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"
|
||||||
|
|
|
@ -250,6 +250,10 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||||
|
|
||||||
if( strcmp( profile_str, "default" ) == 0 )
|
if( strcmp( profile_str, "default" ) == 0 )
|
||||||
profile = &mbedtls_x509_crt_profile_default;
|
profile = &mbedtls_x509_crt_profile_default;
|
||||||
|
else if( strcmp( profile_str, "next" ) == 0 )
|
||||||
|
profile = &mbedtls_x509_crt_profile_next;
|
||||||
|
else if( strcmp( profile_str, "suite_b" ) == 0 )
|
||||||
|
profile = &mbedtls_x509_crt_profile_suiteb;
|
||||||
else if( strcmp( profile_str, "compat" ) == 0 )
|
else if( strcmp( profile_str, "compat" ) == 0 )
|
||||||
profile = &compat_profile;
|
profile = &compat_profile;
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue