Merge remote-tracking branch 'public/pr/2148' into mbedtls-2.7

* public/pr/2148:
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for ASN.1 bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Fix ASN1 bitstring writing
This commit is contained in:
Simon Butcher 2019-03-01 13:09:04 +00:00
commit 6728797f02
20 changed files with 356 additions and 113 deletions

View file

@ -9,6 +9,12 @@ Bugfix
* Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
* Reduce stack usage of `mpi_write_hlp()` by eliminating recursion.
Fixes #2190.
* Ensure that unused bits are zero when writing ASN.1 bitstrings when using
mbedtls_asn1_write_bitstring().
* Fix issue when writing the named bitstrings in KeyUsage and NsCertType
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610.
Changes
* Include configuration file in all header files that use configuration,

View file

@ -189,24 +189,27 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
const char *text, size_t text_len );
/**
* \brief Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
* \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
* value in ASN.1 format.
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf the bitstring
* \param bits the total number of bits in the bitstring
* \note This function works backwards in data buffer.
*
* \return the length written or a negative error code
* \param p The reference to the current position pointer.
* \param start The start of the buffer, for bounds-checking.
* \param buf The bitstring to write.
* \param bits The total number of bits in the bitstring.
*
* \return The number of bytes written to \p p on success.
* \return A negative error code on failure.
*/
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits );
/**
* \brief Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
* and value in ASN.1 format.
*
* \note This function works backwards in data buffer.
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)

View file

@ -205,6 +205,14 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty
* \param key_usage key usage flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*
* \note The <code>decipherOnly</code> flag from the Key Usage
* extension is represented by bit 8 (i.e.
* <code>0x8000</code>), which cannot typically be represented
* in an unsigned char. Therefore, the flag
* <code>decipherOnly</code> (i.e.
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
* function.
*/
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );

View file

@ -294,22 +294,28 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits )
{
int ret;
size_t len = 0, size;
size_t len = 0;
size_t unused_bits, byte_len;
size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
byte_len = ( bits + 7 ) / 8;
unused_bits = ( byte_len * 8 ) - bits;
// Calculate byte length
//
if( *p < start || (size_t)( *p - start ) < size + 1 )
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
len = size + 1;
(*p) -= size;
memcpy( *p, buf, size );
len = byte_len + 1;
// Write unused bits
//
*--(*p) = (unsigned char) (size * 8 - bits);
/* Write the bitstring. Ensure the unused bits are zeroed */
if( byte_len > 0 )
{
byte_len--;
*--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
( *p ) -= byte_len;
memcpy( *p, buf, byte_len );
}
/* Write unused bits */
*--( *p ) = (unsigned char)unused_bits;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );

View file

@ -222,26 +222,51 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
}
#endif /* MBEDTLS_SHA1_C */
static size_t crt_get_unused_bits_for_named_bitstring( unsigned char bitstring,
size_t bit_offset )
{
size_t unused_bits;
/* Count the unused bits removing trailing 0s */
for( unused_bits = bit_offset; unused_bits < 8; unused_bits++ )
if( ( ( bitstring >> unused_bits ) & 0x1 ) != 0 )
break;
return( unused_bits );
}
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage )
{
unsigned char buf[4], ku;
unsigned char *c;
int ret;
size_t unused_bits;
const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
MBEDTLS_X509_KU_NON_REPUDIATION |
MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
MBEDTLS_X509_KU_KEY_AGREEMENT |
MBEDTLS_X509_KU_KEY_CERT_SIGN |
MBEDTLS_X509_KU_CRL_SIGN;
/* We currently only support 7 bits, from 0x80 to 0x02 */
if( ( key_usage & ~0xfe ) != 0 )
/* Check that nothing other than the allowed flags is set */
if( ( key_usage & ~allowed_bits ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
c = buf + 4;
ku = (unsigned char) key_usage;
ku = (unsigned char)key_usage;
unused_bits = crt_get_unused_bits_for_named_bitstring( ku, 1 );
ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 8 - unused_bits );
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
if( ret < 0 )
return( ret );
else if( ret < 3 || ret > 4 )
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
1, buf, 4 );
1, c, (size_t)ret );
if( ret != 0 )
return( ret );
@ -253,16 +278,22 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
{
unsigned char buf[4];
unsigned char *c;
size_t unused_bits;
int ret;
c = buf + 4;
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
unused_bits = crt_get_unused_bits_for_named_bitstring( ns_cert_type, 0 );
ret = mbedtls_asn1_write_bitstring( &c,
buf,
&ns_cert_type,
8 - unused_bits );
if( ret < 3 || ret > 4 )
return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
0, buf, 4 );
0, c, (size_t)ret );
if( ret != 0 )
return( ret );

View file

@ -85,20 +85,39 @@ int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
0, val, val_len );
}
static size_t csr_get_unused_bits_for_named_bitstring( unsigned char bitstring,
size_t bit_offset )
{
size_t unused_bits;
/* Count the unused bits removing trailing 0s */
for( unused_bits = bit_offset; unused_bits < 8; unused_bits++ )
if( ( ( bitstring >> unused_bits ) & 0x1 ) != 0 )
break;
return( unused_bits );
}
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
{
unsigned char buf[4];
unsigned char *c;
size_t unused_bits;
int ret;
c = buf + 4;
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
unused_bits = csr_get_unused_bits_for_named_bitstring( key_usage, 0 );
ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 8 - unused_bits );
if( ret < 0 )
return( ret );
else if( ret < 3 || ret > 4 )
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
buf, 4 );
c, (size_t)ret );
if( ret != 0 )
return( ret );
@ -110,16 +129,25 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
{
unsigned char buf[4];
unsigned char *c;
size_t unused_bits;
int ret;
c = buf + 4;
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
unused_bits = csr_get_unused_bits_for_named_bitstring( ns_cert_type, 0 );
ret = mbedtls_asn1_write_bitstring( &c,
buf,
&ns_cert_type,
8 - unused_bits );
if( ret < 0 )
return( ret );
else if( ret < 3 || ret > 4 )
return( ret );
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
buf, 4 );
c, (size_t)ret );
if( ret != 0 )
return( ret );

View file

@ -63,7 +63,10 @@ int main( void )
#define DFL_OUTPUT_FILENAME "cert.req"
#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
#define DFL_KEY_USAGE 0
#define DFL_FORCE_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
#define DFL_FORCE_NS_CERT_TYPE 0
#define DFL_MD_ALG MBEDTLS_MD_SHA256
#define USAGE \
"\n usage: cert_req param=<>...\n" \
@ -81,6 +84,8 @@ int main( void )
" key_agreement\n" \
" key_cert_sign\n" \
" crl_sign\n" \
" force_key_usage=0/1 default: off\n" \
" Add KeyUsage even if it is empty\n" \
" ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" ssl_client\n" \
@ -90,6 +95,13 @@ int main( void )
" ssl_ca\n" \
" email_ca\n" \
" object_signing_ca\n" \
" force_ns_cert_type=0/1 default: off\n" \
" Add NsCertType even if it is empty\n" \
" md=%%s default: SHA256\n" \
" possible values:\n" \
" MD4, MD5, SHA1\n" \
" SHA224, SHA256\n" \
" SHA384, SHA512\n" \
"\n"
/*
@ -102,7 +114,10 @@ struct options
const char *output_file; /* where to store the constructed key file */
const char *subject_name; /* subject name for certificate request */
unsigned char key_usage; /* key usage flags */
int force_key_usage; /* Force adding the KeyUsage extension */
unsigned char ns_cert_type; /* NS cert type */
int force_ns_cert_type; /* Force adding NsCertType extension */
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
@ -151,7 +166,6 @@ int main( int argc, char *argv[] )
* Set to sane values
*/
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
@ -168,7 +182,10 @@ int main( int argc, char *argv[] )
opt.output_file = DFL_OUTPUT_FILENAME;
opt.subject_name = DFL_SUBJECT_NAME;
opt.key_usage = DFL_KEY_USAGE;
opt.force_key_usage = DFL_FORCE_KEY_USAGE;
opt.ns_cert_type = DFL_NS_CERT_TYPE;
opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
opt.md_alg = DFL_MD_ALG;
for( i = 1; i < argc; i++ )
{
@ -192,6 +209,54 @@ int main( int argc, char *argv[] )
{
opt.subject_name = q;
}
else if( strcmp( p, "md" ) == 0 )
{
if( strcmp( q, "SHA256" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_SHA256;
}
else if( strcmp( q, "SHA224" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_SHA224;
}
else
#if defined(MBEDTLS_MD5_C)
if( strcmp( q, "MD5" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_MD5;
}
else
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_MD4_C)
if( strcmp( q, "MD4" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_MD4;
}
else
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_SHA1_C)
if( strcmp( q, "SHA1" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_SHA1;
}
else
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA512_C)
if( strcmp( q, "SHA384" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_SHA384;
}
else
if( strcmp( q, "SHA512" ) == 0 )
{
opt.md_alg = MBEDTLS_MD_SHA512;
}
else
#endif /* MBEDTLS_SHA512_C */
{
goto usage;
}
}
else if( strcmp( p, "key_usage" ) == 0 )
{
while( q != NULL )
@ -219,6 +284,15 @@ int main( int argc, char *argv[] )
q = r;
}
}
else if( strcmp( p, "force_key_usage" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.force_key_usage = 0; break;
case 1: opt.force_key_usage = 1; break;
default: goto usage;
}
}
else if( strcmp( p, "ns_cert_type" ) == 0 )
{
while( q != NULL )
@ -246,14 +320,25 @@ int main( int argc, char *argv[] )
q = r;
}
}
else if( strcmp( p, "force_ns_cert_type" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.force_ns_cert_type = 0; break;
case 1: opt.force_ns_cert_type = 1; break;
default: goto usage;
}
}
else
goto usage;
}
if( opt.key_usage )
mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
if( opt.key_usage || opt.force_key_usage == 1 )
mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
if( opt.ns_cert_type )
if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
/*

View file

@ -14,6 +14,7 @@
OPENSSL ?= openssl
FAKETIME ?= faketime
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
@ -701,6 +702,37 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
# server5*
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1: server5.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server5.req.ku.sha1
################################################################
### Generate CSRs for X.509 write test suite
################################################################
server1.req.cert_type: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server1.req.cert_type
server1.req.key_usage: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server1.req.key_usage
server1.req.ku-ct: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server1.req.ku-ct
server1.req.key_usage_empty: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
all_final += server1.req.key_usage_empty
server1.req.cert_type_empty: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
all_final += server1.req.cert_type_empty
################################################################
### Generate certificates for CRT write check tests
################################################################

View file

@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
AEAwDQYJKoZIhvcNAQEFBQADggEBAJ28VuktjDGkUWcVpM/W+YjohFDay676Yozx
BbBLU3QZiDkcdXZbX/jOaKKBGWrjWiB6txchV4XrlvEtVtPgPrQLil2xaD20LOqJ
e/ZEFIAIndf06CAcimdQaPD6mww04v3gZw3cwPQd/aMQCw9tm93tyf6YU4uIh/o8
evG1ZBrNHRyiW18kbuueLNZ2daYQIISRJSIFrAERacfOvA8r7yXJCqZnB6AU5j9u
V+ySNW3sdZIOTfs1nWKU6SECWo72dd89Yvs7wCf3NSZNM2UemLeOjQOmZIHBiR8L
PAhDxhra5B/QBKaWeTVQohEvKz75pLAWouUGIKlgHiqJ4cvBGcg=
BkAwDQYJKoZIhvcNAQEFBQADggEBAL+IvLnq101fUrpfWA1s9HhyOrnJH+N2gO1F
6UnLmDw4NuX9pttIK60Xesb5pEhtU76y2hP2EAICe8tTQgGgZG4MW4TxIvAliuHl
qvUB/lfmAAGJoQ9WrKriL90IxcKnH3I4aIzNyG2TSIHYo6L8FXVoSrPAuL3X133D
JF6Ie0H8GUK7UOY0pZ0c6x8LCium4Ho/1UNfouSW3x7uq8gEz8lUn2blWUr0HlQr
HDyxTV4tjZ1jKPh0VHYBmcpxdNbObK4NRZanYRKAUCIUCD+kHi67akMAukv0qjbm
Y8DPy+gTLyl89BHnXDR/xCzlta5KkG1oKh3jgV7QQ6BS2+mR7+4=
-----END CERTIFICATE-----

View file

@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
jz0b2l4=
BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADggEBADAWS7qdGNShzKm+
AO7vfM3/+6YyIq7Jelm4T7n1GkmiGJ0bf2KhX3ohvaRz5gl0165teWVhLAivaIqB
lK3wLU9TSEaLAtgCMxw+TZhq11qq07FuaawH3nbdMAo4qA2UT0eu2CM1NJjgg8iL
b5FYGwsNcaCmmQYWVRbKlqkA1VNY2p/4PDn8xgRcgVgmqrHf7BUrEPoRA5RXBAhM
huceZxFpA+15x789xKUZHmMoOYvDeZNYw2Fg6Dk4jV403kxzrcP8sSx8Abu6aROb
b2ktuUS5hS8FjrbhDgeosDTU10PQR0Ov9LpMYO4WshkYUBpgC3pSR81pGOKxJuuH
8EV3rhc=
-----END CERTIFICATE-----

View file

@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw
DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs
tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon
p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims
7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM
nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY
ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo=
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
DQYJKoZIhvcNAQEFBQADggEBAFqG4NbAqtsec3lFOiUDKQiGmMCO4Yq3NHhnRWkD
e9r9jWo+gfLgfUJKe02a76ciE5forJRFxG4+pa3Lo38WsF5/2YRz3IfQLOjcK6c6
DdHrTEsPXgdqhVYJZgZbCeD5Yu5YBXlegGOrlXB9+71BKX0H+AkrR2oXsdg/31Kn
R17yP84tLucQpLdh079ecE8QTZ/21n0VTag6fQFHMeMY35MWkT4K6eRrz/Dta2tm
keHSq/coKsmm0poYPzoMPcbh/D+kSa05Ut03NL2Y+2Q9uTjv5/K/zOgGef/mJbV2
QxB+1as+WLTtpwc20IqAz3PVBoxbRyN2Z6vjiqqAzGlfB4M=
-----END CERTIFICATE-----

View file

@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
JTo=
BgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBALIkgZjEfQcV7d7zovec
tNVvaPO5hSE8kDVjMCdUZsKgZjMxpY8gJ4CLNIOamkIqN8sSd1zdhdexMdn3iE/O
z5y3rQBQLs8UjLippm3abKksKrpTEkM9x7Z1X8KS7GOrnOgBWLzoE9D4F/2ay7yk
H57qRUXEw1NlnAwKYS6hmEwf497szNKXvgr7MGbahQ/N+WfQbILW6+OSUttuoDrD
t2uBZsGAVQGDzcQGyOuo7k8CE0D62HHZqA+ZPo/xicvyTbkk+lUfY6q6QA8sojaU
2LuU0nBtd+LmY8odaUsQItwbIyfYZrZbXKruevVHfMKb9VuoYj6anA5jEl0pe7wN
Tu0=
-----END CERTIFICATE-----

View file

@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV
MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N
Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM
FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb
SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc
Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW
dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM
kPBVna0dze/o
MBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4IBAQBfm+BA0PSA
9EFSFgdVODuBtjVoe+RzjiwrHVjja9/GAMurams5WSeJ0g3n0QJuNPf4m3vpSgQE
qXZrkn2aNYSRPipiPYFUj0NMvji2gmyzmvy6VJyyerZ/saPfuySiVSJbCycA88/V
vSv93qVHQ7QGwXlwg5dkhw4VNn1NK5CtA0DSEsGITKhdLZUZKkEdylwdjFdi+NTf
Qx/LQ+cEECBM31s/88C6+ynd4ni42/YYRRcpj5+4TAyKt+nl9a0osrR1y3MmBeo3
/9s9QEIpXPHMJnJDVq0q03FZwAkgGTaKI8bRsf125eh1CSBynvC6vC+LJSkPrW9g
HUYYkPMQiQ2C
-----END CERTIFICATE REQUEST-----

View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpDCCAYwCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAjMCEGCSqGSIb3DQEJDjEU
MBIwEAYJYIZIAYb4QgEBBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAFsbkVHizurV
Ub9uDSTEEFm7R/TcCYjqAbP243sEOVfyCwZh49E7hrjq7lp1n/myILHX+keaxKEY
hUq9B0Rpa61H5lTJPG3Iy1mDHcF0et4cPkDEsQw4GgjZ/A0RCNfYD+OZLATsDKMy
AgGCZcYhjoL/8iZaYljfuE+a8Bo3xMePo+jignUhB+hEK2cNmUN2m7HqT22Ba4ag
eJQtY0NUmBoXGJlNaDbzO79mwLl0HHxDmanLVnSzKXqzrH4U0fuoGZFuxY7Dn7AM
vJujuWOxN1FtHOfJIimnVepuEG6wvDXMLgEPJTXSKbW6CMTgaz6fudEZzgVB6OKR
zIbUGFi6kLg=
-----END CERTIFICATE REQUEST-----

View file

@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP
MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ
FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq
7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD
odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY
cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF
vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY
NalC
MA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4IBAQCn0RjrgOyNn5ZQ9Hfn
zhN5q7EAMBYdKBQayeJQQkmreqTdzG/rCHZtt3bIZ/8SWIPNiIOkvsnsGzdBLp8B
zAAwINhcDIQtIQVObgTLZmvC1syjXfjdH02mYKAccP9OxlnWIVivSPRp9jr9IwYO
cnT6pzGvP/RWoQen+DougM2WwiZ8YJTrtoe8DlzDq+hbTgoGeQuEGhOnxMlkiLzs
+g6yoi/1F3nsUwJI+QhBxG7Xf74gCCHZckCtSs2MBEavhcPu7o9QjuWR0YFRTaCf
5uBL7/gNIVmrWnsQLcH1+DexxzW7lPBN1iFXUXNcweoo0fX3ykkvBYdKKicF7bM1
zZzQ
-----END CERTIFICATE REQUEST-----

View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICnjCCAYYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAdMBsGCSqGSIb3DQEJDjEO
MAwwCgYDVR0PBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAHkw230TfJnAoc+6j/5R
oGfXR92g/k2DTlDaFQywO2j03h97isp47bEq/peOlKhAuMA+aHt5n8J1w6eWsr8B
VpoQ079jDnMtlLVAtgsEAjhwEPZchB9oZzfGztzBC4kVKchMGiSHLVQptIM3DiOT
/5JBlfGkAfap4V4V6qRYiNESBSpEdU/wGctg4ELgQgdpRSlqRud2LgClmMy3+A3o
rHjyAY+1oANNNOV+TBwA58OKqwsniyqmSWkhlj4c0O4n8FdE+o1eKyrsQfH9LBx7
DBo2ilAkp0O/+G0n9Wisov2i6QuOraxW3g5/YBdfrqoVpJ5+8YZvoSGJFYDYoWvN
CvU=
-----END CERTIFICATE REQUEST-----

View file

@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi
MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF
AAOCAQEANlNG9hW852OzVKj2Z8TtU9jxstAoSCH9yc9Coj4Vw2TTjs1zcuBWsMl1
2bf2I6ZvEH6ZhcQY7i7nyHQyPlqE4l6U9D8ct967QN7smuAHNY2HiQ2++eCBTHck
PdtGJAzIvNlXcoqNi8UC5fGepNtI1usNo41SKMvbg6nGA5gdcQKk7CVlk8lrD0qI
Xn/HvjSRoDE4ZGxAtNvPXWorGSxtgcy8EMPoXVUab5fNt8q//x/NQ4yEQKPrexmR
IuOiQ8VW8QZtkORGpZbGSvskU0WfKANui4zCcXYRc4mVR4Wf0C+fyHeihhjslSnT
RbC7nQn5HSHp31qJlr80QodywaK1Dg==
MCAwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUF
AAOCAQEAKIF06WMMbkfDi6z3FzG0OVqGVgCIdQjJUK2S8VrVXJ74goM8SD7jp2RC
2d5nszk0do3ruAqaI3YOk5U9HQR0qHMSXEcAeB/qqIYWXrlZKacdzSk6vd88VC01
uAWBSE2IQ4TWPSiWLCN54VtO8AXuF5wJgjGOh4yixVqKzcQh5b+mJs3e7cgMsC5a
3iPt0EemCT+irT4cXtcJe9/DAvnvvvCZ5UCcvc3shBIA5pBsOOmd1yCYCbxrq3aL
PhFf/vbbf9eORMwWsqOWopnRgBkPpVnTu9G27t/Nyjencjfk8NEaM9q8YnF0x5lD
elCFyt+HGwoCeOBN9odfQmKQpW+eGg==
-----END CERTIFICATE REQUEST-----

View file

@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY
MIIBFzCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY
BgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
AgHAMAsGByqGSM49BAEFAANIADBFAiBjnnD7nwsFnCL+MpPPFJE3K/Tgj+5rAgXj
e5UejDX2CAIhAKdbigWJL/ZatvG9CFHq7ykrRns2x8JEXehWu8DsXdx9
AgbAMAsGByqGSM49BAEFAANJADBGAiEAmhkNVnF6mGzzyHxGMMuUM2tYw5/y5tlF
3424Bs7DbG8CIQCJteTtpZ8RJ7PjpxcmVpP4fcYHFTR50zoc9jOV0AYPLQ==
-----END CERTIFICATE REQUEST-----

View file

@ -1,78 +1,86 @@
Certificate Request check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
Certificate Request check Server1 SHA224
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
Certificate Request check Server1 SHA256
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
Certificate Request check Server1 SHA384
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
Certificate Request check Server1 SHA512
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
Certificate Request check Server1 MD4
depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
Certificate Request check Server1 MD5
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
Certificate Request check Server1 key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
Certificate Request check Server1 key_usage empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
Certificate Request check Server1 ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
Certificate Request check Server1 ns_cert_type empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
Certificate Request check Server1 key_usage + ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
Certificate Request check Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0

View file

@ -35,8 +35,9 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
void x509_csr_check( char *key_file, char *cert_req_check_file,
int md_type, int key_usage, int cert_type )
void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
int key_usage, int set_key_usage, int cert_type,
int set_cert_type )
{
mbedtls_pk_context key;
mbedtls_x509write_csr req;
@ -58,9 +59,9 @@ void x509_csr_check( char *key_file, char *cert_req_check_file,
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
if( key_usage != 0 )
if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
if( cert_type != 0 )
if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
@ -99,7 +100,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int cert_type, int auth_ident,
int md_type, int key_usage, int set_key_usage,
int cert_type, int set_cert_type, int auth_ident,
int ver, char *cert_check_file, int rsa_alt )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
@ -167,9 +169,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
if( auth_ident )
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
if( key_usage != 0 )
if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
if( cert_type != 0 )
if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
}