yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-08-08 06:41:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'development' into beta-release-restricted

Browse source 
* development:
  Bump yotta patch version
  Merging iotssl-457-badtail with development branch
  Moe top-level Readme to markdown
  Changelog entry fro the previous commit
  Add NULL checks to top-level SSL functions
  Skip to trusted certs early in the chain
  Add tests for verify callback
  Improve mbedtls_ssl_write() documentation
  Add mbedtls_ssl_get_max_frag_len()
  Print "thread ID" in debug messages
  Only use -Wshadow with GCC 4.8 or higher
  Fix error reporting in pkey/pk_* programs
  Fix more comments/outputs in verify programs
  Fix hash buffer size in pkey programs
  Change default RSA key size in rsa_genkey
  Fix comments about filenames in some programs
  Fix memory corruption in rsa sign/verify programs
  Fix warning with MD/SHA ALT implementation
  Fix handling of long PSK identities
  Fix -Wshadow warnings
This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-03 16:45:58 +02:00
parent e0eedac5e9 f9c599cd8a
commit b8834d313d
44 changed files with 1006 additions and 336 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CMakeLists.txt
View file

@ -29,6 +29,9 @@ if(CMAKE_COMPILER_IS_GNUCC)
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
endif()
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
@ -39,7 +42,7 @@ if(CMAKE_COMPILER_IS_GNUCC)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")

14
ChangeLog
View file

@ -29,12 +29,26 @@ Bugfix
* Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could
result trying to unlock an unlocked mutex on invalid input (found by
Fredrik Axelsson) (#257)
* Fix -Wshadow warnings (found by hnrkp) (#240)
* Fix memory corruption on client with overlong PSK identity, around
SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by
Aleksandrs Saveljevs) (#238)
* Fix unused function warning when using MBEDTLS_MDx_ALT or
MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
* Fix memory corruption in pkey programs (found by yankuncheng) (#210)
Changes
* The PEM parser now accepts a trailing space at end of lines (#226).
* It is now possible to #include a user-provided configuration file at the
end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
compiler's command line.
* When verifying a certificate chain, if an intermediate certificate is
trusted, no later cert is checked. (suggested by hannes-landeholm)
(#220).
* Prepend a "thread identifier" to debug messages (issue pointed out by
Hugo Leisink) (#210).
* Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
length.
= mbed TLS 2.0.0 released 2015-07-13

172
README.md Normal file
View file

@ -0,0 +1,172 @@
README for mbed TLS
===================
Configuration
-------------
mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
Compiler options can be set using standard variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
Compiling
---------
There are currently four active build systems within the mbed TLS releases:
- yotta
- Make
- CMake
- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
The main systems used for development are CMake and yotta. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and yotta build system, but some features are not ported there by default.
Please note that the yotta option is slightly different from the other build systems:
- a more minimalistic configuration file is used by default
- depending on the yotta target, features of mbed OS will be used in examples and tests
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
### Yotta
[yotta](http://yottabuild.org) is a package manager and build system developped by mbed; it is the build system of mbed OS. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
Once yotta is installed, you can use it to download the latest version of mbed TLS form the yotta registry with:
yotta install mbedtls
and build it with:
yotta build
If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our github repository, or from downloading a tarball of the standalone edition, then you'll need first need to generate the yotta module by running:
yotta/create-module.sh
from the mbed TLS root directory. This will create the yotta module in the `yotta/module` directory. You can then change to that directory and build as usual:
cd yotta/module
yotta build
In any case, you'll probably want to set the yotta target before building unless it's already set globally; for more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
The yotta edition of mbed TLS includes a few example programs, some of which demonstrate integration with mbed OS; for more details, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
### Make
We intentionally only use the absolute minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make on different platforms. As such, the Makefiles sometimes require some handwork or export statements in order to work for your platform.
In order to build the source using Make, just enter at the command line:
make
In order to run the tests, enter:
make check
The tests need Perl to be built and run. If you don't have Perl installed, you can skip buiding the tests with:
make no_test
You'll still be able to run a much smaller set of tests with:
programs/test/selftest
In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
In case you find that you need to do something else as well, please let us know what, so we can add it to the KB.
### CMake
In order to build the source using CMake, just enter at the command line:
cmake .
make
In order to run the tests, enter:
make test
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
cmake -DENABLE_TESTING=Off .
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
programs/test/selftest
To configure CMake for building shared libraries, use:
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
- Release. This generates the default code without any unnecessary information in the binary files.
- Debug. This generates debug information and disables optimization of the code.
- Coverage. This generates code coverage information in addition to debug information.
- ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
- ASanDbg. Same as ASan but slower, with debug information and better stack traces.
- MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
- MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
- Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line:
cmake -D CMAKE_BUILD_TYPE=Debug .
To list other available CMake options, use:
cmake -LH
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find):
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
### Microsoft Visual Studio
The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the selftest program in `programs/test/` is still available.
Example programs
----------------
We've included example programs for a lot of different features and uses in `programs/`. Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
Tests
-----
mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
- `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
Configurations
--------------
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
Contributing
------------
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
- Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
- For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
### Process
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog :)

199
README.rst
View file

@ -1,199 +0,0 @@
===================
README for mbed TLS
===================
Configuration
=============
mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file *include/mbedtls/config.h*, which is also the place where features can be selected.
This file can be edited manually, or in a more programmatic way using the Perl
script *scripts/config.pl* (use *--help* for usage instructions).
Compiler options can be set using standard variables such as *CC* and *CFLAGS* when using the Make and CMake build system (see below).
Compiling
=========
There are currently four active build systems within the mbed TLS releases:
- yotta
- Make
- CMake
- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
The main systems used for development are CMake and yotta. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and yotta build system, but some features are not ported there by default.
Please note that the yotta option is slightly different from the other build systems:
- a more minimalistic configuration file is used by default
- depending on the yotta target, features of mbed OS will be used in examples and tests
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using `dlopen()`, you'll need to load `libmbedcrypto` first, then `libmbedx509`, before you can load `libmbedtls`.
Yotta
-----
`yotta <http://yottabuild.org>` is a package manager and build system developped by mbed; it is the build system of mbed OS. To install it on your platform, please follow the `yotta installation instructions <http://docs.yottabuild.org/#installing>`.
Once yotta is installed, you can use it to download the latest version of mbed TLS form the yotta registry with::
yotta install mbedtls
and build it with::
yotta build
If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our github repository, or from downloading a tarball of the standalone edition, then you'll need first need to generate the yotta module by running::
yotta/create-module.sh
from the mbed TLS root directory. This will create the yotta module in the *yotta/module* directory. You can then change to that directory and build as usual::
cd yotta/module
yotta build
In any case, you'll probably want to set the yotta target before building unless it's already set globally; for more information on using yotta, please consult the `yotta documentation <http://docs.yottabuild.org/>`.
The yotta edition of mbed TLS includes a few example programs, some of which demonstrate integration with mbed OS; for more details, please consult the `Readme at the root of the yotta module <https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md>`.
Make
----
We intentionally only use the absolute minimum of **Make** functionality, as we have discovered that a lot of **Make** features are not supported on all different implementations of Make on different platforms. As such, the Makefiles sometimes require some handwork or `export` statements in order to work for your platform.
In order to build the source using Make, just enter at the command line::
make
In order to run the tests, enter::
make check
The tests need Perl to be built and run. If you don't have Perl installed, you can skip buiding the tests with::
make no_test
You'll still be able to run a much smaller set of tests with::
programs/test/selftest
In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
Setting the variable SHARED in your environment will build shared libraries in addition to the static libraries. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://tls.mbed.org/kb>`_ for articles on your platform or issue.
In case you find that you need to do something else as well, please let us know what, so we can add it to the KB.
CMake
-----
In order to build the source using CMake, just enter at the command line::
cmake .
make
In order to run the tests, enter::
make test
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with::
cmake -DENABLE_TESTING=Off .
If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with::
programs/test/selftest
To configure CMake for building shared libraries, use::
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
- Release.
This generates the default code without any unnecessary information in the binary files.
- Debug.
This generates debug information and disables optimization of the code.
- Coverage.
This generates code coverage information in addition to debug information.
- ASan.
This instruments the code with AddressSanitizer to check for memory errors.
(This includes LeakSanitizer, with recent version of gcc and clang.)
(With recent version of clang, this mode also instruments the code with
UndefinedSanitizer to check for undefined behaviour.)
- ASanDbg.
Same as ASan but slower, with debug information and better stack traces.
- MemSan.
This instruments the code with MemorySanitizer to check for uninitialised
memory reads. Experimental, needs recent clang on Linux/x86_64.
- MemSanDbg.
Same as MemSan but slower, with debug information, better stack traces and
origin tracking.
- Check.
This activates the compiler warnings that depend on optimization and treats
all warnings as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line::
cmake -D CMAKE_BUILD_TYPE=Debug .
To list other available CMake options, use::
cmake -LH
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
Microsoft Visual Studio
-----------------------
The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
The solution file 'mbedTLS.sln' contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well. However, the `selftest` program in *programs/test/* is still available.
Example programs
================
We've included example programs for a lot of different features and uses in *programs/*. Most programs only focus on a single feature or usage scenario, so keep that in mind when copying parts of the code.
Tests
=====
mbed TLS includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generated from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the test functions. The **data file** contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
- *tests/scripts/test-ref-configs.pl* test builds in various reduced configurations.
- *tests/scripts/all.sh* runs a combination of the above tests, plus some more, with various build options (such as ASan, full *config.h*, etc).
Configurations
==============
We provide some non-standard configurations focused on specific use cases in the configs/ directory. You can read more about those in configs/README.txt
Contributing
============
We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
- Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
- For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
Process
-------
#. `Check for open issues <https://github.com/ARMmbed/mbedtls/issues>`_ or
`start a discussion <https://tls.mbed.org/discussions>`_ around a feature
idea or a bug.
#. Fork the `mbed TLS repository on GitHub <https://github.com/ARMmbed/mbedtls>`_
to start making your changes. As a general rule, you should use the
"development" branch as a basis.
#. Write a test which shows that the bug was fixed or that the feature works
as expected.
#. Send a pull request and bug us until it gets merged and published. We will
include your name in the ChangeLog :)

41
include/mbedtls/ssl.h
View file

@ -2026,6 +2026,26 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
*/
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Return the maximum fragment length (payload, in bytes).
* This is the value negotiated with peer if any,
* or the locally configured value.
*
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
* called with a larger length value.
* With TLS, \c mbedtls_ssl_write() will fragment the input if
* necessary and return the number of bytes written; it is up
* to the caller to call \c mbedtls_ssl_write() again in
* order to send the remaining bytes if any.
*
* \param ssl SSL context
*
* \return Current maximum fragment length.
*/
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
@ -2123,26 +2143,33 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
/**
* \brief Write exactly 'len' application data bytes
* \brief Try to write exactly 'len' application data bytes
*
* \warning This function will do partial writes in some cases. If the
* return value is non-negative but less than length, the
* function must be called again with updated arguments:
* buf + ret, len - ret (if ret is the return value) until
* it returns a value equal to the last 'len' argument.
*
* \param ssl SSL context
* \param buf buffer holding the data
* \param len how many bytes must be written
*
* \return the number of bytes written,
* or a negative error code.
* \return the number of bytes actually written (may be less than len),
* or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
* or another negative error code.
*
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE,
* \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments,
* until it returns a positive value.
*
* \note If the requested length is greater than the maximum
* fragment length (either the built-in limit or the one set
* or negotiated with the peer), then:
* - with TLS, less bytes than requested are written. (In
* order to write larger messages, this function should be
* called in a loop.)
* - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
* active maximum fragment length.
*/
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );

49
library/debug.c
View file

@ -42,6 +42,10 @@
#define mbedtls_snprintf snprintf
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
#define inline __inline
#endif
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;
@ -51,6 +55,27 @@ void mbedtls_debug_set_threshold( int threshold )
debug_threshold = threshold;
}
/*
* All calls to f_dbg must be made via this function
*/
static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *str )
{
/*
* If in a threaded environment, we need a thread identifier.
* Since there is no portable way to get one, use the address of the ssl
* context instead, as it shouldn't be shared between threads.
*/
#if defined(MBEDTLS_THREADING_C)
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
#else
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
#endif
}
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... )
@ -85,7 +110,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
str[ret + 1] = '\0';
}
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
}
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
@ -108,7 +133,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
text, ret, -ret );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
}
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
@ -125,7 +150,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@ -139,7 +164,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if( i > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@ -161,7 +186,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
}
}
@ -206,7 +231,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
@ -226,7 +251,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
if( j > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
idx = 0;
}
}
@ -243,7 +268,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
}
#endif /* MBEDTLS_BIGNUM_C */
@ -260,7 +285,7 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
if( mbedtls_pk_debug( pk, items ) != 0 )
{
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
debug_send_line( ssl, level, file, line,
"invalid PK context\n" );
return;
}
@ -281,7 +306,7 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
else
#endif
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
debug_send_line( ssl, level, file, line,
"should not happen\n" );
}
}
@ -304,7 +329,7 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
memcpy( str, start, len );
str[len] = '\0';
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
start = cur + 1;
}
@ -326,7 +351,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
char buf[1024];
mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
debug_send_line( ssl, level, file, line, str );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
debug_print_line_by_line( ssl, level, file, line, buf );

6
library/entropy_poll.c
View file

@ -139,7 +139,7 @@ int mbedtls_platform_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
FILE *file;
size_t ret;
size_t read_len;
((void) data);
#if defined(HAVE_GETRANDOM)
@ -164,8 +164,8 @@ int mbedtls_platform_entropy_poll( void *data,
if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
ret = fread( output, 1, len, file );
if( ret != len )
read_len = fread( output, 1, len, file );
if( read_len != len )
{
fclose( file );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );

4
library/md2.c
View file

@ -46,13 +46,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD2_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_MD2_ALT)
static const unsigned char PI_SUBST[256] =
{
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,

4
library/md4.c
View file

@ -46,13 +46,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD4_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_MD4_ALT)
/*
* 32-bit integer manipulation macros (little endian)
*/

4
library/md5.c
View file

@ -45,13 +45,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_MD5_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_MD5_ALT)
/*
* 32-bit integer manipulation macros (little endian)
*/

4
library/sha1.c
View file

@ -45,13 +45,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA1_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_SHA1_ALT)
/*
* 32-bit integer manipulation macros (big endian)
*/

4
library/sha256.c
View file

@ -45,13 +45,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA256_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_SHA256_ALT)
/*
* 32-bit integer manipulation macros (big endian)
*/

4
library/sha512.c
View file

@ -51,13 +51,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#if !defined(MBEDTLS_SHA512_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(MBEDTLS_SHA512_ALT)
/*
* 64-bit integer manipulation macros (big endian)
*/

22
library/ssl_cli.c
View file

@ -1747,6 +1747,12 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
unsigned char *p = ssl->handshake->premaster + pms_offset;
if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
/*
* Generate (part of) the pre-master as
* struct {
@ -2521,6 +2527,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
i = 4;
n = ssl->conf->psk_identity_len;
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
"SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );
@ -2549,6 +2563,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/
n = ssl->handshake->dhm_ctx.len;
if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
" or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );

73
library/ssl_tls.c
View file

@ -693,8 +693,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
}
else
{
int ret;
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
@ -1454,7 +1452,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
/*
* Generate IV
*/
int ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
ssl->transform_out->ivlen );
if( ret != 0 )
return( ret );
@ -3717,6 +3715,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
{
int ret;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
@ -5458,6 +5459,13 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Identity len will be encoded on two bytes */
if( ( psk_identity_len >> 16 ) != 0 ||
psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( conf->psk != NULL || conf->psk_identity != NULL )
{
mbedtls_free( conf->psk );
@ -5861,6 +5869,29 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
{
size_t max_len;
/*
* Assume mfl_code is correct since it was checked when set
*/
max_len = mfl_code_to_length[ssl->conf->mfl_code];
/*
* Check if a smaller max length was negotiated
*/
if( ssl->session_out != NULL &&
mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
{
max_len = mfl_code_to_length[ssl->session_out->mfl_code];
}
return max_len;
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
{
@ -5893,6 +5924,9 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl );
@ -5912,6 +5946,9 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
{
int ret = 0;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
@ -6007,6 +6044,9 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_SRV_C)
/* On server, just send the request */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
@ -6084,6 +6124,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
int ret, record_read = 0;
size_t n;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -6338,23 +6381,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
{
int ret;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int max_len;
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/*
* Assume mfl_code is correct since it was checked when set
*/
max_len = mfl_code_to_length[ssl->conf->mfl_code];
/*
* Check if a smaller max length was negotiated
*/
if( ssl->session_out != NULL &&
mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
{
max_len = mfl_code_to_length[ssl->session_out->mfl_code];
}
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
if( len > max_len )
{
@ -6443,6 +6470,9 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{
@ -6478,6 +6508,9 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
{
int ret;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
if( ssl->out_left != 0 )

73
library/x509_crt.c
View file

@ -2061,8 +2061,8 @@ static int x509_crt_verify_child(
*flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
#endif
/* Look for a grandparent upwards the chain */
for( grandparent = parent->next;
/* Look for a grandparent in trusted CAs */
for( grandparent = trust_ca;
grandparent != NULL;
grandparent = grandparent->next )
{
@ -2071,20 +2071,42 @@ static int x509_crt_verify_child(
break;
}
/* Is our parent part of the chain or at the top? */
if( grandparent != NULL )
{
ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, profile,
ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
/* Look for a grandparent upwards the chain */
for( grandparent = parent->next;
grandparent != NULL;
grandparent = grandparent->next )
{
if( x509_crt_check_parent( parent, grandparent,
0, path_cnt == 0 ) == 0 )
break;
}
/* Is our parent part of the chain or at the top? */
if( grandparent != NULL )
{
ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
profile, path_cnt + 1, &parent_flags,
f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
path_cnt + 1, &parent_flags,
f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
}
/* child is verified to be a child of the parent, call verify callback */
@ -2187,27 +2209,44 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
}
}
/* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next )
/* Look for a parent in trusted CAs */
for( parent = trust_ca; parent != NULL; parent = parent->next )
{
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
}
/* Are we part of the chain or at the top? */
if( parent != NULL )
{
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
pathlen, flags, f_vrfy, p_vrfy );
ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
/* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next )
{
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
}
/* Are we part of the chain or at the top? */
if( parent != NULL )
{
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
else
{
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
pathlen, flags, f_vrfy, p_vrfy );
if( ret != 0 )
return( ret );
}
}
if( *flags != 0 )

2
programs/pkey/dh_client.c
View file

@ -74,7 +74,7 @@ int main( void )
unsigned char *p, *end;
unsigned char buf[2048];
unsigned char hash[20];
unsigned char hash[32];
const char *pers = "dh_client";
mbedtls_entropy_context entropy;

2
programs/pkey/dh_server.c
View file

@ -73,7 +73,7 @@ int main( void )
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[2048];
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf2[2];
const char *pers = "dh_server";

7
programs/pkey/pk_decrypt.c
View file

@ -150,8 +150,11 @@ exit:
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
#if defined(_WIN32)

7
programs/pkey/pk_encrypt.c
View file

@ -150,8 +150,11 @@ exit:
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
#if defined(_WIN32)

11
programs/pkey/pk_sign.c
View file

@ -63,7 +63,7 @@ int main( int argc, char *argv[] )
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
@ -128,7 +128,7 @@ int main( int argc, char *argv[] )
}
/*
* Write the signature into <filename>-sig.txt
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
@ -155,8 +155,11 @@ exit:
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
#if defined(_WIN32)

17
programs/pkey/pk_verify.c
View file

@ -58,7 +58,7 @@ int main( int argc, char *argv[] )
int ret = 1;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
@ -85,7 +85,7 @@ int main( int argc, char *argv[] )
}
/*
* Extract the signature from the text file
* Extract the signature from the file
*/
ret = 1;
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
@ -102,8 +102,8 @@ int main( int argc, char *argv[] )
fclose( f );
/*
* Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the signature.
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout );
@ -123,7 +123,7 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0;
@ -131,8 +131,11 @@ exit:
mbedtls_pk_free( &pk );
#if defined(MBEDTLS_ERROR_C)
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
#if defined(_WIN32)

2
programs/pkey/rsa_genkey.c
View file

@ -45,7 +45,7 @@
#include <string.h>
#endif
#define KEY_SIZE 1024
#define KEY_SIZE 2048
#define EXPONENT 65537
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \

12
programs/pkey/rsa_sign.c
View file

@ -31,6 +31,7 @@
#include <stdio.h>
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -57,8 +58,9 @@ int main( int argc, char *argv[] )
int ret;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1;
@ -134,11 +136,11 @@ int main( int argc, char *argv[] )
}
/*
* Write the signature into <filename>-sig.txt
* Write the signature into <filename>.sig
*/
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
@ -151,7 +153,7 @@ int main( int argc, char *argv[] )
fclose( f );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", argv[1] );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:

4
programs/pkey/rsa_sign_pss.c
View file

@ -64,7 +64,7 @@ int main( int argc, char *argv[] )
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
const char *pers = "rsa_sign_pss";
@ -139,7 +139,7 @@ int main( int argc, char *argv[] )
}
/*
* Write the signature into <filename>-sig.txt
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );

20
programs/pkey/rsa_verify.c
View file

@ -30,6 +30,7 @@
#else
#include <stdio.h>
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
@ -56,8 +57,9 @@ int main( int argc, char *argv[] )
int ret, c;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
ret = 1;
if( argc != 2 )
@ -98,17 +100,15 @@ int main( int argc, char *argv[] )
* Extract the RSA signature from the text file
*/
ret = 1;
i = strlen( argv[1] );
memcpy( argv[1] + i, ".sig", 5 );
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", argv[1] );
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
argv[1][i] = '\0', i = 0;
i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;
@ -122,8 +122,8 @@ int main( int argc, char *argv[] )
}
/*
* Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
@ -143,7 +143,7 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0;

10
programs/pkey/rsa_verify_pss.c
View file

@ -62,7 +62,7 @@ int main( int argc, char *argv[] )
int ret = 1;
size_t i;
mbedtls_pk_context pk;
unsigned char hash[20];
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
@ -99,7 +99,7 @@ int main( int argc, char *argv[] )
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
/*
* Extract the RSA signature from the text file
* Extract the RSA signature from the file
*/
ret = 1;
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
@ -116,8 +116,8 @@ int main( int argc, char *argv[] )
fclose( f );
/*
* Compute the SHA-256 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
@ -137,7 +137,7 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_printf( "\n . OK (the decrypted SHA-256 hash matches)\n\n" );
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
ret = 0;

5
programs/ssl/ssl_client2.c
View file

@ -1239,6 +1239,11 @@ int main( int argc, char *argv[] )
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{

7
programs/ssl/ssl_server2.c
View file

@ -1924,7 +1924,7 @@ reset:
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
uint32_t flags = mbedtls_ssl_get_verify_result( &ssl );
flags = mbedtls_ssl_get_verify_result( &ssl );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
@ -1945,6 +1945,11 @@ reset:
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{

38
programs/test/benchmark.c
View file

@ -107,31 +107,31 @@ int main( void )
#define TIME_AND_TSC( TITLE, CODE ) \
do { \
unsigned long i, j, tsc; \
unsigned long ii, jj, tsc; \
\
mbedtls_printf( HEADER_FORMAT, TITLE ); \
mbedtls_printf( HEADER_FORMAT, TITLE ); \
fflush( stdout ); \
\
mbedtls_set_alarm( 1 ); \
for( i = 1; ! mbedtls_timing_alarmed; i++ ) \
mbedtls_set_alarm( 1 ); \
for( ii = 1; ! mbedtls_timing_alarmed; ii++ ) \
{ \
CODE; \
} \
\
tsc = mbedtls_timing_hardclock(); \
for( j = 0; j < 1024; j++ ) \
tsc = mbedtls_timing_hardclock(); \
for( jj = 0; jj < 1024; jj++ ) \
{ \
CODE; \
} \
\
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
i * BUFSIZE / 1024, \
( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
ii * BUFSIZE / 1024, \
( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
} while( 0 )
#if defined(MBEDTLS_ERROR_C)
#define PRINT_ERROR \
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
mbedtls_strerror( ret, ( char * )tmp, sizeof( tmp ) ); \
mbedtls_printf( "FAILED: %s\n", tmp );
#else
#define PRINT_ERROR \
@ -143,12 +143,12 @@ do { \
#define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
mbedtls_memory_buffer_alloc_cur_get( &prv_used, &prv_blocks ); \
mbedtls_memory_buffer_alloc_max_reset( );
#define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( i = 12 - title_len; i != 0; i-- ) mbedtls_printf( " " ); \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( ii = 12 - title_len; ii != 0; ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \
max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
@ -161,16 +161,16 @@ do { \
#define TIME_PUBLIC( TITLE, TYPE, CODE ) \
do { \
unsigned long i; \
unsigned long ii; \
int ret; \
MEMORY_MEASURE_INIT; \
\
mbedtls_printf( HEADER_FORMAT, TITLE ); \
mbedtls_printf( HEADER_FORMAT, TITLE ); \
fflush( stdout ); \
mbedtls_set_alarm( 3 ); \
mbedtls_set_alarm( 3 ); \
\
ret = 0; \
for( i = 1; ! mbedtls_timing_alarmed && ! ret ; i++ ) \
for( ii = 1; ! mbedtls_timing_alarmed && ! ret ; ii++ ) \
{ \
CODE; \
} \
@ -181,9 +181,9 @@ do { \
} \
else \
{ \
mbedtls_printf( "%6lu " TYPE "/s", i / 3 ); \
mbedtls_printf( "%6lu " TYPE "/s", ii / 3 ); \
MEMORY_MEASURE_PRINT( sizeof( TYPE ) + 1 ); \
mbedtls_printf( "\n" ); \
mbedtls_printf( "\n" ); \
} \
} while( 0 )

2
programs/test/udp_proxy.c
View file

@ -388,7 +388,7 @@ void update_dropped( const packet *p )
while( cur < end )
{
size_t len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
len = ( ( cur[11] << 8 ) | cur[12] ) + 13;
id = len % sizeof( dropped );
++dropped[id];

13
tests/data_files/Readme-x509.txt
View file

@ -17,6 +17,9 @@ Two intermediate CAs are signed by them:
- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
uses an EC key with NIST P-256, signed by test-ca
A third intermediate CA is signed by test-int-ca2.crt:
- test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3"
Finally, other CAs for specific purposes:
- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
@ -35,11 +38,12 @@ Short information fields:
2 -> test-ca2.crt
I1 -> test-int-ca.crt
I2 -> test-int-ca2.crt
I3 -> test-int-ca3.crt
O -> other
- key type: R -> RSA, E -> EC
- C -> there is a CRL revoking this cert (see below)
- L -> CN=localhost (useful for local test servers)
- P1, P2 if the file include parent (resp. parent + grandparent)
- P1, P2 if the file includes parent (resp. parent + grandparent)
- free-form comments
List of certificates:
@ -50,8 +54,9 @@ List of certificates:
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
- cli2.crt: 2 E: basic
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
- server1*.crt: 1* R C*: misc *(server1-v1 see test-ca-v1.crt above)
- server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above)
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
P1 only for _ca.crt
- server2-v1*.crt: O R: see test-ca-v1.crt above
- server2*.crt: 1 R L: misc
- server3.crt: 1 E L: EC cert signed by RSA CA
@ -62,11 +67,13 @@ List of certificates:
-ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
- server6.crt, server6.pem: 2 E L C: revoked
- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *(except 7.crt)
- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC
*P1 except 7.crt, P2 _int-ca_ca2.crt
*_space: with PEM error(s)
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
*CRL for: 9.crt, -badsign, -with-ca (P1)
- server10*.crt: I3 E L P2/P3
Certificate revocation lists
----------------------------

5
tests/data_files/server10.key Normal file
View file

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILBDMs7bRVxVg6ovTpf2zB9m+22jY7R3LNKRvCPfa6YJoAoGCCqGSM49
AwEHoUQDQgAEHG336dql6qGcsnIZqAkcc63eFbvepuOzTwXobRAuOmk3l4A5wXX/
vs5wAawLX1wUTUM/AESHmAZrJK9tq5So8g==
-----END EC PRIVATE KEY-----

80
tests/data_files/server10_int3_int-ca2.crt Normal file
View file

@ -0,0 +1,80 @@
-----BEGIN CERTIFICATE-----
MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG
A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw
CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+
CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf
VgHKgSyHidpZAJpaRi4IkY504CY/Yg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
pz590JvGWfM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE-----

160
tests/data_files/server10_int3_int-ca2_ca.crt Normal file
View file

@ -0,0 +1,160 @@
-----BEGIN CERTIFICATE-----
MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBwjCCAUegAwIBAgIBSTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTEzNDIxOFoXDTI1MDgyOTEzNDIxOFowSjELMAkG
A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
2J/utoHyjUtVpQOzdTrbsaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCB4Aw
CgYIKoZIzj0EAwIDaQAwZgIxAJ9RX38bht+RNsQI2GUpNhC/Y+Tb1OU74O4iEa6+
CkjBWTpLtHRKVdZq7ST0wk1LsQIxAIUi8L1Vx4DuUP0bJxIX/nuJqlBnBG+qRhSf
VgHKgSyHidpZAJpaRi4IkY504CY/Yg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
AzO3pJx7WJAApZuBX1Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
pz590JvGWfM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 12 14:44:00 2011 GMT
Not After : Feb 12 14:44:00 2021 GMT
Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
a2:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
serial:00
Signature Algorithm: sha1WithRSAEncryption
b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
f7:e0:e9:54
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
-----END CERTIFICATE-----

41
tests/data_files/server1_ca.crt Normal file
View file

@ -0,0 +1,41 @@
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj
NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0
jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp
E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6
A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU
/WzRyYRBRjAI49mzHX6raleqnw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
-----END CERTIFICATE-----

62
tests/data_files/server7_int-ca_ca2.crt Normal file
View file

@ -0,0 +1,62 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
a8Si6UK5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
Af5cNR8KhzegznL6amRObGGKmX1F
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
-----END CERTIFICATE-----

12
tests/data_files/test-int-ca3.crt Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
pz590JvGWfM=
-----END CERTIFICATE-----

8
tests/data_files/test-int-ca3.key Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIC9zTt8jgjBlbq+qCsGj6uclaKLYBqxYSmUiuBdM1KG9oAoGCCqGSM49
AwEHoUQDQgAE732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9h
hP7X/5js/DX92J/utoHyjUtVpQOzdTrbsQ==
-----END EC PRIVATE KEY-----

13
tests/ssl-opt.sh
View file

@ -1085,6 +1085,8 @@ run_test "Max fragment length: not used, reference" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
-c "Maximum fragment length is 16384" \
-s "Maximum fragment length is 16384" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@ -1094,6 +1096,8 @@ run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum fragment length is 4096" \
-s "Maximum fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@ -1103,6 +1107,8 @@ run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
-c "Maximum fragment length is 16384" \
-s "Maximum fragment length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@ -1113,6 +1119,7 @@ run_test "Max fragment length: gnutls server" \
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
@ -1120,6 +1127,8 @@ run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
-c "Maximum fragment length is 2048" \
-s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@ -1131,6 +1140,8 @@ run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
-c "Maximum fragment length is 2048" \
-s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@ -1143,6 +1154,8 @@ run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
-c "Maximum fragment length is 2048" \
-s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \

5
tests/suites/test_suite_debug.function
View file

@ -25,6 +25,11 @@ void string_debug(void *data, int level, const char *file, int line, const char
*p++ = ':';
*p++ = ' ';
#if defined(MBEDTLS_THREADING_C)
/* Skip "thread ID" (up to the first space) as it is not predictable */
while( *str++ != ' ' );
#endif
memcpy( p, str, strlen( str ) );
p += strlen( str );

48
tests/suites/test_suite_x509parse.data
View file

@ -699,6 +699,54 @@ X509 Certificate verification #81 (multiple CRLs, none relevant)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_KEY:"NULL"
X509 Certificate verification callback: trusted EE cert
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"
X509 Certificate verification callback: simple
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
X509 Certificate verification callback: two trusted roots
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat12.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
X509 Certificate verification callback: two trusted roots, reversed order
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server1.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
X509 Certificate verification callback: root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify_callback:"data_files/server1_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 1 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1\n"
X509 Certificate verification callback: intermediate ca
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7_int-ca.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
X509 Certificate verification callback: intermediate ca, root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-ca_cat12.crt":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
X509 Certificate verification callback: intermediate ca trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7_int-ca_ca2.crt":"data_files/test-int-ca.crt":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost\n"
X509 Certificate verification callback: two intermediates
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
X509 Certificate verification callback: two intermediates, root included
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca_cat21.crt":0:"depth 3 - serial 00 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
X509 Certificate verification callback: two intermediates, top int trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
X509 Certificate verification callback: two intermediates, low int trusted
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-int-ca3.crt":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3\ndepth 0 - serial 4B - subject CN=localhost\n"
X509 Parse Selftest
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C
x509_selftest:

69
tests/suites/test_suite_x509parse.function
View file

@ -26,6 +26,46 @@ int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32
return 0;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct {
char buf[512];
char *p;
} verify_print_context;
void verify_print_init( verify_print_context *ctx )
{
memset( ctx, 0, sizeof( verify_print_context ) );
ctx->p = ctx->buf;
}
int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int ret;
verify_print_context *ctx = (verify_print_context *) data;
char *p = ctx->p;
size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
((void) flags);
ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " - subject " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n" );
MBEDTLS_X509_SAFE_SNPRINTF;
ctx->p = p;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -163,6 +203,35 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_callback( char *crt_file, char *ca_file,
int exp_ret, char *exp_vrfy_out )
{
int ret;
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
uint32_t flags = 0;
verify_print_context vrfy_ctx;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
verify_print_init( &vrfy_ctx );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
{

2
yotta/data/module.json
View file

@ -1,6 +1,6 @@
{
"name": "mbedtls",
"version": "2.0.6",
"version": "2.0.7",
"description": "The mbed TLS crypto/SSL/TLS library",
"private": true,
"licenses": [